Implantar softwares no cluster Kubernetes é apenas o inicio da operação de uma aplicação. Os Desenvolvedores precisam entender os padrões de consumo de recurso e comportamento de suas aplicações com objetivo de fornecer serviços escaláveis e confiáveis.
No mundo Kubernetes, ferramentas de monitoramento como Prometheus e Datadog ajudam na coleta, processamento e visualização das informações. O exame CKAD não espera que você esteja familiarizado com ferramentas comerciais de monitoramento, logging, tracing e agregação. No entanto, é útil obter uma compreensão aproximada da infraestrutura do Kubernetes responsável pela coleta de métricas de uso, como CPU de um container e uso de memória.
Esta responsabilidade cai nas mãos do metrics server, um agregador de dados de uso de recursos de todo o cluster. Veja sua documentação para obter mais informações sobre seu processo de instalação.
Inicialmente tentei instalar utilizando helm chart em um namespace específico mas ocorreram alguns erros de conexão e os Pods não foram iniciados com sucesso.
A segunda tentativa foi aplicando o manifesto YAML chamado components.yaml disponibilizado no GitHub do metrics server sem especificar o namespace.
Releases · kubernetes-sigs/metrics-server
Ocorreram alguns erros de conexão novamente. Encontrei uma issue no repositório GitHub do Kind com algumas opções que poderiam resolver e resolveram o problema.
Detalhes Sobre as Flags
--kubelet-insecure-tls to Metrics Server)hostNetwork is enabled) and ports 443 and 4443. Read more about control plane to node communication..status.addresses and port in .status.daemonEndpoints.kubeletEndpoint.port field (default 10250). Metrics Server will pick first node address based on the list provided by kubelet-preferred-address-types command line flag (default InternalIP,ExternalIP,Hostname in manifests).Recursos Criados no Manifesto Metrics Server
**$ kubectl get all -l k8s-app=metrics-server --all-namespaces**
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/metrics-server-955cb9c85-8zgtd 1/1 Running 0 13m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-system service/metrics-server ClusterIP 10.96.83.188 <none> 443/TCP 13m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/metrics-server 1/1 1 1 13m
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/metrics-server-955cb9c85 1 1 1 13m
**$ kubectl get serviceaccounts -l k8s-app=metrics-server --namespace kube-system**
NAME SECRETS AGE
metrics-server 1 19m
**$ kubectl get clusterroles -l k8s-app=metrics-server**
NAME CREATED AT
system:aggregated-metrics-reader 2022-05-02T12:04:51Z
system:metrics-server 2022-05-02T12:04:51Z
**$ kubectl get rolebindings -l k8s-app=metrics-server --all-namespaces**
NAMESPACE NAME ROLE AGE
kube-system metrics-server-auth-reader Role/extension-apiserver-authentication-reader 21m
**$ kubectl get ClusterRoleBinding -l k8s-app=metrics-server**
NAME ROLE AGE
metrics-server:system:auth-delegator ClusterRole/system:auth-delegator 22m
system:metrics-server ClusterRole/system:metrics-server 22m
Utilizando Comandos Habilitados pelo Metrics Server
**$ kubectl top nodes**
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
descomplicando-control-plane 244m 6% 903Mi 11%
descomplicando-worker 33m 0% 233Mi 2%
descomplicando-worker2 39m 0% 251Mi 3%
**$ kubectl top pods --all-namespaces**
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system coredns-558bd4d5db-5dx8d 5m 10Mi
kube-system coredns-558bd4d5db-l95cv 7m 10Mi
kube-system etcd-descomplicando-control-plane 33m 32Mi
kube-system kindnet-2fsv4 1m 7Mi
kube-system kindnet-78jzt 1m 8Mi
kube-system kindnet-kkwbw 1m 10Mi
kube-system kube-apiserver-descomplicando-control-plane 94m 305Mi
kube-system kube-controller-manager-descomplicando-control-plane 32m 57Mi
kube-system kube-proxy-n9f2q 1m 12Mi
kube-system kube-proxy-qhxb8 1m 11Mi
kube-system kube-proxy-t28kt 1m 13Mi
kube-system kube-scheduler-descomplicando-control-plane 5m 22Mi
kube-system metrics-server-7f6fdd8fc5-zt9xf 5m 14Mi
local-path-storage local-path-provisioner-547f784dff-sm6lq 3m 6Mi
Manifesto Metrics Server Completo e Ajustado
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
######################################################################################
##### <https://github.com/kubernetes-sigs/kind/issues/398#issuecomment-478311167> ######
################# DE ACORDO COM COMENTARIO NO GITHUB #################################
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
######################################################################################
image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100