Skip to content

Commit

Permalink
新增metrics-server、cluster-addon文档及相关文档更新
Browse files Browse the repository at this point in the history
  • Loading branch information
gjmzj committed Jun 19, 2018
1 parent 6f20147 commit 7d66f66
Show file tree
Hide file tree
Showing 11 changed files with 85 additions and 18 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
<td><a href="docs/01-创建CA证书和环境配置.md">01-创建证书和安装准备</a></td>
<td><a href="docs/03-安装docker服务.md">03-安装docker服务</a></td>
<td><a href="docs/05-安装kube-node节点.md">05-安装node节点</a></td>
<td></td>
<td><a href="docs/07-安装集群插件.md">07-安装集群插件</a></td>
</tr>
</table>

Expand Down
3 changes: 2 additions & 1 deletion docs/00-集群规划和基础参数设定.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
+ lb节点--------x2 : 负载均衡节点两个,安装 haproxy+keepalived
+ node节点------x3 : 真正应用负载的节点,根据需要增加机器配置和节点数

请注意对于多节点集群,请确保各节点时区设置一致,并使用ntp服务器同步各节点时间。
**请注意对于多节点集群,请确保各节点时区设置一致,并使用ntp服务器同步各节点时间。**

生产环境使用建议一个节点只是一个角色,这里演示环境将节点绑定多个角色。项目预定义了3个例子,请修改后完成适合你的集群规划。

Expand Down Expand Up @@ -145,6 +145,7 @@ ansible-playbook 03.docker.yml
ansible-playbook 04.kube-master.yml
ansible-playbook 05.kube-node.yml
ansible-playbook 06.network.yml
ansible-playbook 07.cluster-addon.yml
# 一步安装
ansible-playbook 90.setup.yml
```
Expand Down
2 changes: 1 addition & 1 deletion docs/06.calico.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

推荐阅读[calico kubernetes guide](https://docs.projectcalico.org/v3.0/getting-started/kubernetes/)

本项目提供多种网络插件可选,如果需要安装calico,请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="kube-router"`
本项目提供多种网络插件可选,如果需要安装calico,请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="calico"`,更多的calico设置在`roles/calico/defaults/main.yml`文件定义。

- calico-node需要在所有master节点和node节点安装

Expand Down
2 changes: 1 addition & 1 deletion docs/06.flannel.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## 06-安装flannel网络组件.md

本项目提供多种网络插件可选,如果需要安装flannel,请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="flannel"`
本项目提供多种网络插件可选,如果需要安装flannel,请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="flannel"`,更多设置请查看`roles/flannel/defaults/main.yml`

`Flannel`是最早应用到k8s集群的网络插件之一,简单高效,且提供多个后端`backend`模式供选择;本文介绍以`DaemonSet Pod`方式集成到k8s集群,需要在所有master节点和node节点安装。

Expand Down
2 changes: 1 addition & 1 deletion docs/06.kube-router.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ kube-router是一个简单、高效的网络插件,它提供一揽子解决方

## 配置

本项目提供多种网络插件可选,如果需要安装kube-router,请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="kube-router"`
本项目提供多种网络插件可选,如果需要安装kube-router,请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="kube-router"`,更多设置请查看`roles/kube-router/defaults/main.yml`

- kube-router需要在所有master节点和node节点安装

Expand Down
11 changes: 11 additions & 0 deletions docs/07-安装集群插件.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# 安装集群主要插件

目前挑选一些常用、必要的插件自动集成到安装脚本之中:
- [配置开关](../roles/cluster-addon/defaults/main.yml)
- [自动脚本](../roles/cluster-addon/tasks/main.yml)

## 脚本介绍

- 1.根据hosts文件中配置的`CLUSTER_DNS_SVC_IP` `CLUSTER_DNS_DOMAIN`等参数生成kubedns.yaml和coredns.yaml文件
- 2.注册变量pod_info,pod_info用来判断现有集群是否已经运行各种插件
- 3.根据pod_info和[配置开关](../roles/cluster-addon/defaults/main.yml)逐个进行/跳过插件安装
52 changes: 52 additions & 0 deletions docs/guide/metrics-server.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Metrics Server

从 v1.8 开始,资源使用情况的度量(如容器的 CPU 和内存使用)可以通过 Metrics API 获取;前提是集群中要部署 Metrics Server,它从Kubelet 公开的Summary API采集指标信息,关于更多的背景介绍请参考如下文档:
- Metrics Server[设计提案](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/metrics-server.md)

大致是说它符合k8s的监控架构设计,受heapster项目启发,并且比heapster优势在于:访问不需要apiserver的代理机制,提供认证和授权等;很多集群内组件依赖它(HPA,scheduler,kubectl top),因此它应该在集群中默认运行;部分k8s集群的安装工具已经默认集成了Metrics Server的安装,以下概述下它的安装:

- 1.metric-server是扩展的apiserver,依赖于[kube-aggregator](https://github.com/kubernetes/kube-aggregator),因此需要在apiserver中开启相关参数。
- 2.需要在集群中运行deploy处理请求

从kubeasz 1.0.1 开始,metrics-server已经默认集成在集群安装脚本中,请查看`roles/cluster-addon/defaults/main.yml`中的设置

## 安装

默认已集成在90.setup.yml中,如果分步请执行`ansible-play /etc/ansible/07.cluster-addon.yml`

- 1.设置apiserver相关[参数](../../roles/kube-master/templates/kube-apiserver.service.j2)
``` bash
... # 省略
--requestheader-client-ca-file={{ ca_dir }}/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file={{ ca_dir }}/aggregator-proxy.pem \
--proxy-client-key-file={{ ca_dir }}/aggregator-proxy-key.pem \
--enable-aggregator-routing=true \
```
- 2.生成[aggregator proxy相关证书](../../roles/kube-master/tasks/main.yml)

参考1:https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/
参考2:https://kubernetes.io/docs/tasks/access-kubernetes-api/setup-extension-api-server/

## 验证

- 查看生成的新api:v1beta1.metrics.k8s.io
``` bash
$ kubectl get apiservice|grep metrics
v1beta1.metrics.k8s.io 1d
```

- 查看kubectl top命令(无需额外安装heapster)
``` bash
$ kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
192.168.1.1 116m 2% 2342Mi 60%
192.168.1.2 79m 1% 1824Mi 47%
192.168.1.3 82m 2% 1897Mi 49%
$ kubectl top pod --all-namespaces # 输出略
```

- 验证基于metrics-server实现的基础hpa自动缩放,请参考[hpa.md](hpa.md)
2 changes: 1 addition & 1 deletion docs/mixes/TodoList.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
<tr>
<td>基础服务</td>
<td>metrics server</td>
<td>进行中</td>
<td>已完成</td>
</tr>
<tr>
<td>集群部署</td>
Expand Down
15 changes: 7 additions & 8 deletions docs/quickStart.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,11 @@ ansible-playbook 03.docker.yml
ansible-playbook 04.kube-master.yml
ansible-playbook 05.kube-node.yml
ansible-playbook 06.network.yml
ansible-playbook 07.cluster-addon.yml
# 一步安装
#ansible-playbook 90.setup.yml
```
如果执行成功,k8s集群就安装好了。详细分步讲解请查看项目目录 `/docs` 下相关文档
如果执行成功,k8s集群就安装好了。详细分步讲解请查看项目目录 `docs` 下相关文档
+ [可选]对节点进行操作系统层面的安全加固 `ansible-playbook roles/os-harden/os-harden.yml`,详情请参考[os-harden项目](https://github.com/dev-sec/ansible-os-hardening)
Expand All @@ -101,17 +102,15 @@ kubectl version
kubectl get componentstatus # 可以看到scheduler/controller-manager/etcd等组件 Healthy
kubectl cluster-info # 可以看到kubernetes master(apiserver)组件 running
kubectl get node # 可以看到单 node Ready状态
kubectl get pod --all-namespaces # 可以查看所有集群pod状态
kubectl get pod --all-namespaces # 可以查看所有集群pod状态,默认已安装网络插件、coredns、metrics-server等
kubectl get svc --all-namespaces # 可以查看所有集群服务状态
```
### 6.安装主要组件
``` bash
# 安装kubedns
kubectl create -f /etc/ansible/manifests/kubedns
# 安装heapster
kubectl create -f /etc/ansible/manifests/heapster
# 安装dashboard
kubectl create -f /etc/ansible/manifests/dashboard
# 安装kubedns,默认已集成安装
#kubectl create -f /etc/ansible/manifests/kubedns
# 安装dashboard,默认已集成安装
#kubectl create -f /etc/ansible/manifests/dashboard
```
+ 登陆 `dashboard`可以查看和管理集群,更多内容请查阅[dashboard文档](guide/dashboard.md)
Expand Down
8 changes: 4 additions & 4 deletions roles/cluster-addon/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ metricsserver_install: "yes"
dashboard_install: "yes"

# ingress 自动安装
ingress_install: "no"
ingress_backend: "traefik"
#ingress_install: "no"
#ingress_backend: "traefik"

# heapster 自动安装
heapster_install: "no"

# efk 自动安装
efk_install: "no"
#efk_install: "no"

# prometheus 自动安装
prometheus_install: "no"
#prometheus_install: "no"
4 changes: 4 additions & 0 deletions roles/cluster-addon/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,20 @@
- name: 创建 {{ dns_backend }}部署
shell: "sleep 5; {{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/{{ dns_backend }}"
when: 'dns_backend not in pod_info.stdout and dns_install == "yes"'
ignore_errors: true

- name: 创建 metrics-server部署
shell: "sleep 5; {{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/metrics-server"
when: '"metrics-server" not in pod_info.stdout and metricsserver_install == "yes"'
ignore_errors: true

- name: 创建 dashboard部署
shell: "sleep 5; {{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/dashboard"
when: '"kubernetes-dashboard" not in pod_info.stdout and dashboard_install == "yes"'
ignore_errors: true

- name: 创建 heapster部署
shell: "sleep 5; {{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/heapster"
when: '"heapster" not in pod_info.stdout and heapster_install == "yes"'
ignore_errors: true

0 comments on commit 7d66f66

Please sign in to comment.