Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

Deploy metrics-server

K8s를 기본으로 설치하면, 각 node나 pod의 CPU, Memory와 같은 기본적인 지표가 보여지지 않는다.

따라서, 다음과 같이 metrics-server를 설치 한다.
그러고 나면, metrics-server pod는 master node 포함하여 각 worker node의 Kubelet API를 통해 관련 metrics를 수집한다.

Dashboard와 마찬가지로 metrics-server podmaster node에 상주 해야 한다.

master nodepod worker node routing: (O)
worker nodepod master node routing: (X)

$ wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml && mv components.yaml metrics-server.yaml

# Dashboard와 마찬가지로 metrics-server pod는 master node에 상주해야 한다. 
# 따라서, metrics-server.yaml의 Deployment object 명세에 아래 내용을 추가한다.
$ vim metrics-server.yaml
...
---
apiVersion: apps/v1
kind: Deployment
...
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: "amd64"
        kubernetes.io/hostname: k8s-01
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
...

$ kubectl apply -f metrics-server.yaml
...
$ kubectl get pod -n kube-system metrics-server-77ffddc74-7z7j4 -o wide
NAME                             READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
metrics-server-77ffddc74-7z7j4   1/1     Running   0          15m   10.244.0.6   k8s-01   <none>           <none>

Troubleshoot

가끔 pod내에서 node로의 routing이 꼬여있는 버그가 있을 수 있는데, 이런 경우 아래와 같은 에러가 발생할 수 있다.

# Label k8s-app: metrics-server인 pod의 로그를 확인하는 명령어.
$ kubectl logs --tail=20 -n kube-system -l k8s-app=metrics-server
...
E0811 02:12:20.843207       1 manager.go:111] unable to fully collect metrics: unable to fully scrape metrics from source kubelet_summary:k8s-02: unable to fetch metrics from Kubelet k8s-02 (10.0.2.6): Get https://10.0.2.6:10250/stats/summary?only_cpu_and_memory=true: dial tcp 10.0.2.6:10250: connect: no route to host
E0811 02:13:16.345348       1 reststorage.go:135] unable to fetch node metrics for node "k8s-02": no metrics known for node
E0811 02:13:16.352394       1 reststorage.go:160] unable to fetch pod metrics for pod kube-system/netbox-86cdd5bdc6-jsbhn: no metrics known for pod
E0811 02:13:16.352406       1 reststorage.go:160] unable to fetch pod metrics for pod kube-system/kube-proxy-cmp85: no metrics known for pod
E0811 02:13:16.352411       1 reststorage.go:160] unable to fetch pod metrics for pod kube-system/kube-flannel-ds-amd64-5nktb: no metrics known for pod
E0811 05:23:16.347050       1 reststorage.go:160] unable to fetch pod metrics for pod kube-system/netbox-z6nbz: no metrics known for pod

이런 경우는 metrics-server에서 k8s-02 node로 routing이 꼬여있기 때문이다.
여기서 꼬여있다는 표현은 iptables 상의 routing 설정은 문제가 없어 보인다는 말이다.

보통 일반적인 container의 경우 bash로 container내부에 접속한다 하더라도, networking 관련하여 확인할 수 있는 util이 포함되어 있지 않은 경우가 대부분이다.(ping도 없는 경우가 많다.)

해서, 아래와 같이 netbox라고 하는 k8s DaemonSet을 배포하면 위의 curl -k -X Get https://10.0.2.6:10250/stats/summary?only_cpu_and_memory=true 쿼리가 잘 되는지 등, 갖가지 tool로 확인이 용이하다.(이 밖에도 tcpdump가 포함된 container등 문제 해결을 위한 container가 많이 존재한다.)

# 편의상, metrics-server와 같은 namespace 및 serviceAccount로 지정하였다.
# 이렇게 하면, metrics-server가 사용하는 role 및 token을 사용할 수 있다.
$ vim netbox.yaml 
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: netbox
  name: netbox
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: netbox
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: netbox
    spec:
      serviceAccountName: metrics-server
      serviceAccount: metrics-server
      containers:
      - image: quay.io/gravitational/netbox:latest
        imagePullPolicy: Always
        name: netbox
      securityContext:
        runAsUser: 0
      terminationGracePeriodSeconds: 30      
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

$ kubectl apply -f netbox.yaml
$ kubectl get pods -A -owide
NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE     IP            NODE     NOMINATED NODE   READINESS GATES
...
kube-system            netbox-kvlsf                                 1/1     Running   0          3m16s   10.244.0.21   k8s-01   <none>           <none>
kube-system            netbox-svqdr                                 1/1     Running   0          3m16s   10.244.1.40   k8s-02   <none>           <none>
...

# netbox-kvlsf 내부 진입.
$ kubectl exec -n kube-system -it netbox-kvlsf -- /bin/bash

# netbox-kvlsf 내부
# metrics-server가 사용하는 token이 아래 경로에 마운트되어 있을 것이다.
$ cat /run/secrets/kubernetes.io/serviceaccount/token 
eyJhbGciOiJSUzI1NiIsImtpZCI6IjNqSm8xaXJ0MDZsaGxjdzVndWozY1A5VXBGbTdwX3VDUzBpd0J2a3ItR0EifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJtZXRyaWNzLXNlcnZlci10b2tlbi01bTdtdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJtZXRyaWNzLXNlcnZlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI4NGZjMmRjLTQ1MDItNGJhNi1iNWE5LWEwMjA0NmVhOTdjNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTptZXRyaWNzLXNlcnZlciJ9.LPzyvfQiT294NE-53AaVDkR9SV-AKJhs62g0LAX3iril2H3wvqfF2w6h0vz5SpZhVSLC9rKEHClbDSF1w88rdGr6bn3R4dlmogzb6nw2N1dcCHR8LnDlA2AbZsSBYAYrIWpYIV1mxu4r60HFPoGE3JbpnRxKeC3KKXEfhnOILDulox_xNyvLd46_T4wZqglwqJvo-Ogkl8GBlw8-kRr04_TXB1hrTuDCGfRnNpb7RGcBVHlsIq_qZFXMsWEGp_pGf24_nYQ5w-dOWlKPMeoZ44BfVS_mas6ZFdraFoiCdPXlNC3GeeN0t1n4fbix1VTxxJtsLCcwcY8aG3THCC0PHw

$ curl -k https://10.0.2.5:10250/stats/summary?only_cpu_and_memory=true -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjNqSm8xaXJ0MDZsaGxjdzVndWozY1A5VXBGbTdwX3VDUzBpd0J2a3ItR0EifQ.eyJpc3MiOiJdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJtZXRyaWNzLXNlcnZlci10b2tlbi01bTdtdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJtZXRyaWNzLXNlcnZlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI4NGZjMmRjLTQ1MDItNGJhNi1iNWE5LWEwMjA0NmVhOTdjNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTptZXRyaWNzLXNlcnZlciJ9.LPzyvfQiT294NE-53AaVDkR9SV-AKJhs62g0LAX3iril2H3wvqfF2w6h0vz5SpZhVSLC9rKEHClbDSF1w88rdGr6bn3R4dlmogzb6nw2N1dcCHR8LnDlA2AbZsSBYAYrIWpYIV1mxu4r60HFPoGE3JbpnRxKeC3KKXEfhnOILDulox_xNyvLd46_T4wZqglwqJvo-Ogkl8GBlw8-kRr04_TXB1hrTuDCGfRnNpb7RGcBVHlsIq_qZFXMsWEGp_pGf24_nYQ5w-dOWlKPMeoZ44BfVS_mas6ZFdraFoiCdPXlNC3GeeN0t1n4fbix1VTxxJtsLCcwcY8aG3THCC0PHw'
{
 "node": {
  "nodeName": "k8s-01",
  "systemContainers": [
   {
    "name": "pods",
    "startTime": "2020-08-06T23:38:19Z",
    "cpu": {
     "time": "2020-08-11T06:07:17Z",
     "usageNanoCores": 66319281,
     "usageCoreNanoSeconds": 34786278186285
    },
    "memory": {
     "time": "2020-08-11T06:07:17Z",
     "availableBytes": 3032084480,
...
# 이렇게 출력되면 정상이다.

이 경우는 netbox만 배포해도 routing이 정상적으로 되는 것을 확인하였다.
(물론 netbox를 다시 지워도 무방함.)

아래 그림과 같이 모든 nodepod들의 cpu, memory 그래프가 출력되면 정상이다.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.