本文共 5247 字，大约阅读时间需要 17 分钟。

架构和组件

组件功能

• cAdvisor：容器数据收集。
• Heapster：集群监控数据收集，汇总所有节点监控数据。
• InfluxDB：时序数据库，存储监控数据。
• Grafana：可视化展示。

架构图

工作流程

cAdvisor负责收集节点的状态信息，然后Heapster会通过kubelet向每一个节点请求cAdvisor收集的信息，并将信息存储在InfluxDB中，Grafana通过InfluxDB中的信息进行前端的展示。

部署

cAdvisor

cAdvisor默认是安装的，可以通过浏览器访问节点的4194端口进行测试。

cAdvisor会收集当前节点的信息和容器的信息，主要会收集网络和磁盘IO，文件系统大小、内存使用情况等。

但是，cAdvisor只会收集实时的数据，并不会做持久化存储

InfluxDB

# cat influxdb.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: monitoring-influxdb  namespace: kube-systemspec:  replicas: 1  template:    metadata:      labels:        task: monitoring        k8s-app: influxdb    spec:      containers:      - name: influxdb        image: registry.cn-hangzhou.aliyuncs.com/google-containers/heapster-influxdb-amd64:v1.1.1        volumeMounts:        - mountPath: /data          name: influxdb-storage      volumes:      - name: influxdb-storage        emptyDir: {}---apiVersion: v1kind: Servicemetadata:  labels:    task: monitoring    # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)    # If you are NOT using this as an addon, you should comment out this line.    kubernetes.io/cluster-service: 'true'    kubernetes.io/name: monitoring-influxdb  name: monitoring-influxdb  namespace: kube-systemspec:  ports:  - port: 8086    targetPort: 8086  selector:    k8s-app: influxdb

创建pod和service：

kubectl create -f influxdb.yaml

查看创建情况：

Heapster

# cat heapster.yamlapiVersion: v1kind: ServiceAccountmetadata:  name: heapster  namespace: kube-system---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: heapstersubjects:  - kind: ServiceAccount    name: heapster    namespace: kube-systemroleRef:  kind: ClusterRole  name: cluster-admin  apiGroup: rbac.authorization.k8s.io---apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: heapster  namespace: kube-systemspec:  replicas: 1  template:    metadata:      labels:        task: monitoring        k8s-app: heapster    spec:      serviceAccountName: heapster      containers:      - name: heapster        image: registry.cn-hangzhou.aliyuncs.com/google-containers/heapster-amd64:v1.4.2        imagePullPolicy: IfNotPresent        command:        - /heapster        - --source=kubernetes:https://kubernetes.default        - --sink=influxdb:http://monitoring-influxdb:8086---apiVersion: v1kind: Servicemetadata:  labels:    task: monitoring    # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)    # If you are NOT using this as an addon, you should comment out this line.    kubernetes.io/cluster-service: 'true'    kubernetes.io/name: Heapster  name: heapster  namespace: kube-systemspec:  ports:  - port: 80    targetPort: 8082  selector:    k8s-app: heapster

创建pod和svc：

kubectl create -f heapster.yaml

查看创建情况：

Grafana

# cat grafana.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: monitoring-grafana  namespace: kube-systemspec:  replicas: 1  template:    metadata:      labels:        task: monitoring        k8s-app: grafana    spec:      containers:      - name: grafana        image: registry.cn-hangzhou.aliyuncs.com/google-containers/heapster-grafana-amd64:v4.4.1        ports:          - containerPort: 3000            protocol: TCP        volumeMounts:        - mountPath: /var          name: grafana-storage        env:        - name: INFLUXDB_HOST          value: monitoring-influxdb        - name: GRAFANA_PORT          value: "3000"          # The following env variables are required to make Grafana accessible via          # the kubernetes api-server proxy. On production clusters, we recommend          # removing these env variables, setup auth for grafana, and expose the grafana          # service using a LoadBalancer or a public IP.        - name: GF_AUTH_BASIC_ENABLED          value: "false"        - name: GF_AUTH_ANONYMOUS_ENABLED          value: "true"        - name: GF_AUTH_ANONYMOUS_ORG_ROLE          value: Admin        - name: GF_SERVER_ROOT_URL          # If you're only using the API Server proxy, set this value instead:          value: /api/v1/proxy/namespaces/kube-system/services/monitoring-grafana/          #value: /      volumes:      - name: grafana-storage        emptyDir: {}---apiVersion: v1kind: Servicemetadata:  labels:    # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)    # If you are NOT using this as an addon, you should comment out this line.    kubernetes.io/cluster-service: 'true'    kubernetes.io/name: monitoring-grafana  name: monitoring-grafana  namespace: kube-systemspec:  # In a production setup, we recommend accessing Grafana through an external Loadbalancer  # or through a public IP.  # type: LoadBalancer  type: NodePort  ports:  - port : 80    targetPort: 3000  selector:    k8s-app: grafana

创建svc和pod：

kubectl create -f grafana.yaml

查看创建状态：

访问测试

想要访问grafana有两种方式：第一种是通过apiserver的非安全端口进行访问，第二种是通过proxy代理的端口访问

通过apiserver的非安全端口访问

apiserver的非安全端口就是在配置文件中定义的insecure：

首先修改一下这个地址：

# vim /opt/kubernetes/cfg/kube-apiserver--insecure-bind-address=10.10.99.225

重启apiserver：

systemctl restart kube-apiserver.service

通过浏览器访问：

http://10.10.99.225:8080/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana/