follow-me-install-kubernetes-cluster
follow-me-install-kubernetes-cluster copied to clipboard
按照文档操作heapster无法获取接口信息
cat heapster-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: heapster namespace: kube-system
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: heapster namespace: kube-system spec: replicas: 1 template: metadata: labels: task: monitoring k8s-app: heapster spec: serviceAccountName: heapster containers: - name: heapster image: registry.cn-hangzhou.aliyuncs.com/k8s-kernelsky/heapster-amd64v1.5.3:v1.5.3 imagePullPolicy: IfNotPresent command: - /heapster - --source=kubernetes:https://kubernetes.default?kubeletHttps=true&kubeletPort=10250 - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086
apiVersion: v1 kind: Service metadata: labels: task: monitoring # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) # If you are NOT using this as an addon, you should comment out this line. kubernetes.io/cluster-service: 'true' kubernetes.io/name: Heapster name: heapster namespace: kube-system spec: ports:
- port: 80 targetPort: 8082 selector: k8s-app: heapster
[root@localhost rbac]# cat heapster-rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: heapster-kubelet-api roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:kubelet-api-admin subjects:
- kind: ServiceAccount name: heapster namespace: kube-system
报错如下: E0727 08:56:04.161131 1 reflector.go:190] k8s.io/heapster/metrics/heapster.go:328: Failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:kube-system:heapster" cannot list pods at the cluster scope manager.go:101] Error in scraping containers from kubelet:172.18.83.231:10250: failed to get all container stats from Kubelet URL "https://172.18.83.231:10250/stats/container/": Post https://172.18.83.231:10250/stats/container/: x509: cannot validate certificate for 172.18.83.231 because it doesn't contain any IP SANs
看起来像是证书出问题了
W0806 07:15:25.000760 1 manager.go:152] Failed to get all responses in time (got 0/2)
E0806 07:16:05.022480 1 manager.go:101] Error in scraping containers from kubelet:192.168.57.111:10250: failed to get all container stats from Kubelet URL "https://192.168.57.111:10250/stats/container/": Post https://192.168.57.111:10250/stats/container/: x509: cannot validate certificate for 192.168.57.111 because it doesn't contain any IP SANs
E0806 07:16:05.025979 1 manager.go:101] Error in scraping containers from kubelet:192.168.57.112:10250: failed to get all container stats from Kubelet URL "https://192.168.57.112:10250/stats/container/": Post https://192.168.57.112:10250/stats/container/: x509: cannot validate certificate for 192.168.57.112 because it doesn't contain any IP SANs
试试这种方式:
- "--source=kubernetes:http://kubernetes-ro?inClusterConfig=false&useServiceAccount=true&auth=" 参考链接:https://github.com/kubernetes/heapster/blob/master/docs/source-configuration.md
我也遇到了是证书的问题,删掉了/etc/kubernetes/cert/kubelet-*,重启一下kubelet就好了
@gogogonnn 直接不用 https应该也可以的,不过我heapster以后都不建议使用了。
那用什么监控方案?
@khs1994 参考: https://github.com/kubernetes/heapster/blob/master/docs/deprecation.md
部署 metrics-server 出现同样的错误。
approve kubelet CSR 请求
里的自动 approve 请求没有成功,然后我手动 approve ,没问题了。
不知道是什么原因没有成功,正在排查
我也遇到了和你一样的错误,我通过下面参数解决了 ···bash - --source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=true - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086