k8s 1.21版本中安装metrics-server v0.5.1报错处理
k8s中metrics-server部署安装
·
环境
[root@master ~]# kubectl get node -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node0 Ready <none> 4h10m v1.21.10 192.168.56.169 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.2
# kubectl get pod -owide -A
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-67878b879f-97lkh 1/1 Running 0 3h56m 192.168.56.169 node0 <none> <none>
kube-system calico-node-7nz6t 1/1 Running 0 3h56m 192.168.56.169 node0 <none> <none>
kube-system coredns-5db6d786b9-wl6hd 1/1 Running 0 3h56m 100.64.102.136 node0 <none> <none>
kube-system metrics-server-7c4b97b8d4-zt42p 0/1 Running 0 82s 100.64.102.145 node0 <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-7b555c5c94-4lrqc 1/1 Running 0 3h56m 100.64.102.135 node0 <none> <none>
kubernetes-dashboard kubernetes-dashboard-94f5c6549-hdfjx 1/1 Running 0 3h56m 100.64.102.133 node0 <none> <none>
报错信息
查看metrics-server的pod信息:
[root@master ~]# kubectl describe pod metrics-server-7c4b97b8d4-zt42p -n kube-system
Name: metrics-server-7c4b97b8d4-zt42p
Namespace: kube-system
Priority: 2000000000
Priority Class Name: system-cluster-critical
Node: node0/192.168.56.169
Start Time: Mon, 06 Jun 2022 19:14:43 +0800
Labels: k8s-app=metrics-server
pod-template-hash=7c4b97b8d4
Annotations: <none>
Status: Running
IP: 100.64.102.145
IPs:
IP: 100.64.102.145
Controlled By: ReplicaSet/metrics-server-7c4b97b8d4
Containers:
metrics-server:
Container ID: containerd://70a65f2becaaed20e835d58d8cf4f4e02fb285e9d3942dbafddeceb2083fd520
Image: xxxx/metrics-server:v0.5.1
Image ID: xxxx/metrics-server@sha256:a84baf65a4a3163799ab19307c7fc21c1473ac5e4044f25df398719cf7c58279
Port: 443/TCP
Host Port: 0/TCP
Args:
--cert-dir=/tmp
--secure-port=443
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--kubelet-use-node-status-port
--metric-resolution=15s
State: Running
Started: Mon, 06 Jun 2022 19:14:45 +0800
Ready: False
Restart Count: 0
Requests:
cpu: 100m
memory: 200Mi
Liveness: http-get https://:https/livez delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get https://:https/readyz delay=20s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from metrics-server-token-hv5cx (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
tmp-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
metrics-server-token-hv5cx:
Type: Secret (a volume populated by a Secret)
SecretName: metrics-server-token-hv5cx
Optional: false
QoS Class: Burstable
Node-Selectors: kubernetes.io/os=linux
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 93s default-scheduler Successfully assigned kube-system/metrics-server-7c4b97b8d4-zt42p to node0
Normal Pulled 11s kubelet Container image "10.188.250.8/kubebtest/metrics-server:v0.5.1" already present on machine
Normal Created 10s kubelet Created container metrics-server
Normal Started 10s kubelet Started container metrics-server
Warning Unhealthy <invalid> (x7 over <invalid>) kubelet Readiness probe failed: HTTP probe failed with statuscode: 500
[root@master ~]#
[root@master ~]#
[root@master ~]#
[root@master ~]# kubectl logs metrics-server-7c4b97b8d4-zt42p -n kube-system
I0606 11:14:45.636137 1 serving.go:341] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key)
E0606 11:14:46.689009 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:14:46.733054 1 secure_serving.go:202] Serving securely on [::]:443
I0606 11:14:46.734167 1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I0606 11:14:46.734244 1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
I0606 11:14:46.734630 1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I0606 11:14:46.734641 1 tlsconfig.go:240] Starting DynamicServingCertificateController
I0606 11:14:46.734931 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0606 11:14:46.735259 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0606 11:14:46.735645 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0606 11:14:46.735679 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0606 11:14:46.839072 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0606 11:14:46.839231 1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController
I0606 11:14:46.839564 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
E0606 11:15:01.675388 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:15:13.234527 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
E0606 11:15:16.670256 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:15:23.236475 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
E0606 11:15:31.676283 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:15:33.234068 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
I0606 11:15:43.235745 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
E0606 11:15:46.677634 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:15:53.236178 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
E0606 11:16:01.676373 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:16:03.235592 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
I0606 11:16:13.236974 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
E0606 11:16:16.676874 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.56.169:11250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.56.169 because it doesn't contain any IP SANs" node="node0"
I0606 11:16:23.239367 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
[root@master ~]#
解决办法
在deployment中添加:
- --kubelet-insecure-tls #添加
如下图:
重新apply资源,过一会,pod就正常了,metrics-server的日志也就正常了!
参考
metrics-server版本:v0.5.1 github官方地址
K8s部署metric-server页面不显示,报错unable to fully scrape metrics
附件(metrics-server版本:v0.5.1 )
Installation
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.1/components.yaml
[root@master ~]# cat components-v0.5.1.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --kubelet-insecure-tls #添加
- --metric-resolution=15s
#image: k8s.gcr.io/metrics-server/metrics-server:v0.5.1
image: xxxx/metrics-server:v0.5.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
更多推荐
已为社区贡献10条内容
所有评论(0)