本文最后更新于 1165 天前,其中的信息可能已经有所发展或是发生改变。
k8s-Metrics Serverv0.5.2安装以及报错解决
在查看k8s 环境中,使用top命令查看Pod的CPU、内存使用过程中,遇到以下问题:
$ kubectl top node
W0818 03:22:46.090578 26207 top_pod.go:140] Using json format to get metrics.e-protocol-buffers flag
error: Metrics API not available
如上看到ERROR信息“Metrics API not available”,这是由于该Kuernetes环境没有安装metric-server组件导致的。
安装metric-server组件可以参考Github上的安装参考资料:https://github.com/kubernetes-sigs/metrics-server,如下所示:
[root@sdw88 glj_tmp]# kubectl create -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
在正常可以科学上网的情况下,可以拉取到镜像k8s.gcr.io/metrics-server/metrics-server:v0.5.2,即可安装完成。
但是呢公司服务器就是不行!只能通过:
#1,先到阿里云下载
docker pull registry.aliyuncs.com/google_containers/metrics-server:v0.5.2
#2.更换标签命:
docker tag registry.aliyuncs.com/google_containers/metrics-server:v0.5.2 k8s.gcr.io/metrics-server/metrics-server:v0.5.2
然后查看Pod是否OK,等待一段时间查看哈:
[root@sdw88 glj_tmp]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f6cbbb7b8-44nfm 1/1 Running 0 7d19h
coredns-7f6cbbb7b8-pjdt7 1/1 Running 0 7d19h
etcd-sdw88 1/1 Running 0 7d19h
kube-apiserver-sdw88 1/1 Running 0 7d19h
kube-controller-manager-sdw88 1/1 Running 0 7d19h
kube-flannel-ds-bndj6 1/1 Running 0 7d18h
kube-flannel-ds-cnxxc 1/1 Running 0 7d18h
kube-flannel-ds-l28g9 1/1 Running 0 7d18h
kube-proxy-8lppt 1/1 Running 0 28h
kube-proxy-ns4tv 1/1 Running 0 28h
kube-proxy-pnmm8 1/1 Running 0 28h
kube-scheduler-sdw88 1/1 Running 0 7d19h
metrics-server-5b6dd75459-7wzvr 0/1 Running 0 12s
该metric-server Pod尚未准备运行完成,describe查看其详细信息:
[root@sdw88 glj_tmp]# kubectl describe pod metrics-server-5b6dd75459-7wzvr -n kube-system
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 31s default-scheduler Successfully assigned kube-system/metrics-server-5b6dd75459-7wzvr to sdw34
Normal Pulled <invalid> kubelet Container image "k8s.gcr.io/metrics-server/metrics-server:v0.5.2" already present on machine
Normal Created <invalid> kubelet Created container metrics-server
Normal Started <invalid> kubelet Started container metrics-server
Warning Unhealthy 9s (x5 over 49s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 500
可以看到在描述中的事件信息中直接:Readiness probe failed: HTTP probe failed with statuscode: 500
然后日志全是这种错:
E1216 10:54:51.417065 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.1.33:10250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.1.33 because it doesn't contain any IP SANs" node="sdw33"
I1216 10:54:53.739687 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
I1216 10:55:03.739164 1 server.go:188] "Failed probe" probe="metric-storage-ready" err="not metrics to serve"
E1216 10:55:06.408232 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.1.33:10250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.1.33 because it doesn't contain any IP SANs" node="sdw33"
E1216 10:55:06.409199 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.1.34:10250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.1.34 because it doesn't contain any IP SANs" node="sdw34"
E1216 10:55:06.411028 1 scraper.go:139] "Failed to scrape node" err="Get \"https://192.168.1.88:10250/stats/summary?only_cpu_and_memory=true\": x509: cannot validate certificate for 192.168.1.88 because it doesn't contain any IP SANs" node="sdw88"
针对这个报错,仔细查阅Github上的安装参考资料:https://github.com/kubernetes-sigs/metrics-server (全英文-日了狗)
1.安装要求,如下红框中说明,Kubelet证书需要由群集证书颁发机构签名(或可以禁用证书验证,通过对Metrics Server配置参数–Kubelet-insecure-tls不安全)
2.配置,如下红框中说明,添加了--Kubelet-insecure-tls这个配置,就不会去验证Kubelets提供的服务证书的CA。只能在测试环境哦-不安全
修改之前的apply的components.yaml文件,添加--Kubelet-insecure-tls参数,
–kubelet-insecure-tls:kubelet 的10250端口使用的是https协议,连接需要验证tls证书。–kubelet-insecure-tls不验证客户端证书
如下所示
重新apply components.yaml文件,以及查看Pod
[root@sdw88 glj_tmp]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
metrics-server-5b6dd75459-7wzvr 1/1 Running 0 33s
验证top:
[root@sdw88 glj_tmp]# kubectl top pod -n kube-system
NAME CPU(cores) MEMORY(bytes)
coredns-7f6cbbb7b8-44nfm 3m 23Mi
coredns-7f6cbbb7b8-pjdt7 3m 21Mi
etcd-sdw88 34m 56Mi
kube-apiserver-sdw88 102m 290Mi
kube-controller-manager-sdw88 30m 58Mi
kube-flannel-ds-bndj6 3m 23Mi
kube-flannel-ds-cnxxc 3m 21Mi
kube-flannel-ds-l28g9 4m 26Mi
kube-proxy-8lppt 11m 20Mi
kube-proxy-ns4tv 1m 19Mi
kube-proxy-pnmm8 9m 19Mi
kube-scheduler-sdw88 6m 28Mi
metrics-server-5b6dd75459-7wzvr 4m 22Mi