我在4个kubernetes节点上安装CentOS。 1个主人和3个工人。之后我想autoscale我的pod。我知道heapster已被弃用所以我安装公制服务器
git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@ip-10-0-1-91 1.8+]# kubectl apply -f aggregated-metrics-reader.yaml
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f auth-reader.yaml
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f auth-delegator.yaml
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f metrics-apiservice.yaml
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f resource-reader.yaml
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f metrics-server-deployment.yaml
serviceaccount/metrics-server created
deployment.extensions/metrics-server created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f metrics-server-service.yaml
service/metrics-server created
但是当我得到metrics-server的日志时,我得到了这个
kubectl -n kube-system logs metrics-server-55d46868d4-9649g
I0327 07:53:03.900200 1 serving.go:273] Generated self-signed cert (apiserver.local.config/certificates/apiserver.crt, apiserver.local.config/certificates/apiserver.key)
W0327 07:53:34.327373 1 authentication.go:245] Unable to get configmap/extension-apiserver-authentication in kube-system. Usually fixed by 'kubectl create rolebinding -n kube-system ROLE_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA'
Error: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication: dial tcp 10.96.0.1:443: i/o timeout
Usage:
[flags]
并且kube-apiserver有这个日志
http: TLS handshake error from 192.168.122.29:41366: remote error: tls: bad certificate
您的设置问题是它无法连接到kubelet。您需要更改metrics-server-deployment.yaml文件夹中的deploy/1.8+文件
在容器部分,您需要允许insecure-tls。请添加以下部分:
containers:
- command:
- /metrics-server
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
以下是完整的metrics-server-deployment.yaml文件,您可以使用以下内容替换完整文件:
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- command:
- /metrics-server
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.1
imagePullPolicy: Always
volumeMounts:
- name: tmp-dir
mountPath: /tmp
现在使用新文件再次创建metrics-server-deployment,它应该可以工作。