devbox
Monodyee
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

k8s(1.28)使用Helm安装metrics-server_helm安装metricserver

作者:Monodyee | 2024-05-04 22:23:46

helm安装metricserver

提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档

文章目录

前言

提示:这里可以添加本文要记录的大概内容:

metrics-server安装后,可以查看集群的node和pod的CPU和Memory占用情况,非常有用。

提示:以下是本篇文章正文内容,下面案例可供参考

一、安装步骤

1.下载metric-server的chart

官网地址:https://github.com/kubernetes-sigs/metrics-server/releases
找到一个版本的helm chart后下载到本地解压。

2.改vaules.yaml模板

找到values.yaml模板,打开后我们改如下三行:
repository: registry.aliyuncs.com/google_containers/metrics-server
repository: registry.aliyuncs.com/google_containers/autoscaling/addon-resizer
args:

  • –kubelet-insecure-tls

三处的代码块如下:

第一处:
image:
  repository: registry.aliyuncs.com/google_containers/metrics-server
  # Overrides the image tag whose default is v{{ .Chart.AppVersion }}
第二处:
args: 
   - --kubelet-insecure-tls
第三处:
  image:
    repository: registry.aliyuncs.com/google_containers/autoscaling/addon-resizer

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

改这三处的目的是:

  1. 修改镜像下载池为阿里源,方便国内用户下载;
  2. 增加一个args参数,忽略tls,否则会报错;

3.使用helm安装metrics

将原始的chart包传至k8s环境某目录
在该目录下重新vim一个values-metrics.yaml文件,将本地新改好的代码全部粘贴复制进这个新文件。然后在本目录下执行:
helm install <下载的原始chart包> --values values-metrics.yaml -n kube-system

root@k8s-master:/home/perry# helm install metrics-server metrics-server-3.11.0.tgz --values metric-value.yaml -n kube-system

  • 1

等待几分钟后,即可正常执行
kubectl top nodes
kubectl top pods

二、遇到问题

我之前没有加“- --kubelet-insecure-tls” 参数,导致在执行kubectl top node的时候一直报错:
root@k8s-master:~# kubectl top nodes
error: Metrics API not available
root@k8s-master:~#
查看pod logs:
root@k8s-master:~# kubectl -n kube-system logs metrics-server-7c76c9655c-twhzr
报错:
scraper.go:140] “Failed to scrape node” err=“Get “https://11.0.1.139:10250/metrics/resource”: x509: cannot validate certificate for 11.0.1.139 because it doesn’t contain any IP SANs” node=“k8s-node2”

root@k8s-master:~# kubectl -n kube-system logs metrics-server-7c76c9655c-twhzr 
I0117 08:41:44.446733       1 serving.go:342] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key)
I0117 08:41:44.911378       1 secure_serving.go:267] Serving securely on [::]:4443
I0117 08:41:44.911537       1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I0117 08:41:44.911565       1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
I0117 08:41:44.911796       1 dynamic_serving_content.go:131] "Starting controller" name="serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key"
E0117 08:41:44.916116       1 scraper.go:140] "Failed to scrape node" err="Get \"https://11.0.1.138:10250/metrics/resource\": x509: cannot validate certificate for 11.0.1.138 because it doesn't contain any IP SANs" node="k8s-node1"
I0117 08:41:44.916282       1 tlsconfig.go:240] "Starting DynamicServingCertificateController"
W0117 08:41:44.916395       1 shared_informer.go:372] The sharedIndexInformer has started, run more than once is not allowed
I0117 08:41:44.916510       1 configmap_cafile_content.go:201] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I0117 08:41:44.916536       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0117 08:41:44.916571       1 configmap_cafile_content.go:201] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I0117 08:41:44.916592       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
E0117 08:41:44.932118       1 scraper.go:140] "Failed to scrape node" err="Get \"https://11.0.1.137:10250/metrics/resource\": x509: cannot validate certificate for 11.0.1.137 because it doesn't contain any IP SANs" node="k8s-master"
E0117 08:41:44.940757       1 scraper.go:140] "Failed to scrape node" err="Get \"https://11.0.1.139:10250/metrics/resource\": x509: cannot validate certificate for 11.0.1.139 because it doesn't contain any IP SANs" node="k8s-node2"

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

所以在创建的时候需要加上那个args参数“- --kubelet-insecure-tls”
创建完成后get pods -o yaml是如下形式:

root@k8s-master:/home/perry# kubectl -n kube-system get pods metrics-server-5f5fc55fd-znknr -o yaml
...
spec:
  containers:
  - args:
    - --secure-port=10250
    - --cert-dir=/tmp
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --kubelet-use-node-status-port
    - --metric-resolution=15s
    - --kubelet-insecure-tls
    image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.4

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

Created by Perry Hao at 2024.01.17

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Monodyee/article/detail/536359
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号