Мобильная версияНевозможно запустить API-сервис Kubernetes metrics-server (ДОСТУПНО: False (FalseDiscoveryCheck) ⇐ Linux
-
Anonymous
Невозможно запустить API-сервис Kubernetes metrics-server (ДОСТУПНО: False (FalseDiscoveryCheck)
I recently gathered a 1 master 3 worker cluster on Naver cloud platform.
However, I am stuck deploying a metrics-server and stuck here for weeks.
In short, my kube-apiserver cannot reach metrics-server apiservice (v1beta1)
(error log from: kubectl logs kube-apiserver-master -n kube-system:
E0229 08:54:20.172156 1 available_controller.go:460] v1beta1.metrics.k8s.io failed with: failing or missing response from https://192.168.182.16:10250/apis/metri ... io/v1beta1: Get "https://192.168.182.16:10250/apis/metri ... io/v1beta1": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0229 08:08:18.569700 1 controller.go:113] loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: Error, could not get list of group versions for APIService)
So I searched the web and tried adding "--kubelet-insecure-tls" flag to metrics-server deployment or adding "hostNetwork: true" config under spec.container under the same manifest that I added the flag above (which ended up in a CrashLoopBackOff state for the metrics-server pod)
I am truly not sure what should be the cause of metrics-server apiservice not working. Maybe I though "v1beta1" api is deprecated or too old for k8s 1.28.x?
Another speculation is metrics-server not deploying when I set "hostNetwork: true" in the deployment manifest of metrics-server.
Couldn't find a solution for my case so I am creating this thread.
My master node OS is Ubuntu 20.04, two of the worker nodes the same and one worker node Ubuntu 18.04.
Kubernetes version is 1.28.x across the four nodes and using CRI-O as CRI. Also, using Calico as CNI (reason I added "hostNetwork: true" to metrics-server deployment manifest, which didn't work)
metrics-server version that I am trying to deploy is the latest version 0.7.x.
If there is any other information I can provide, I will ASAP.
Here is the components.yaml that I use to deploy metrics-server via "k apply -f components.yaml":
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - nodes/metrics verbs: - get - apiGroups: - "" resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 0 template: metadata: labels: k8s-app: metrics-server spec: containers: - args: - --cert-dir=/tmp - --secure-port=10250 #- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname - --kubelet-use-node-status-port #- --metric-resolution=15s - --metric-resolution=30s - --kubelet-insecure-tls # command: # - /metrics-server # - --kubelet-insecure-tls # - --kubelet-preferred-address-types=InternalIP image: registry.k8s.io/metrics-server/metrics-server:v0.7.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux # below option was added for using Calico CNI hostNetwork: true priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 # insecureSkipTLSVerify: true insecureSkipTLSVerify: false service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 Thanks for reading!
Источник: https://stackoverflow.com/questions/781 ... -false-fal
I recently gathered a 1 master 3 worker cluster on Naver cloud platform.
However, I am stuck deploying a metrics-server and stuck here for weeks.
In short, my kube-apiserver cannot reach metrics-server apiservice (v1beta1)
(error log from: kubectl logs kube-apiserver-master -n kube-system:
E0229 08:54:20.172156 1 available_controller.go:460] v1beta1.metrics.k8s.io failed with: failing or missing response from https://192.168.182.16:10250/apis/metri ... io/v1beta1: Get "https://192.168.182.16:10250/apis/metri ... io/v1beta1": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0229 08:08:18.569700 1 controller.go:113] loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: Error, could not get list of group versions for APIService)
So I searched the web and tried adding "--kubelet-insecure-tls" flag to metrics-server deployment or adding "hostNetwork: true" config under spec.container under the same manifest that I added the flag above (which ended up in a CrashLoopBackOff state for the metrics-server pod)
I am truly not sure what should be the cause of metrics-server apiservice not working. Maybe I though "v1beta1" api is deprecated or too old for k8s 1.28.x?
Another speculation is metrics-server not deploying when I set "hostNetwork: true" in the deployment manifest of metrics-server.
Couldn't find a solution for my case so I am creating this thread.
My master node OS is Ubuntu 20.04, two of the worker nodes the same and one worker node Ubuntu 18.04.
Kubernetes version is 1.28.x across the four nodes and using CRI-O as CRI. Also, using Calico as CNI (reason I added "hostNetwork: true" to metrics-server deployment manifest, which didn't work)
metrics-server version that I am trying to deploy is the latest version 0.7.x.
If there is any other information I can provide, I will ASAP.
Here is the components.yaml that I use to deploy metrics-server via "k apply -f components.yaml":
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - nodes/metrics verbs: - get - apiGroups: - "" resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 0 template: metadata: labels: k8s-app: metrics-server spec: containers: - args: - --cert-dir=/tmp - --secure-port=10250 #- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname - --kubelet-use-node-status-port #- --metric-resolution=15s - --metric-resolution=30s - --kubelet-insecure-tls # command: # - /metrics-server # - --kubelet-insecure-tls # - --kubelet-preferred-address-types=InternalIP image: registry.k8s.io/metrics-server/metrics-server:v0.7.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux # below option was added for using Calico CNI hostNetwork: true priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 # insecureSkipTLSVerify: true insecureSkipTLSVerify: false service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 Thanks for reading!
Источник: https://stackoverflow.com/questions/781 ... -false-fal
