kubernetes集群三步安装

kubernetes1.12.0版本dashboard使用heapster无法正常显示监控数据

查看heapster日志:

1
E0228 20:01:05.019281       1 manager.go:101] Error in scraping containers from kubelet:30.0.1.4:10255: failed to get all container stats from Kubelet URL "http://30.0.1.4:10255/stats/container/": Post http://30.0.1.4:10255/stats/container/: dial tcp 30.0.1.4:10255: getsockopt: connection refused

因为1.12.0已经取消了这个端口:

1
2
3
4
5
      --read-only-port int32    
 The read-only port for the Kubelet to serve on with no authentication/authorization 
(set to 0 to disable) (default 10255) (DEPRECATED: 
This parameter should be set via the config file specified by the Kubelet's --config flag. 
See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)

解决办法:

  1. 修改heapster启动参数:

    1
    
    kubectl edit deploy heapster -n kube-system

    source参数改成:

    1
    
    --source=kubernetes:https://kubernetes.default:443?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true
  2. 此时还是不正常的,因为heapster的service account没有权限访问API,我们需要提权:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
[root@dev-86-206 dashboard]# cat ../heapster/rbac/heapster-rbac.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: heapster
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin   # 修改这里
subjects:
- kind: ServiceAccount
  name: heapster
  namespace: kube-system
1
2
kubectl delete -f ../heapster/rbac/heapster-rbac.yaml
kubectl create -f ../heapster/rbac/heapster-rbac.yaml

如此heapster可正常访问kubelet和APIserver metric了

公众号:

sealyun

微信群: