Coder Social home page Coder Social logo

关于Metrics about kubernetes-handbook HOT 7 CLOSED

feiskyer avatar feiskyer commented on May 21, 2024
关于Metrics

from kubernetes-handbook.

Comments (7)

feiskyer avatar feiskyer commented on May 21, 2024 1

  1. Aggregation Layer 必须开启的,metrics-server 部署好了可以查询 metrics API 看看是否有数据,比如 kubectl get --raw apis/metrics.k8s.io/v1beta1/pods

  2. 证书要事先生成,然后修改到正确的路径

from kubernetes-handbook.

feiskyer avatar feiskyer commented on May 21, 2024 1

@hechuan73 不需要执行 kubectl apply,等着 kubelet 重新创建 kube-apiserver 即可

from kubernetes-handbook.

hechuan73 avatar hechuan73 commented on May 21, 2024

@feiskyer
您好,我今天按照这里面的指南,在搭好集群之后,修改了/etc/kubernetes/manifests/kube-apiserver.yaml 这个文件,将其中对应的几个参数修改成了我生成的证书的路径,然后我尝试执行以下命令:

# kubectl apply -f kube-apiserver.yaml 
error: unable to recognize "kube-apiserver.yaml": Get https://10.141.211.179:6443/api?timeout=32s: dial tcp 10.141.211.179:6443: connect: connection refused

获取pods信息:

kubectl get pods
The connection to the server 10.141.211.179:6443 was refused - did you specify the right host or port?

发现kubectl 无法和apiserver通信了。请问下是不是我修改的方式有问题,我在官网查,官网说“在部署 metrics-server 之前,需要在 kube-apiserver 中开启 API Aggregation,即增加以下配置”,也没说具体的方式,感觉我修改的方式错了,请教下正确的修改以及让它生效的方式应该是怎样的?

另外,我只是修改了这个文件,按理来说,还没让它生效,已经生成的apiserver这个pod不应该受到影响,但是后面发现kubectl 已经不能和apiserver通信了。请教下这是为什么呢?非常感谢!!!

from kubernetes-handbook.

hechuan73 avatar hechuan73 commented on May 21, 2024

@feiskyer 好的。您的意思应该是先delete掉 apiserver这个pod,然后kubeadm会重新创建kube-apiserver对吧,如下:

# kubectl delete pod -n kube-system kube-apiserver-k8s-master
pod "kube-apiserver-k8s-master" deleted

我刚才测试了,确实会马上重新创建,很感谢!

from kubernetes-handbook.

feiskyer avatar feiskyer commented on May 21, 2024

不需要手动删除,修改了 manifests 之后 kubelet 会自动重新创建

from kubernetes-handbook.

hechuan73 avatar hechuan73 commented on May 21, 2024

@feiskyer
您好,很抱歉再次打扰。我之前生成证书修改后,一直报如下错误:

The connection to the server 10.141.211.179:6443 was refused - did you specify the right host or port?

然后我今天安装官网教程(生成证书),利用cfssl重新生成了"ca.pem,ca-key.pem,server.pem,server-key.pem"四个文件,然后更新了系统的证书库,并且更新了kube-apiserver.yaml相关字段如下:

 - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    #- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-cert-file=/etc/kubernetes/cert/server.pem
    #- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --proxy-client-key-file=/etc/kubernetes/cert/server-key.pem
    #- --requestheader-allowed-names=front-proxy-client
    - --requestheader-allowed-names=aggregator
    #- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User

结果还是报如下错误:

The connection to the server 10.141.211.179:6443 was refused - did you specify the right host or port?

生成证书的json文件如下:

# cat ca-config.json 
{
  "signing": {
    "default": {
      "expiry": "8760h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ],
        "expiry": "8760h"
      }
    }
  }
}

# cat ca-csr.json 
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names":[{
    "C": "CN",
    "ST": "ShangHai",
    "L": "ShangHai",
    "O": "k8s",
    "OU": "System"
  }]
}

# cat server-csr.json 
{
  "CN": "kubernetes",
  "hosts": [
    "127.0.0.1",
    "10.141.211.179",
    "10.96.0.1",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [{
    "C": "CN",
    "ST": "ShangHai",
    "L": "ShangHai",
    "O": "k8s",
    "OU": "System"
  }]
}

然后使用如下命令更新的证书库:

# cp ca.pem /etc/pki/ca-trust/source/anchors/kubernetes.pem
# update-ca-trust extract

麻烦您帮忙看下会是哪一个环境出了错,谢谢!

from kubernetes-handbook.

feiskyer avatar feiskyer commented on May 21, 2024

看起来是 apiserver 没起来,可以 docker ps -a 找到容器,查查啥容器日志里是不是有报错

from kubernetes-handbook.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.