安装metric-server失败

目录

• 安装metric-server失败
  • 情况描述
  • 解决办法
  • 结语

安装metric-server失败

情况描述

安装metric-server起不来，就绪探针失败，日志报错误如下

[root@k8s-master01 ~]# kubectl describe pod metrics-server-64cf6869bd-mgcw6 -n kube-system 
Events:
  Type     Reason     Age                     From               Message
  ----     ------     ----                    ----               -------
  Normal   Scheduled  7m19s                   default-scheduler  Successfully assigned kube-system/metrics-server-64cf6869bd-mgcw6 to k8s-node02
  Normal   Pulled     7m19s                   kubelet            Container image "k8s.gcr.io/metrics-server/metrics-server:v0.6.1" already present on machine
  Normal   Created    7m19s                   kubelet            Created container metrics-server
  Normal   Started    7m19s                   kubelet            Started container metrics-server
  Warning  Unhealthy  2m10s (x33 over 6m59s)  kubelet            Readiness probe failed: HTTP probe failed with statuscode: 500

[root@k8s-master01 ~]# kubectl logs metrics-server-64cf6869bd-mgcw6 -n kube-system
annot validate certificate for 172.16.2.12 because it doesn't contain any IP SANs" node="k8s-master02"
I0531 07:37:39.092757       1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
I0531 07:37:43.146252       1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
E0531 07:37:49.924758       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.11:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.11 because it doesn't contain any IP SANs" node="k8s-master01"
E0531 07:37:49.926608       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.23:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.23 because it doesn't contain any IP SANs" node="k8s-node03"
E0531 07:37:49.929540       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.21:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.21 because it doesn't contain any IP SANs" node="k8s-node01"
E0531 07:37:49.934842       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.13:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.13 because it doesn't contain any IP SANs" node="k8s-master03"
E0531 07:37:49.961749       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.12:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.12 because it doesn't contain any IP SANs" node="k8s-master02"
E0531 07:37:49.962899       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.22:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.22 because it doesn't contain any IP SANs" node="k8s-node02"
I0531 07:37:53.145665       1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
I0531 07:38:03.144055       1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
E0531 07:38:04.918053       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.11:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.11 because it doesn't contain any IP SANs" node="k8s-master01"
E0531 07:38:04.920913       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.23:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.23 because it doesn't contain any IP SANs" node="k8s-node03"
E0531 07:38:04.921444       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.12:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.12 because it doesn't contain any IP SANs" node="k8s-master02"
E0531 07:38:04.927008       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.22:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.22 because it doesn't contain any IP SANs" node="k8s-node02"
E0531 07:38:04.952487       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.21:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.21 because it doesn't contain any IP SANs" node="k8s-node01"
E0531 07:38:04.964576       1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.16.2.13:10250/metrics/resource\": x509: cannot validate certificate for 172.16.2.13 because it doesn't contain any IP SANs" node="k8s-master03"
I0531 07:38:13.142980       1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"

解决办法

修改yaml文件的deployment部分，添加- --kubelet-insecure-tls，然后重新apply yaml文件

 template:
    metadata:
      labels:
        k8s-app: metrics-server
    spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --secure-port=4443
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        - --metric-resolution=15s
        - --kubelet-insecure-tls	#添加这一行

结语

这种方法可以临时使用，不建议生产使用。因为k8s集群是用kubeadm部署的，存在证书上的隐患，这里遇到的就是证书的问题，添加的参数使用了不安全tls，最好就是一开始部署集群的时候采用二进制方式部署。

---

个人网站： https://cxupup.com