部署k8s v1.23完成后,安装Kuboard V2:

kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
kubectl apply -f https://addons.kuboard.cn/metrics-server/0.3.7/metrics-server.yaml

安装完成后,进入Kuboard控制台界面,会发现Kuboard不能显示节点计算资源利用率情况,页面上提示

请 检查metrics-server 是否启动正常

请 检查Apiservice 状态是否正常

执行 kubectl top nodes 指令失败,提示如下信息:

# kubectl top nodes
Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)

点击上图中的“请 检查metrics-server 是否启动正常”,会看到是哪个 metrics-server 节点出错,继续点击该节点会看到详细报错信息:

Readiness probe failed: HTTP probe failed with statuscode: 500

拿到节点id,执行如下命令:

#查看pod的详情
kubectl describe -n kube-system po/metrics-server-6d544fd645-8flkv

#没有什么有效信息,继续查看容器日志

#输出pod中一个容器的日志
kubectl logs -f metrics-server-6d544fd645-6778k -n=kube-system

具体报错日志:

kubectl logs -f metrics-server-6d544fd645-6778k -n=kube-system

E0518 07:12:42.090952       1 server.go:132] unable to fully scrape metrics: [unable to fully scrape metrics from node XXX-02: unable to fetch metrics from node XXX-02: Get "https://IP-02:10250/stats/summary?only_cpu_and_memory=true": x509: cannot validate certificate for IP-02 because it doesn't contain any IP SANs, unable to fully scrape metrics from node XXX-01: unable to fetch metrics from node XXX-01: Get "https://IP01:10250/stats/summary?only_cpu_and_memory=true": x509: cannot validate certificate for IP01 because it doesn't contain any IP SANs, unable to fully scrape metrics from node XXX-master: unable to fetch metrics from node XXX-master: Get "https://IP-MASTER:10250/stats/summary?only_cpu_and_memory=true": x509: cannot validate certificate for IP-MASTER because it doesn't contain any IP SANs]
I0518 07:12:42.091126       1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I0518 07:12:42.091139       1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
I0518 07:12:42.091167       1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0518 07:12:42.091204       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0518 07:12:42.091174       1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0518 07:12:42.091246       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0518 07:12:42.091521       1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I0518 07:12:42.091885       1 secure_serving.go:197] Serving securely on [::]:4443

这个错误就是说“探测失败,因为它无法收集任何指标 。无法验证 IP-02 的证书,因为它不包含任何 IP SAN”。

怎么解决呢,其实办法很简单。

传递 ‘–kubelet-insecure-tls’ 以禁用证书验证即可(不建议在生产中)。

kubectl edit deployment.apps/metrics-server -n kube-system

执行上述命令后,将 –kubelet-insecure-tls 添加到“spec.template.spec.containers.args”(YAML Path)下的列表中即可。

示例:

spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --secure-port=4443
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        image: registry.cn-hangzhou.aliyuncs.com/ks8_kk/metrics-server:v0.4.2
        imagePullPolicy: IfNotPresent
        livenessProbe:

然后再回到Kuboard控制台界面,一切都正常了。