kubernetes heapster pod 错误日志如下
Failed to list *v1.Node: Get https://kubernetes.default/api/v1/nodes?resourceVersion=0: x509: certificate signed by unknown authority
解决方法:
更改 source 参数
把原来的参数更改成下面的参数,heapster 即可正常启动
--source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=truemetadata:
name: heapster
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: heapster
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: heapster
spec:
serviceAccountName: heapster
containers:
- name: heapster
image: gcr.io/google_containers/heapster-amd64:v1.5.3
imagePullPolicy: IfNotPresent
command:
- /heapster
- --source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=true
- --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086
---
apiVersion: v1
kind: Service
metadata:
labels:
task: monitoring
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
# If you are NOT using this as an addon, you should comment out this line.
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: Heapster
name: heapster
namespace: kube-system
spec:
ports:
- port: 80
targetPort: 8082
selector:
k8s-app: heapster
因为我是二进制安装的,所以我需要添加不验证 https
insecure- 是否信任 Kubernetes 证书(默认值:false)- kubeletPort=10250 (指定 kubelet 端口为 10250)
更新 yml 文件
kubectl apply -f heapster.yaml
