kubernetes 安装kube-state-metrics pod无法启动,报错信息如下:
I0322 15:57:19.838422 1 main.go:108] Using default resources
I0322 15:57:19.838469 1 types.go:136] Using all namespace
I0322 15:57:19.838476 1 main.go:133] metric allow-denylisting: Excluding the following lists that were on denylist:
W0322 15:57:19.838491 1 client_config.go:617] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0322 15:57:19.838937 1 main.go:247] Testing communication with server
F0322 15:57:19.849610 1 main.go:155] Failed to create client: error while trying to communicate with apiserver: the server has asked for the client to provide credentials
使用的yaml如下:
[root@master1 kube-state-metrics]# cat service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: kube-system
[root@master1 kube-state-metrics]# cat service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: kube-system
[root@master1 kube-state-metrics]# cat cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
rules:
- apiGroups:
- ""
resources: - configmaps
- secrets
- nodes
- pods
- services
- resourcequotas
- replicationcontrollers
- limitranges
- persistentvolumeclaims
- persistentvolumes
- namespaces
- endpoints
verbs: - list
- watch
- ""
- apiGroups:
- apps
resources: - statefulsets
- daemonsets
- deployments
- replicasets
verbs: - list
- watch
- apps
- apiGroups:
- batch
resources: - cronjobs
- jobs
verbs: - list
- watch
- batch
- apiGroups:
- autoscaling
resources: - horizontalpodautoscalers
verbs: - list
- watch
- autoscaling
- apiGroups:
- authentication.k8s.io
resources: - tokenreviews
verbs: - create
- authentication.k8s.io
- apiGroups:
- authorization.k8s.io
resources: - subjectaccessreviews
verbs: - create
- authorization.k8s.io
- apiGroups:
- policy
resources: - poddisruptionbudgets
verbs: - list
- watch
- policy
- apiGroups:
- certificates.k8s.io
resources: - certificatesigningrequests
verbs: - list
- watch
- certificates.k8s.io
- apiGroups:
- storage.k8s.io
resources: - storageclasses
- volumeattachments
verbs: - list
- watch
- storage.k8s.io
- apiGroups:
- admissionregistration.k8s.io
resources: - mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs: - list
- watch
- admissionregistration.k8s.io
- apiGroups:
- networking.k8s.io
resources: - networkpolicies
- ingresses
verbs: - list
- watch
- networking.k8s.io
- apiGroups:
- coordination.k8s.io
resources: - leases
verbs: - list
- watch
- coordination.k8s.io
[root@master1 kube-state-metrics]# cat cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: kube-system
[root@master1 kube-state-metrics]# cat cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: kube-system
[root@master1 kube-state-metrics]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
template:app.kubernetes.io/name: kube-state-metrics
metadata:
spec:labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0
containers: - image: registry.cn-wulanchabu.aliyuncs.com/moge1/kube-state-metrics:v2.3.0 livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 name: kube-state-metrics ports: - containerPort: 8080 name: http-metrics - containerPort: 8081 name: telemetry readinessProbe: httpGet: path: / port: 8081 initialDelaySeconds: 5 timeoutSeconds: 5 securityContext: runAsUser: 65534 nodeSelector: kubernetes.io/os: linux serviceAccountName: kube-state-metrics
[root@master1 kube-state-metrics]# cat service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: kube-system
spec:
ports:
- name: http-metrics
port: 8080
targetPort: http-metrics - name: telemetry
port: 8081
targetPort: telemetry
selector:
app.kubernetes.io/name: kube-state-metrics