10250/stats/container/: x509: cannot validate certificate

318次阅读
没有评论

kubernetes heapster pod 错误日志如下

10250/stats/container/: x509: cannot validate certificate

Failed to list *v1.Node: Get https://kubernetes.default/api/v1/nodes?resourceVersion=0: x509: certificate signed by unknown authority

解决方法:

更改 source 参数

把原来的参数更改成下面的参数,heapster 即可正常启动

--source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=true
metadata:
name: heapster
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: heapster
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: heapster
spec:
serviceAccountName: heapster
containers:
- name: heapster
image: gcr.io/google_containers/heapster-amd64:v1.5.3
imagePullPolicy: IfNotPresent
command:
- /heapster
- --source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=true
- --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086
---
apiVersion: v1
kind: Service
metadata:
labels:
task: monitoring
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
# If you are NOT using this as an addon, you should comment out this line.
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: Heapster
name: heapster
namespace: kube-system
spec:
ports:
- port: 80
targetPort: 8082
selector:
k8s-app: heapster

因为我是二进制安装的,所以我需要添加不验证 https

  • insecure- 是否信任 Kubernetes 证书(默认值:false
  • kubeletPort=10250  (指定 kubelet 端口为 10250)

更新 yml 文件

kubectl apply -f heapster.yaml

10250/stats/container/: x509: cannot validate certificate

10250/stats/container/: x509: cannot validate certificate

10250/stats/container/: x509: cannot validate certificate

正文完
 
ddn
版权声明:本站原创文章,由 ddn 2019-05-14发表,共计1410字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。