kubernetes heapster pod错误日志如下

Failed to list *v1.Node: Get https://kubernetes.default/api/v1/nodes?resourceVersion=0: x509: certificate signed by unknown authority

解决方法:

更改source参数

把原来的参数更改成下面的参数,heapster 即可正常启动

--source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=true

metadata:
name: heapster
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: heapster
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: heapster
spec:
serviceAccountName: heapster
containers:
- name: heapster
image: gcr.io/google_containers/heapster-amd64:v1.5.3
imagePullPolicy: IfNotPresent
command:
- /heapster
- --source=kubernetes:https://kubernetes.default?inClusterConfig=false&useServiceAccount=true&auth=&kubeletPort=10250&kubeletHttps=true&insecure=true
- --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086
---
apiVersion: v1
kind: Service
metadata:
labels:
task: monitoring
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
# If you are NOT using this as an addon, you should comment out this line.
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: Heapster
name: heapster
namespace: kube-system
spec:
ports:
- port: 80
targetPort: 8082
selector:
k8s-app: heapster

因为我是二进制安装的，所以我需要添加不验证https

• insecure-是否信任Kubernetes证书（默认值：false）
• kubeletPort=10250  (指定kubelet端口为10250)

更新yml文件

kubectl apply -f heapster.yaml