1、问题描述
项目同事反馈,通过kubectl top nodes命令,无法查看节点的CPU,内存的使用情况
但是,节点的状态是Ready的状态。
2、问题分析
登录到环境中,发现:
部分节点是可以获取到资源使用数据的:
说明:metrics server是没有问题的,api-server里面关于API聚合的配置也是没有问题的。
那么问题,应该是在问题节点的kubelet的配置。
查看metrics server的日志,发现:
发现这些无法采集的节点是401 认证的错误
hodei0,79,221,205 is hot ready , unable to fully scrabe metrics from source kubelet summary:l0.79.15.46: unablefetch metrics from
Kubelet 10,79,15,46 (10,79,15,46): reguest failed-'401 Unauthorized', response: "Unauthorized’, uhable to fully scrape metrics from
source kubelet summary:l0.79.6.115: uhable to fetch metrics froKubelet 10.79,6,115 (10796,115): request failed -401 Unauthorized.
这个时候,就可以确定,就是异常节点的kubelet的配置错误了
那么,开始着手解决它...
3、问题解决
检查异常节点的kubelet的配置
[root@eam-test-t2 ~]# systemctl status kubelet -l ● kubelet.service - Kubernetes Kubelet Server Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2023-05-05 17:13:30 CST; 15h ago Docs: https://github.com/GoogleCloudPlatform/kubernetes Main PID: 53123 (kubelet) Tasks: 27 Memory: 67.7M CGroup: /system.slice/kubelet.service └─53123 /usr/bin/kubelet --logtostderr=true --v=0 --port=10250 --hostname-override=10.79.15.45 --pod-infra-container-image=kubernetes/pause-amd64:3.1 --anonymous-auth=false --client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-domain=cluster.local. --cluster-dns=10.96.0.10 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/usr/local/bin --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --fail-swap-on=false --kube-reserved-cgroup=/system.slice/kubelet.service --system-reserved-cgroup=/system.slice --kube-reserved=cpu=200m,memory=500Mi --system-reserved=cpu=500m,memory=2048Mi --eviction-hard=memory.available<500Mi, nodefs.available<10%,imagefs.available<10% --eviction-soft=memory.available<750Mi,nodefs.available<15%,imagefs.available<15% --eviction-soft-grace-period=memory.available=1m,nodefs.available=1m,imagefs.available=1m --eviction-max-pod-grace-period=30 --eviction-minimum-reclaim=memory.available=32Mi,nodefs.available=500Mi,imagefs.available=500Mi May 06 08:54:39 eam-test-t2 kubelet[53123]: E0506 08:54:39.588537 53123 pod_workers.go:191] Error syncing pod 16c27963-1de1-440f-ba1e-163e9820fb54 ("dev-front-5b959c6877-ghtgf_c87e2267-1001-4c70-bb2a-ab41f3b81aa3(16c27963-1de1-440f-ba1e-163e9820fb54)"), skipping: failed to "StartContainer" for "dev-front" with ImagePullBackOff: "Back-off pulling image \"reg.yyuap.io:81/c87e2267-1001-4c70-bb2a-ab41f3b81aa3/front:fix-logo1\""
kubelet命令及参数
/usr/bin/kubelet --logtostderr=true --v=0 --port=10250 --hostname-override=10.79.15.45 --pod-infra-container-image=kubernetes/pause-amd64:3.1 --anonymous-auth=false --client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-domain=cluster.local. --cluster-dns=10.96.0.10 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/usr/local/bin --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --fail-swap-on=false --kube-reserved-cgroup=/system.slice/kubelet.service --system-reserved-cgroup=/system.slice --kube-reserved=cpu=200m,memory=500Mi --system-reserved=cpu=500m,memory=2048Mi --eviction-hard=memory.available<500Mi,nodefs.available<10%,imagefs.available<10% --eviction-soft=memory.available<750Mi,nodefs.available<15%,imagefs.available<15% --eviction-soft-grace-period=memory.available=1m,nodefs.available=1m,imagefs.available=1m --eviction-max-pod-grace-period=30 --eviction-minimum-reclaim=memory.available=32Mi,nodefs.available=500Mi,imagefs.available=500Mi
发现,并没有和认证相关的参数设置
metrics server想要成功获取到节点的资源使用信息,在kubelet中,需要增加如下的参数
--authentication-token-webhook --authorization-mode=Webhook
OK,那就开始尝试修改
vi /etc/kubernetes/kubelet
保存,重启kubelet服务。
待kubelet启动后,几分钟,查看kubectl top nodes的数据
OK,已经可以成功的获取到节点的资源使用率了。
问题搞定!
- 节点 Unauthorized kubectl 数据 问题节点unauthorized kubectl数据 metric-server unauthorized available kubectl 节点kubectl k8s k8 unauthorized 节点doris-be集体 问题 user_unauthorized configuration unauthorized failed server unauthorized response indicate success credentials unauthorized incorrect manually unauthorized原因easycvr页面