从Pod访问度量服务器

时间:2019-10-31 18:03:54

标签: kubernetes

我已经在kubernetes集群上部署了metric-server,并且在运行以下命令时一切正常:

kubectl get --raw /apis/metrics.k8s.io/v1beta1/nodes

我想从Pod访问度量服务器。为此,我使用了service/metric-server的IP,它与metric-server在同一个名称空间中。我尝试访问该指标的方式如下:

    myurl := fmt.Sprintf("https://%s:%s/apis/metrics.k8s.io/v1beta1/nodes/", serviceHost, servicePort)
    u, err := url.Parse(myurl)
    if err != nil {
        panic(err)
    }
    req, err := http.NewRequest(httpMethod, u.String(), nil)
    if err != nil {
        log.Printf("Cant sned req: %s", err)
    }
    caToken, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")
    if err != nil {
        panic(err) // cannot find token file
    }

    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", string(caToken)))

    caCertPool := x509.NewCertPool()
    caCert, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")
    if err != nil {
        panic(err)
    }
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs: caCertPool,
            },
        },
    }

    resp, err := client.Do(req)
    if err != nil {
        log.Printf("sending helm deploy payload failed: %s", err.Error())
        panic(err)
    }

此广告连播的logs结果不起作用,

Get https://METRIC-SERVER-SERVICE-IP/apis/metrics.k8s.io/v1beta1/nodes: x509: certificate is valid for 127.0.0.1, not METRIC-SERVER-SERVICE-IP

这是从Pod访问度量服务器的正确方法吗?

1 个答案:

答案 0 :(得分:0)

我做了什么,以便可以访问本地部署上的度量服务器:

  1. 设置适当的rbac
  2. 吊舱内: 导出CURL_CA_BUNDLE = / var / run / secrets / kubernetes.io / serviceaccount / ca.crt 代币= $(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt curl -H“授权:承载$ TOKEN” -k https://10.100.123.57/apis/metrics.k8s.io/v1beta1/nodes