1、日志报错
rancher导入k8s集群后添加监控无数据,rancher日志报错:
k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:cattle-prometheus:exporter-kube-state-cluster-monitoring" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2、原因
原因:是因为没有对 poddisruptionbudgets 源进行授权。
3、解决
参考:https://github.com/thxCode/rancher-system-charts/commit/48076079df0864489a669cea0380590f5dfca282
1)先查看 exporter-kube-state-cluster-monitoring 容器的 yaml 配置文件,是否含有 poddisruptionbudgets 源的权限定义:
kubectl -n cattle-prometheus get clusterrole/exporter-kube-state-cluster-monitoring -o yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: "2019-05-24T07:07:04Z" labels: app: exporter-kube-state chart: exporter-kube-state-0.0.1 heritage: Tiller io.cattle.field/appId: cluster-monitoring release: cluster-monitoring name: exporter-kube-state-cluster-monitoring resourceVersion: "543065" selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/exporter-kube-state-cluster-monitoring uid: 88e7bfe7-7df2-11e9-b769-0232e60a22fc rules: - apiGroups: - "" resources: - namespaces - nodes - pods - services - resourcequotas - replicationcontrollers - limitranges - persistentvolumeclaims - persistentvolumes - endpoints - configmaps - secrets verbs: - list - watch - apiGroups: - extensions resources: - daemonsets - deployments - replicasets verbs: - list - watch - apiGroups: - apps resources: - statefulsets - deployments verbs: - list - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch
2)发现没有相关配置,则先导出配置文件:
kubectl -n cattle-prometheus get clusterrole/exporter-kube-state-cluster-monitoring -o yaml >kube-state-ClusterRole.yaml
3)然后在最后面添加:
- apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch
4)再应用配置
kubectl apply -f kube-state-ClusterRole.yaml
5)最后可以看到图表了:
