1、日志報錯
rancher導入k8s集群后添加監控無數據,rancher日志報錯:
k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:cattle-prometheus:exporter-kube-state-cluster-monitoring" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2、原因
原因:是因為沒有對 poddisruptionbudgets 源進行授權。
3、解決
參考:https://github.com/thxCode/rancher-system-charts/commit/48076079df0864489a669cea0380590f5dfca282
1)先查看 exporter-kube-state-cluster-monitoring 容器的 yaml 配置文件,是否含有 poddisruptionbudgets 源的權限定義:
kubectl -n cattle-prometheus get clusterrole/exporter-kube-state-cluster-monitoring -o yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: "2019-05-24T07:07:04Z" labels: app: exporter-kube-state chart: exporter-kube-state-0.0.1 heritage: Tiller io.cattle.field/appId: cluster-monitoring release: cluster-monitoring name: exporter-kube-state-cluster-monitoring resourceVersion: "543065" selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/exporter-kube-state-cluster-monitoring uid: 88e7bfe7-7df2-11e9-b769-0232e60a22fc rules: - apiGroups: - "" resources: - namespaces - nodes - pods - services - resourcequotas - replicationcontrollers - limitranges - persistentvolumeclaims - persistentvolumes - endpoints - configmaps - secrets verbs: - list - watch - apiGroups: - extensions resources: - daemonsets - deployments - replicasets verbs: - list - watch - apiGroups: - apps resources: - statefulsets - deployments verbs: - list - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch
2)發現沒有相關配置,則先導出配置文件:
kubectl -n cattle-prometheus get clusterrole/exporter-kube-state-cluster-monitoring -o yaml >kube-state-ClusterRole.yaml
3)然后在最后面添加:
- apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch
4)再應用配置
kubectl apply -f kube-state-ClusterRole.yaml
5)最后可以看到圖表了:
