-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Metrics Server as addon (#3560). #3563
Support Metrics Server as addon (#3560). #3563
Conversation
Does this PR work, if you apply #3465 ? |
7 similar comments
Does this PR work, if you apply #3465 ? |
Does this PR work, if you apply #3465 ? |
Does this PR work, if you apply #3465 ? |
Does this PR work, if you apply #3465 ? |
Does this PR work, if you apply #3465 ? |
Does this PR work, if you apply #3465 ? |
Does this PR work, if you apply #3465 ? |
No, I got following error. Should I fix it?
|
You need to make that work , as it will become defaults. It is prolly due to removing the insecure port. |
Sure, but I can't find the cause, If you know, could you help me ? Messages said: W1021 10:21:57.574621 1 authentication.go:245] Unable to get configmap/extension-apiserver-authentication in kube-system. Usually fixed by 'kubectl create rolebinding -n kube-system ROLE_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA' So I think resolution is adding extension-apiserver-authentication-reader role. But when I checked rolebindings, it had it as following:
So config had extension-apiserver-authentication-reader already.
Do you have any idea? |
I might be due to the fact that the read-only port is disabled. Our metrics-server deployment is as following:
It requires:
Which should be default though |
8a538e9
to
893a254
Compare
Thanks, I updated. I can't find source option for metrcis-server v0.3.1. Currently, I use previous v0.2.1. |
893a254
to
a6b25c9
Compare
Now it's based on metrics server v0.3.1 and it shoud work with PR #3465. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please enable in CI test addons too:
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-service.yaml.j2
Outdated
Show resolved
Hide resolved
58678d8
to
3e05206
Compare
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
roles/kubernetes-apps/metrics_server/templates/metrics-apiservice.yaml.j2
Outdated
Show resolved
Hide resolved
8c890be
to
93193e2
Compare
93193e2
to
03344cd
Compare
roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
Outdated
Show resolved
Hide resolved
ci check this |
Sorry, following multiple entries for kubelet_preferred_address_types does not work default configuration.
I would like to specify just InternalIP as default. |
…types Make InternalIP default because multiple preferrred address types does not work.
Testing on a CoreOS node here seems not to work:
Here is the settings used . I'm running from master branch: diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index dbe608fa..580b8430 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -33,9 +33,9 @@ bin_dir: /usr/local/bin
#kubelet_load_modules: false
## Upstream dns servers used by dnsmasq
-#upstream_dns_servers:
-# - 8.8.8.8
-# - 8.8.4.4
+upstream_dns_servers:
+ - 8.8.8.8
+ - 8.8.4.4
## There are some changes specific to the cloud providers
## for instance we need to encapsulate packets with some network plugins
@@ -46,7 +46,7 @@ bin_dir: /usr/local/bin
## Uncomment to enable experimental kubeadm deployment mode
-#kubeadm_enabled: false
+kubeadm_enabled: true
## Set these proxy values in order to update package manager and docker daemon to use proxies
#http_proxy: ""
diff --git a/inventory/sample/group_vars/k8s-cluster/addons.yml b/inventory/sample/group_vars/k8s-cluster/addons.yml
index ca801d3c..e85b900f 100644
--- a/inventory/sample/group_vars/k8s-cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s-cluster/addons.yml
@@ -3,7 +3,7 @@
dashboard_enabled: true
# Helm deployment
-helm_enabled: false
+helm_enabled: true
# Registry deployment
registry_enabled: false
@@ -12,7 +12,7 @@ registry_enabled: false
# registry_disk_size: "10Gi"
# Metrics Server deployment
-metrics_server_enabled: false
+metrics_server_enabled: true
# metrics_server_kubelet_insecure_tls: true
# metrics_server_metric_resolution: 60s
# metrics_server_kubelet_preferred_address_types: "InternalIP"
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 0279c7c1..ad87b2fb 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -71,7 +71,7 @@ kube_users:
# Choose network plugin (cilium, calico, contiv, weave or flannel)
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
-kube_network_plugin: calico
+kube_network_plugin: weave
# Kubernetes internal network for services, unused block of space.
kube_service_addresses: 10.233.0.0/18
@@ -89,13 +89,13 @@ kube_network_node_prefix: 24
# The port the API Server will be listening on.
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
kube_apiserver_port: 6443 # (https)
-kube_apiserver_insecure_port: 8080 # (http)
+#kube_apiserver_insecure_port: 8080 # (http)
# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true
-#kube_apiserver_insecure_port: 0 # (disabled)
+kube_apiserver_insecure_port: 0 # (disabled)
# Kube-proxy proxyMode configuration.
# Can be ipvs, iptables
-kube_proxy_mode: iptables
+kube_proxy_mode: ipvs
# Kube-proxy nodeport address.
# cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
@@ -103,7 +103,7 @@ kube_proxy_nodeport_addresses: false
# kube_proxy_nodeport_addresses_cidr: 10.0.1.0/24
## Encrypting Secret Data at Rest (experimental)
-kube_encrypt_secret_data: false
+kube_encrypt_secret_data: true
# DNS configuration.
# Kubernetes cluster name, also will be used as DNS domain
@@ -111,12 +111,12 @@ cluster_name: cluster.local
# Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
ndots: 2
# Can be dnsmasq_kubedns, kubedns, coredns, coredns_dual, manual or none
-dns_mode: kubedns
+dns_mode: coredns
# Set manual server if using a custom cluster DNS server
#manual_dns_server: 10.x.x.x
# Can be docker_dns, host_resolvconf or none
-resolvconf_mode: docker_dns
+resolvconf_mode: none
# Deploy netchecker app to verify DNS resolve as an HTTP service
deploy_netchecker: false
# Ip address of the kubernetes skydns service
@@ -139,7 +139,7 @@ helm_deployment_type: host
k8s_image_pull_policy: IfNotPresent
# audit log for kubernetes
-kubernetes_audit: false
+kubernetes_audit: true
# dynamic kubelet configuration
dynamic_kubelet_configuration: false
@@ -167,7 +167,7 @@ podsecuritypolicy_enabled: false
# A comma separated list of levels of node allocatable enforcement to be enforced by kubelet.
# Acceptable options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "".
-# kubelet_enforce_node_allocatable: pods
+kubelet_enforce_node_allocatable: pods
## Supplementary addresses that can be added in kubernetes ssl keys.
## That can be useful for example to setup a keepalived virtual IP
diff --git a/inventory/sample/hosts.ini b/inventory/sample/hosts.ini
index 8e32a3a7..055483f9 100644
--- a/inventory/sample/hosts.ini
+++ b/inventory/sample/hosts.ini
@@ -1,32 +1,14 @@
-# ## Configure 'ip' variable to bind kubernetes services on a
-# ## different ip than the default iface
-# ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.
[all]
-# node1 ansible_host=95.54.0.12 # ip=10.3.0.1 etcd_member_name=etcd1
-# node2 ansible_host=95.54.0.13 # ip=10.3.0.2 etcd_member_name=etcd2
-# node3 ansible_host=95.54.0.14 # ip=10.3.0.3 etcd_member_name=etcd3
-# node4 ansible_host=95.54.0.15 # ip=10.3.0.4 etcd_member_name=etcd4
-# node5 ansible_host=95.54.0.16 # ip=10.3.0.5 etcd_member_name=etcd5
-# node6 ansible_host=95.54.0.17 # ip=10.3.0.6 etcd_member_name=etcd6
-
-# ## configure a bastion host if your nodes are not directly reachable
-# bastion ansible_host=x.x.x.x ansible_user=some_user
+node1 ansible_host=10.50.61.199 ansible_ssh_port=34 ansible_ssh_user=core
[kube-master]
-# node1
-# node2
+node1
[etcd]
-# node1
-# node2
-# node3
+node1
[kube-node]
-# node2
-# node3
-# node4
-# node5
-# node6
+node1
[k8s-cluster:children]
kube-master And no logs:
Here is the describes:
The issue is, this toleration is not added: Because the node has the following tolerations:
This is because kubeadm addes the taint. Apparently this task is not run correctly upon provision: https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/master/tasks/kubeadm-setup.yml#L214 @mattymo Is this due to Because I do have this in my play:
|
This is due to kube config is required when remove insecure port. |
Depended PR #3461 was merged. Now this PR cloud be merged. |
Please confirm it still works if #3465 is merged. Especially when |
I confirmed. It worked. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: woopstar The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi,
I send pull request about metrics server. But I wonder whether you prefer include it or not.
IMO, autoscale doesn't work with metrics server and it worth to include main playbook and it worth to include main.
Or should I include it in contrib? I would like to hear your opinion.