Prometheus学习笔记之微服务kube-state-metrics报错
2023-09-27 14:23:26 时间
0x00 概述
在K8S集群部署kube-state-metrics微服务的时候,发现容器日志不停刷报错日志,主要报错日志如下:
E0824 13:09:36.768882 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list secrets at the cluster scope E0824 13:09:36.742450 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list jobs.batch at the cluster scope E0824 13:09:36.743385 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list poddisruptionbudgets.policy at the cluster scope E0824 13:09:36.568839 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list endpoints at the cluster scope E0824 13:09:36.379898 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list configmaps at the cluster scope E0824 13:09:36.317600 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v2beta1.HorizontalPodAutoscaler: horizontalpodautoscalers.autoscaling is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list horizontalpodautoscalers.autoscaling at the cluster scope E0824 13:09:36.316554 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list statefulsets.apps at the cluster scope E0824 13:09:36.318569 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.CronJob: cronjobs.batch is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list cronjobs.batch at the cluster scope E0824 13:09:35.768772 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list namespaces at the cluster scope E0824 13:09:36.168855 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.PersistentVolume: persistentvolumes is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list persistentvolumes at the cluster scope E0824 13:09:35.742782 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list poddisruptionbudgets.policy at the cluster scope E0824 13:09:35.568827 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list secrets at the cluster scope E0824 13:09:35.741814 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list jobs.batch at the cluster scope E0824 13:09:35.968853 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.PersistentVolumeClaim: persistentvolumeclaims is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list persistentvolumeclaims at the cluster scope E0824 13:09:35.318064 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1beta1.CronJob: cronjobs.batch is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list cronjobs.batch at the cluster scope E0824 13:09:35.368786 1 reflector.go:205] k8s.io/kube-state-metrics/pkg/collectors/builder.go:508: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:monitoring:kube-state-metrics" cannot list endpoints at the cluster scope
发现是kube-state-metrics在集群权限不足;
在github上下载的yaml文件在执行clusterrolebing那一步,并没有给kube-state-metrics提供cluster层级的权限;
0x02 给kube-state-metrics赋权cluster-admin
执行如下命令,给system:serviceaccount:monitoring:kube-state-metrics做clusterrolebing
kubectl create clusterrolebinding kube-state-metrics-admin-binding \
--clusterrole=cluster-admin \
--user=system:serviceaccount:monitoring:kube-state-metrics
相关文章
- 多线程编程学习笔记——任务并行库(一)
- 路由其实也可以很简单-------Asp.net WebAPI学习笔记(一) ASP.NET WebApi技术从入门到实战演练 C#面向服务WebService从入门到精通 DataTable与List<T>相互转换
- Dubbo -- 系统学习 笔记 -- 示例 -- 服务分组
- kali 服务篇-nginx 反向代理 学习笔记
- kali 服务篇-Apache服务 学习笔记
- 机器学习笔记之近似推断(二)推断的核心思想
- 机器学习笔记——极大似然估计与最大后验概率估计
- UBOOT启动流程——向量表重定位、命令处理——学习笔记
- 从阿里出发!看 P8 架构师手打 800 页微服务深度解析笔记,感觉我格局太小
- SQL笔记
- HTTP 笔记与总结(1 )Telnet 分别发送 HTTP GET 和 HTTP POST 请求
- Spring Cloud 微服务架构学习笔记与示例
- Dynamic CRM 2015学习笔记(4)修改开发人员资源(发现服务、组织服务和组织数据服务)url地址及组织名
- Dynamic CRM 2013学习笔记(二十二)插件里调用WCF服务
- Dynamic CRM 2013学习笔记 系列汇总
- Vue外卖项目笔记(一)
- ROS Noetic入门笔记(五)创建ROS话题消息(msg)和服务数据(srv)
- 《RefineDet:Single-Shot Refinement Neural Network for Object Detection》论文笔记