Horizontal Pod Autoscale

3/27/2019

I install kubernetes on 4 CentOS node. 1 master and three worker.after that i want to autoscale my pod .as i know heapster is deprecated so i install metric server

git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@ip-10-0-1-91 1.8+]# kubectl apply -f aggregated-metrics-reader.yaml 
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f auth-reader.yaml 
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f auth-delegator.yaml 
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f metrics-apiservice.yaml 
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f resource-reader.yaml 
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f metrics-server-deployment.yaml 
serviceaccount/metrics-server created
deployment.extensions/metrics-server created
[root@ip-10-0-1-91 1.8+]# kubectl apply -f metrics-server-service.yaml 
service/metrics-server created

but when i get log of metrics-server i get this

kubectl -n kube-system logs metrics-server-55d46868d4-9649g
I0327 07:53:03.900200       1 serving.go:273] Generated self-signed cert (apiserver.local.config/certificates/apiserver.crt, apiserver.local.config/certificates/apiserver.key)
W0327 07:53:34.327373       1 authentication.go:245] Unable to get configmap/extension-apiserver-authentication in kube-system.  Usually fixed by 'kubectl create rolebinding -n kube-system ROLE_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA'
Error: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication: dial tcp 10.96.0.1:443: i/o timeout
Usage:
   [flags]

and the kube-apiserver has this log

http: TLS handshake error from 192.168.122.29:41366: remote error: tls: bad certificate
-- yasin lachini
kubernetes

1 Answer

3/27/2019

The issue with your setup is it can't connect to kubelet. You need to change the metrics-server-deployment.yaml file in deploy/1.8+ folder

In containers section, you need to allow insecure-tls. Please add the following section:

containers:
   - command:
     - /metrics-server
     - --metric-resolution=30s
     - --kubelet-insecure-tls
     - --kubelet-preferred-address-types=InternalIP

Following is full metrics-server-deployment.yaml file, you can replace the full file with following:

apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: metrics-server
   namespace: kube-system
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: metrics-server
   namespace: kube-system
   labels:
     k8s-app: metrics-server
 spec:
   selector:
     matchLabels:
       k8s-app: metrics-server
   template:
     metadata:
       name: metrics-server
       labels:
         k8s-app: metrics-server
     spec:
       serviceAccountName: metrics-server
       volumes:
       # mount in tmp so we can safely use from-scratch images and/or read-only containers
       - name: tmp-dir
         emptyDir: {}
       containers:
       - command:
         - /metrics-server
         - --metric-resolution=30s
         - --kubelet-insecure-tls
         - --kubelet-preferred-address-types=InternalIP
         name: metrics-server
         image: k8s.gcr.io/metrics-server-amd64:v0.3.1
         imagePullPolicy: Always
         volumeMounts:
         - name: tmp-dir
           mountPath: /tmp

Now create the metrics-server-deployment again with the new file and it should work.

-- Prafull Ladha
Source: StackOverflow