问题
I am trying to deploy heapster in a cluster and collect metrics and store it in Influxdb. I can provide sink for Influxdb. But I am not sure how to provide the value for --source flag to connect to the secured kube API server. Can someone help me to find out this.
Note: I am trying to deploy heapster in the same cluster where the kube API server is running.
Thanks in advance.
回答1:
I use heapster with parameter
--source=kubernetes:http://kubernetes.default?inClusterConfig=false&insecure=true&auth=/etc/kubernetes/admin.conf
inClusterConfig=falsemeans I don't use serviceaccount in cluster.insecure=truemeans I trust ApiServer in this cluster.- Most importantly,
auth=/etc/kubernetes/admin.confis the auth config when try to connect to ApiServer, this is the same kubeconfig your kubectl/kubelet use. You can mount this config into heapster pod using Configmap or normal Volume.
More source configuration, you can ref here
回答2:
I found out the solution for this. The parameter that I am using is
--source=kubernetes:https://masterIP?auth=/var/lib/kube-proxy/kubeconfig&apiVersion=v1
--sink=influxdb:http://influxdbIP:8086?user=xxx&pw=xxx&db=xxx
I mounted /var/lib/kube-proxy/kubeconfig to the heapster container which is used by the kube-proxy and now the heapster can talk to the secured API server.
Also I changed the heapster image to gcr.io/google_containers/heapster:v1.2.0
Note: InfluxDB must be of the latest version in order to make this work. I am using v1.2
I am not sure if this is the right method. But it works out for me.
Thank you for all responses.
来源:https://stackoverflow.com/questions/43731637/provide-authentication-for-heapster-to-connect-to-secured-kube-api-server-in-gke