无法在 K8S 集群中创建 Prometheus
[英]Not able to create Prometheus in K8S cluster
问题描述
I'm trying to install Prometheus on my K8S cluster
我正在尝试在我的 K8S 集群上安装 Prometheus
when I run command当我运行命令时
kubectl get namespaces
I got the following namespace:我得到了以下命名空间:
default Active 26h
kube-public Active 26h
kube-system Active 26h
monitoring Active 153m
prod Active 5h49m
Now I want to create the Prometheus via现在我想通过创建普罗米修斯
helm install stable/prometheus --name prom -f k8s-values.yml
and I got error:我得到了错误:
Error: release prom-demo failed: namespaces "default" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "default"
even if I switch to monitoring ns I got the same error,即使我切换到monitoring ns 我也遇到了同样的错误,
the k8s-values.yml look like following k8s-values.yml 如下所示
rbac:
create: false
server:
name: server
service:
nodePort: 30002
type: NodePort
Any idea what could be missing here ?知道这里可能缺少什么吗?
2 个解决方案
解决方案1
4 已采纳 2019-02-04 13:05:25
You are getting this error because you are using RBAC without giving the right permissions.您收到此错误是因为您在使用 RBAC 的情况下没有授予正确的权限。
Give the tiller permissions:授予分蘖权限:
taken from https://github.com/helm/helm/blob/master/docs/rbac.md取自https://github.com/helm/helm/blob/master/docs/rbac.md
Example: Service account with cluster-admin role In rbac-config.yaml:示例:具有 cluster-admin 角色的服务帐户在 rbac-config.yaml 中:
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
Note: The cluster-admin role is created by default in a Kubernetes cluster, so you don't have to define it explicitly.注意:cluster-admin 角色是在 Kubernetes 集群中默认创建的,因此您不必明确定义它。
$ kubectl create -f rbac-config.yaml
serviceaccount "tiller" created
clusterrolebinding "tiller" created
$ helm init --service-account tiller
Create a service account for prometheus:为 prometheus 创建一个服务账户:
Change the value of rbac.create to true :将rbac.create的值更改为true :
rbac:
create: true
server:
name: server
service:
nodePort: 30002
type: NodePort
解决方案2
0 2019-02-04 13:13:23
Look at prometheus operator to spin up all monitoring services from prometheus stack.查看 prometheus operator 以启动 prometheus 堆栈中的所有监控服务。 below link is helpful https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus/manifests以下链接很有帮助https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus/manifests
all the manifests are listed there.所有清单都列在那里。 go through those files and deploy whatever you need to monitor in your k8s cluster浏览这些文件并在 k8s 集群中部署您需要监控的任何内容
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.