IMPORTANT: metrics-server is included by default in custom clusters in Rancher v2.0.7 and higher, these steps are not needed when clusters are created using Rancher v2.0.7 or higher.
kube_api:
pod_security_policy: false
extra_args:
requestheader-client-ca-file: "/etc/kubernetes/ssl/kube-ca.pem"
requestheader-extra-headers-prefix: "X-Remote-Extra-"
requestheader-group-headers: "X-Remote-Group"
requestheader-username-headers: "X-Remote-User"
proxy-client-cert-file: "/etc/kubernetes/ssl/kube-proxy.pem"
proxy-client-key-file: "/etc/kubernetes/ssl/kube-proxy-key.pem"
kubelet:
extra_args:
authentication-token-webhook: "true"
This will be properly fixed in rancher/rancher#13745, until then, you can enable it by re-using the kube-proxy
certificate.
curl -s 'https://your_rancher_server/v3/cluster' -H 'content-type: application/json' -H "Authorization: Bearer your_bearer_token" --insecure --data-binary '{ "type": "cluster", "googleKubernetesEngineConfig": null, "name": "metrics", "rancherKubernetesEngineConfig": { "ignoreDockerVersion": true, "sshAgentAuth": false, "type": "rancherKubernetesEngineConfig", "kubernetesVersion": "v1.10.1-rancher1", "authentication": { "type": "authnConfig", "strategy": "x509" }, "network": { "type": "networkConfig", "plugin": "canal" }, "ingress": { "type": "ingressConfig", "provider": "nginx" }, "services": { "type": "rkeConfigServices", "kubeApi": { "podSecurityPolicy": false, "type": "kubeAPIService", "extraArgs": { "requestheader-client-ca-file": "/etc/kubernetes/ssl/kube-ca.pem", "requestheader-extra-headers-prefix": "X-Remote-Extra-", "requestheader-group-headers": "X-Remote-Group", "requestheader-username-headers": "X-Remote-User", "proxy-client-cert-file": "/etc/kubernetes/ssl/kube-proxy.pem", "proxy-client-key-file": "/etc/kubernetes/ssl/kube-proxy-key.pem" } }, "kubelet": { "type": "KubeletService", "extraArgs": { "authentication-token-webhook": "true" } }, "etcd": { "type": "etcdService", "extraArgs": { "heartbeat-interval": 500, "election-timeout": 5000 } } } }, "id": "" }'
- Go to Edit Cluster and run execute the
docker run
command to add a node.
# Clone repository
git clone -b rancher https://github.com/superseb/metrics-server
kubectl create -f metrics-server/deploy/1.8\+/
# Checklogs
kubectl logs -n kube-system -l k8s-app=metrics-server
...
I0604 18:14:55.768105 1 serve.go:85] Serving securely on 0.0.0.0:443
kubectl top nodes
only works with kubectl 1.10 and higher (kubernetes/kubernetes#59438). So use kubectl 1.10 and run kubectl top nodes
.
Or via kubectl raw
kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes" | jq
If you want to use RKE to deploy, you can add:
services:
kube-api:
image: rancher/hyperkube:v1.10.1-rancher2
extra_args:
requestheader-client-ca-file: /etc/kubernetes/ssl/kube-ca.pem
requestheader-extra-headers-prefix: X-Remote-Extra-
requestheader-group-headers: X-Remote-Group
requestheader-username-headers: X-Remote-User
proxy-client-cert-file: /etc/kubernetes/ssl/kube-proxy.pem
proxy-client-key-file: /etc/kubernetes/ssl/kube-proxy-key.pem
kubelet:
image: rancher/hyperkube:v1.10.1-rancher2
extra_args:
authentication-token-webhook: true