Docker Desktop Kubernetes 환경 metrics-server 설치 : CPU, Memory 사용량 확인

■ 클러스터 리소스 사용량 확인

• 각 노드 자원 사용량
  

  $ k top node
  NAME             CPU(cores)   CPU(%)   MEMORY(bytes)   MEMORY(%)
  docker-desktop   837m         2%       15177Mi         63%

• POD 자원 사용량

  kubectl top pod egov-search-5bb66cb58f-bppwf -n egov-app
  NAME                           CPU(cores)   MEMORY(bytes)
  egov-search-5bb66cb58f-bppwf   264m         2906Mi
  

■ metrics-server 설치방법

• metrics-server 설치

  kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
  

■ metrics-server 후 오류 발생 조치방법

• metrics-server pod 오류

  kubectl logs pod/metrics-server-54bf7cdd6-8b5kv -n kube-system
  I0619 08:47:00.997469       1 serving.go:374] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key)
  I0619 08:47:01.161902       1 handler.go:275] Adding GroupVersion metrics.k8s.io v1beta1 to ResourceManager
  E0619 08:47:01.264659       1 scraper.go:149] "Failed to scrape node" err="Get \"https://192.168.65.3:10250/metrics/resource\": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs" node="docker-desktop"
  I0619 08:47:01.265592       1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
  I0619 08:47:01.265627       1 shared_informer.go:311] Waiting for caches to sync for RequestHeaderAuthRequestController
  I0619 08:47:01.265669       1 configmap_cafile_content.go:202] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
  I0619 08:47:01.265708       1 shared_informer.go:311] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
  I0619 08:47:01.265799       1 dynamic_serving_content.go:132] "Starting controller" name="serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key"
  I0619 08:47:01.265808       1 configmap_cafile_content.go:202] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
  I0619 08:47:01.265859       1 shared_informer.go:311] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
  I0619 08:47:01.265892       1 secure_serving.go:213] Serving securely on [::]:10250
  I0619 08:47:01.265917       1 tlsconfig.go:240] "Starting DynamicServingCertificateController"
  I0619 08:47:01.365764       1 shared_informer.go:318] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
  I0619 08:47:01.365772       1 shared_informer.go:318] Caches are synced for RequestHeaderAuthRequestController
  I0619 08:47:01.365924       1 shared_informer.go:318] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
  E0619 08:47:16.264986       1 scraper.go:149] "Failed to scrape node" err="Get \"https://192.168.65.3:10250/metrics/resource\": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs" node="docker-desktop"
  I0619 08:47:23.264671       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  E0619 08:47:31.262545       1 scraper.go:149] "Failed to scrape node" err="Get \"https://192.168.65.3:10250/metrics/resource\": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs" node="docker-desktop"
  I0619 08:47:33.264361       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  I0619 08:47:43.265207       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  E0619 08:47:46.266463       1 scraper.go:149] "Failed to scrape node" err="Get \"https://192.168.65.3:10250/metrics/resource\": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs" node="docker-desktop"
  I0619 08:47:53.263365       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  E0619 08:48:01.266092       1 scraper.go:149] "Failed to scrape node" err="Get \"https://192.168.65.3:10250/metrics/resource\": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs" node="docker-desktop"
  I0619 08:48:03.263212       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  I0619 08:48:09.276279       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  I0619 08:48:13.263953       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
  E0619 08:48:16.262504       1 scraper.go:149] "Failed to scrape node" err="Get \"https://192.168.65.3:10250/metrics/resource\": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs" node="docker-desktop"
  I0619 08:48:23.262230       1 server.go:191] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"

  

• 치방법
  1. Metrics Server 수정:

  kubectl edit deployment metrics-server -n kube-system
  

  2. `spec.template.spec.containers[0].args` 항목에 다음을 추가
  

  - --kubelet-insecure-tls
  

  
  전체 예시:
  

  containers: 
  - name: metrics-server
    image: k8s.gcr.io/metrics-server/metrics-server:v0.6.3
    args: 
      - --cert-dir=/tmp
      - --secure-port=4443
      - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
      - --kubelet-use-node-status-port
      - --kubelet-insecure-tls   # ← 여기에 추가