apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
  labels:
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/version: v1.9.4
  name: kube-state-metrics
  resourceVersion: "338724"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/kube-state-metrics
  uid: be243ec7-20c6-49d7-8980-d660a9b5a22d
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - secrets
  - nodes
  - pods
  - services
  - resourcequotas
  - replicationcontrollers
  - limitranges
  - persistentvolumeclaims
  - persistentvolumes
  - namespaces
  - endpoints
  verbs:
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - daemonsets
  - deployments
  - replicasets
  - ingresses
  verbs:
  - list
  - watch
- apiGroups:
  - apps
  resources:
  - statefulsets
  - daemonsets
  - deployments
  - replicasets
  verbs:
  - list
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - list
  - watch
- apiGroups:
  - autoscaling
  resources:
  - horizontalpodautoscalers
  verbs:
  - list
  - watch
- apiGroups:
  - authentication.k8s.io
  resources:
  - tokenreviews
  verbs:
  - create
- apiGroups:
  - authorization.k8s.io
  resources:
  - subjectaccessreviews
  verbs:
  - create
- apiGroups:
  - policy
  resources:
  - poddisruptionbudgets
  verbs:
  - list
  - watch
- apiGroups:
  - certificates.k8s.io
  resources:
  - certificatesigningrequests
  verbs:
  - list
  - watch
- apiGroups:
  - storage.k8s.io
  resources:
  - storageclasses
  - volumeattachments
  verbs:
  - list
  - watch
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - mutatingwebhookconfigurations
  - validatingwebhookconfigurations
  verbs:
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - networkpolicies
  verbs:
  - list
  - watch
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - list
  - watch

hongming 解决了什么原因不太清楚,kubersphere用的这个kubesphere-kube-state-metrics clusterRole

    4 年 后
    5 天 后

    ulcadmin
    pod 监控没有数据检查下 kubelet的 cadvisor 指标暴露是否正常,可以将 Prometheus 对外暴露,查看下 Prometheus console 的 target 中是否有 unhealthy 的 target,可以尝试重启下对应节点 kubelet 试下

        frezes 这个我暴露了 但是没找到你说的cadvisor指标,其他的都是正常的,没有unhealthy 的 target

            frezes

            那是有的 有很多 我ks界面上是有些pod有监控数据,大部分没

            之前都是正常的,重启过机器后成这样了,但是节点监控是正常的

                ulcadmin
                你看下没有Pod 监控的节点,将 node 过滤条件加上 node=“xxx”,是不是这些节点没有对应指标?

                    frezes 三个节点是有数据返回的,我找了两个不显示监控的pod,发现也是有数据返回

                        ulcadmin
                        同步下 Kubesphere 版本,我们用页面调用的PromQL 看下是哪里有问题