Kubernetes - Increase metrics-server resources (cpu/memory)

在 GKE 中,如果 metrics-server 因為資源不足崩潰,可以透過更改 NannyConfiguration 和刪除 Deployment: metric-server 來改善這個問題。

> kubectl top pod
W0309 18:40:25.910477 53595 top_pod.go:274] Metrics not available for pod default/xxxx, age: 536h37m25.91045s
error: Metrics not available for pod default/xxxx, age: 536h37m25.91045s

Environment:

  • Kubernetes: v1.17.15-gke.800

範例

> kubectl apply -f metrics-server-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
addonmanager.kubernetes.io/mode: EnsureExists
kubernetes.io/cluster-service: "true"
name: metrics-server-config
namespace: kube-system
data:
NannyConfiguration: |-
apiVersion: nannyconfig/v1alpha1
kind: NannyConfiguration
baseCPU: 200m
cpuPerNode: 2m
baseMemory: 150Mi
memoryPerNode: 4Mi
> kubectl delete deployment -n kube-system metrics-server-v0.3.6
deployment.apps "metrics-server-v0.3.6" deleted

需要 3-5 分鐘,等待 kube-controller-manager 生效,用新的配置產生 Deployment。

Reference

How I debug a certificate didn't renew

I found out my certificate is expired this morning and it’s not renewed automatically. Here’s how I debug it step by step.

Get certificate status

$ kubectl describe cert -n slack slack-tls
Status:
Conditions:
Last Transition Time: 2020-01-21T04:15:16Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-08-18T01:20:11Z

Try to force certificate renewal

By adding spec.renewBefore to certificate.

kubectl -n <namespace> patch certificate example-certificate --type=merge -p '{"spec":{"renewBefore":"2159h00m00s"}}'

And the order is still invalid.

$ kubectl -n slack get order
NAME STATE AGE
slack-tls-488818493 invalid 11m

So, I try to see if any event happened.

$ kubectl get event -n slack
LAST SEEN TYPE REASON OBJECT MESSAGE
38m Warning PresentError challenge/slack-tls-488818493-0 Error presenting challenge: GoogleCloud API call failed: googleapi: Error 403: Request had insufficient authentication scopes.
More details:
Reason: insufficientPermissions, Message: Insufficient Permission
12m Warning CleanUpError challenge/slack-tls-488818493-0 Error cleaning up challenge: GoogleCloud API call failed: googleapi: Error 403: Request had insufficient authentication scopes.
More details:

Read More

AWS Route 53 - 實測 Geolocation Routing

AWS Route 53 Geolocation Routing 可以根據不同地理位置,回傳不同的 IP,可以用這個功能讓使用者選擇最近的 Data center,或是回傳不同的網站內容。

我們先加入幾組 Record

使用 https://dnschecker.org/ 檢查,可以看到 US, CA 的部分都是顯示 35.186.255.2(NA),其餘的都是 35.186.255.1(Default)

這邊特別設定一個新加坡的 35.186.255.4,也能正確顯示。
其他也都是 35.186.255.1(Default),不過有一個 IONICA LLC 是連到 35.186.255.2(NA)的特例。