The Issue
Whilst trying to install the Metric’s server:
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
so I could use kubectl top node
for it’s metrics on Node resource useage, I found the pods were not loading, and upon inspection found the following:
> kubectl logs -n kube-system metrics-server-6f6cdbf67d-v6sbf
I0717 12:19:32.132722 1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
E0717 12:19:39.159422 1 scraper.go:140] "Failed to scrape node" err="Get \"https://192.168.49.2:10250/metrics/resource\": x509: cannot validate certificate for 192.168.49.2 because it doesn't contain any IP SANs" node="minikube"
The Cause
The issue here was due to the installation of Cert-Manager and setting up some TLS configurations within the CNI and Self-Signed certificates, the metric’s server wasn’t able to validate the authority of the Kubernetes API
The Fix
As this is communication within the cluster, I could simply fix this by telling Metric Server container to trust the insecure certificates from the API using the below
kubectl patch
command:
kubectl patch deployment metrics-server -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'
Regards
The post Kubernetes Metric Server – cannot validate certificate because it doesn’t contain any IP SANs appeared first on vEducate.co.uk.
Top comments (0)