Can't access default k3s metrics server from Prometheus-Adapter #6263
Comments
I'm not sure where you got this group from? Metrics-server uses the "metrics.k8s.io" group. brandond@dev01:~$ kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k3s-server-1 Ready control-plane,master 2m43s v1.24.6+k3s1 172.17.0.2 <none> K3s dev 5.19.0-1005-aws containerd://1.6.8-k3s1
brandond@dev01:~$ kubectl api-resources --api-group=metrics.k8s.io
NAME SHORTNAMES APIVERSION NAMESPACED KIND
nodes metrics.k8s.io/v1beta1 false NodeMetrics
pods metrics.k8s.io/v1beta1 true PodMetrics
brandond@dev01:~$ kubectl get PodMetrics -A -o wide
NAMESPACE NAME CPU MEMORY WINDOW
kube-system coredns-b96499967-4mcmc 1310411n 13456Ki 17s
kube-system local-path-provisioner-7b7dc8d6f5-s64dp 264u 6964Ki 14s
kube-system metrics-server-668d979685-29p2r 3645952n 17948Ki 21s
kube-system svclb-traefik-8443bdc1-tc94w 0 580Ki 17s
kube-system traefik-7cd4fcff68-bv9ph 165933n 19116Ki 15sIf these commands don't work for you, check the metrics-server pod logs to see why it's failing to collect metrics from your nodes. |
|
@brandond I installed https://github.com/kubernetes-sigs/prometheus-adapter inside the cluster |
|
Ok? I'm not sure how to help with that, as it's not something we package. From the error it sounds like maybe you need to disable certificate validation or something so that it can talk to the metrics server? |
|
The endpoint registered and HPA can access Prometheus-Adapter but only Prometheus-Adapter is not able to access metrics server although it has the required permission. |
The metrics-server pod just uses a self-signed certificate, and the apiserver does not validate that certificate when connecting to it. Have you tried disabling certificate validation on the adapter, as I suggested above?
Where did you use this certificate? On the metrics-server, or on your adapter? The problem is the cert on the metrics-server; telling the adapter not to check it is probably the easiest fix... |
|
I created certs for the Prometheus-Adapter as I thought metrics-server certificate are signed by the cluster signer. and my and then I created a tls secret and mount to Prometheus-Adapter. |
No, as I said above it uses a self-signed cert. Certificate validation is already disabled for the metrics-server's core use in providing metrics for the cluster autoscaler and |
|
Unfortunately, adapter provides no option to disable certs verification. |
|
The README for prometheus-adapter indicates that it can be used to replace the default metrics-server. I'm confused why you're trying to get the adapter to pull stats from the metrics-server when it appears it serves the same purpose, and could replace it. What is your end goal in linking the two? |
|
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 180 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. |
|
Closing this as it's stale, and the component isn't within our scope. |
I have installed Prometheus-adapter along with the default metrics-server that comes with k3s securely on port 4443.
Unfortunately, I get no resources when I query custom.metrics.k8s.io
When I look at the logs of Prometheus-adapter I get unable to update list of all metrics:
unable to fetch metrics for query ...: x509: certificate is valid for localhost, localhost, not metrics-server.kube-systemI have also added
ClusterRoleBindingforsystem:aggregated-metrics-readerrole but no differenceMy k3s version: v1.24.6+k3s1
The text was updated successfully, but these errors were encountered: