Unable to install metrics-server

[weikinhuang]

It seems bootkube does not render a api-server configuration with additional certs to allow api-server proxies. I'm seeing this error when trying to start the metric-server by following the readme at https://github.com/kubernetes-incubator/metrics-server/.

I0717 15:51:18.839494       1 heapster.go:71] /metrics-server --source=kubernetes.summary_api:''
I0717 15:51:18.839554       1 heapster.go:72] Metrics Server version v0.2.1
I0717 15:51:18.839713       1 configs.go:61] Using Kubernetes client with master "https://10.3.0.1:443" and version
I0717 15:51:18.839726       1 configs.go:62] Using kubelet port 10255
I0717 15:51:18.840548       1 heapster.go:128] Starting with Metric Sink
I0717 15:51:24.340589       1 serving.go:308] Generated self-signed cert (apiserver.local.config/certificates/apiserver.crt, apiserver.local.config/certificates/apiserver.key)
F0717 15:51:31.546081       1 heapster.go:97] Could not create the API server: cluster doesn't provide requestheader-client-ca-file

[weikinhuang]

Successfully got it to work by adding these flags to apiserver (kubernetes-sigs/kubespray#2092):

- --proxy-client-cert-file=/etc/kubernetes/secrets/apiserver.crt
- --proxy-client-key-file=/etc/kubernetes/secrets/apiserver.key
- --requestheader-allowed-names=
- --requestheader-client-ca-file=/etc/kubernetes/secrets/ca.crt
- "--requestheader-extra-headers-prefix=X-Remote-Extra-"
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User

And making the following change to metrics-server (kubernetes-sigs/metrics-server#77):

- --source=kubernetes.summary_api:https://kubernetes.default?kubeletHttps=true&kubeletPort=10250&insecure=true

However we might still want to generate new certs for the proxy perhaps?

[redbaron]

It was previously decided so that is a job for kubernetes installer, #978

[weikinhuang]

Fair enough, thanks @redbaron