-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EKS] unable to fetch metrics from Kubelet #129
Comments
Nevermind, this was an issue with my VPC DNS resolution |
Same here, I have manually set Image to But,
And HPA is still showing
|
I am also still unable to get HPA working. I ran |
Figured out my issue -- my worker node security group was misconfigured. I had to add an inbound rule to allow HTTPS (port 443) traffic from the control plane security group. |
I just added incoming 443 from CONTROLE PLANE SECURITY GROUP and looks like it's working now. Thanks @sc-rz |
The solution proposed by @MIBc works. Change the metrics-server-deployment.yaml file and add: command: |
hi boss! my metrics-server pod hava the same as error information: E1026 07:37:04.007899 1 reststorage.go:144] unable to fetch pod metrics for pod dev-java/csg-application-68584c6b66-c65k9: no metrics known for pod How did you solve it?! |
Thanks @LucasSales, this ended up fixing the issue for me as well. It looks like port 443 has since been added to the needed SGs, but I was still getting the following error in my metrics-server:
Adding the command above works. Not sure if the root issue is related to CNI or something else. Would be curious to know if anyone else hits this. FWIW, my cluster was manually set up (still in early POC phase) and was built per the current AWS Getting Started docs. |
stuck with this issue over a week..tried all the above ..tried @LucasSales approach but that gives certificate error saying not created for that host ip, and my host would be changing in my cluster . port 443 is opened though ..not sure why everybody is talking about that |
@kiahmed basically, you need to tell metrics-server to connect to your pods using a name or address that it can actually look up. So, by saying InternalIP, you're telling metrics-server to not use hostnames, but instead use the internal IP address of the node. However, if your serving certificates on the Kubelet aren't valid for that IP, you'll get a certificate error. |
--kubelet-insecure-tls did the job which is okay for now for dev cluster, but even in prod api would be getting access under k8 main apiserver anyway and it has its own CA and validation, so does it really matter? |
metrics-server doesn't talk to the nodes via the main API server -- it talks to them directly. Using |
I think I hit this issue as well, and it wasn't clear to me how VPC settings could break metrics server, besides NACLs.
|
I am getting following error.E1214 06:23:17.408800 1 manager.go:102] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:ip-10-0-3-12.ec2.internal: unable to fetch metrics from Kubelet ip-10-0-3-12.ec2.internal (ip-10-0-3-12.ec2.internal): Get https://ip-10-0-3-12.ec2.internal:10250/stats/summary/: dial tcp: i/o timeout, unable to fully scrape metrics from source kubelet_summary:ip-10-0-1-54.ec2.internal: unable to fetch metrics from Kubelet ip-10-0-1-54.ec2.internal (ip-10-0-1-54.ec2.internal): Get https://ip-10-0-1-54.ec2.internal:10250/stats/summary/: dial tcp: i/o timeout] When I did curl to https://ip-10-0-3-12.ec2.internal:10250/stats/summary/ it gives me following.SSL certificate problem: unable to get local issuer certificate |
I have same issue. |
Hi guys, I'm running NAMESPACE NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
datateam hpa1 Deployment/hpa1 15%/75% 2 10 2 3h
default hpa2 Deployment/hpa2 1%/75% 2 10 2 21d
default hpa3 Deployment/hpa3 596%/75% 2 10 4 20d
nginx-ingress nginx-ingress-controller Deployment/nginx-ingress-controller <unknown>/50%, <unknown>/50% 3 11 3 50m The one that is not working is another helm chart stable/nginx-ingress. I have tried with
kubectl top pods -n nginx-ingress [19:17:34]
NAME CPU(cores) MEMORY(bytes)
nginx-ingress-controller-6c54d8d8fd-hbnmf 3m 77Mi
nginx-ingress-controller-6c54d8d8fd-m8jb8 3m 76Mi
nginx-ingress-controller-6c54d8d8fd-xvm5d 4m 76Mi
nginx-ingress-default-backend-544cfb69fc-7zvnw 1m 2Mi Let me know if you need more info, thanks. Update:I got resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi |
I had the same issue. This solved my problem: https://stackoverflow.com/q/54106725/2291510 |
See: kubernetes-sigs/metrics-server#129 kubernetes-sigs/metrics-server#131 Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
@kiahmed and @DirectXMan12 |
Is necessary add the resources |
Had same problem. Solved it with this command:
|
Thank you so much, that was it, networking/firewall issue |
Hi,
I am testing the recently released HPA on Amazon's EKS but running into an issue where it's failing to ping the node.
(actual IP redacted)
I am using v0.3 after running
kubectl apply -f metrics-server/deploy/1.8+/
on commit 931ef84Do i need to configure something?
Thanks
The text was updated successfully, but these errors were encountered: