-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X509 certificate issue #292
Comments
Ok, so here's my research when I encountered the same issue: K3S has the following API-server flag (default): I'm 'guessing' this is a cluster role but I'm not 100% sure yet since it doesn't exist within the K3S cluster by default. Looking at the logs I found that basically the API server is complaining that the CN in the TLS-cert used to identify the Anyhow, the quick fix is as follows:
Then run You should now see this setting pop-up in when you run: Now all you have to do is kill/restart your metrics-server pod, wait for a few minutes for it to scrape metrics (by default every 60s), and you should now be able to run Since this is good enough for me I'll leave it here, but I am damn curious as to why/how it's using |
Thanks for your clear answer, it did the tricks! |
I am able to start metric-server on my cluster, however when trying to access the logs with
kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"
I get:error: You must be logged in to the server (Unauthorized)
the logs inside metrics server pods are like this:
Can it be a simple RBAC misconfiguration at some point?
Setting up --kubelet-insecure-tls does'nt help
I am using k3s version 0.7.0 on baremetals server running Ubuntu at Scaleway
The text was updated successfully, but these errors were encountered: