Kubernetes Metrics Server Problem

Kubernetes Metrics Server Problem

A simple fix for something quite annoying. I set up HPA on some deployments and it did not work.

HPA uses the metrics-server to decide when to scale a deployment, but the logs for the metrics-server pod were saying:

unable to fully collect metrics: unable to fully scrape metrics from source kubelet_summary:kube: unable to fetch metrics from Kubelet kube (kube): Get https://kube:10250/stats/summary/: x509: certificate signed by unknown authority

I have seen this on Kubernetes 1.10 at work, and 1.12 and 1.13 in my lab, so it is an on-going problem. Basically it was missing the CA certificate. The correct fix is to add this certificate into the metrics-server pod. However, for now, I have not investigated where that is. My dirty fix is to install the metrics-server Helm chart with the following values file:

  - --kubelet-insecure-tls

This is the equivalent of add -k to a curl command - it will ignore the CA problem. Given this is purely internal traffic I am not overly concerned. Proper fix in the comments would be welcome however.