Comments (8)
It's highly encouraged to use https for inter cluster communication and even more so to access your cluster. It seems that you are not distributing correct certificates for your cluster components (or they might be generating certs on the fly), which is why you are getting those errors.
kube-state-metrics expects a functioning ServiceAccount setup, which means that the Pod gets a bearer token and a ca cert mounted that it validates cluster communication certificates against.
from kube-state-metrics.
@lesterwang Seems that you're using https for your apiserver with a self-signed CA which can not be handled by default golang http client.
from kube-state-metrics.
BTW, you should format your code and error log according to markdown for readability.
from kube-state-metrics.
This seems to be a problem with how your cluster is handling ServiceAccounts. kube-state-metrics simply uses the in cluster client configuration which is guaranteed to work.
from kube-state-metrics.
@andyxning @brancz when I create the kube-state-metrics pod, I use
kubectl -s http://{{apiserver}} create -f ...
I don't know why kube-state-metrics still use the https, I will investigate more.
Sometime I restart the kubernetes node, the kube-state-metrics can running well, sometime not. Even it works well, I can see many log like this
E0504 00:59:53.226610 1 reflector.go:199] k8s.io/kube-state-metrics/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1beta1.ReplicaSet: Get https://10.253.0.1:443/apis/extensions/v1beta1/replicasets?resourceVersion=0: x509: certificate signed by unknown authority
E0504 00:59:53.348348 1 reflector.go:199] k8s.io/kube-state-metrics/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1beta1.Deployment: Get https://10.253.0.1:443/apis/extensions/v1beta1/deployments?resourceVersion=0: x509: certificate signed by unknown authority
E0504 00:59:53.872967 1 reflector.go:199] k8s.io/kube-state-metrics/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1beta1.DaemonSet: Get https://10.253.0.1:443/apis/extensions/v1beta1/daemonsets?resourceVersion=0: x509: certificate signed by unknown authority
I will check my kuberneter cluster configuration
from kube-state-metrics.
I add the --apiserver
args to the container, then no error happens, seems the default apiserver argument can't access the kubernetes cluster
from kube-state-metrics.
@lesterwang can you share the container yaml where you added the 11apiserver arg
from kube-state-metrics.
@lesterwang can you share the container yaml where you added the 11apiserver arg
sorry, I can't find it.
from kube-state-metrics.
Related Issues (20)
- Pod readiness metrics, part 2 HOT 3
- Twistlock PRISMA-2022-0227 HOT 4
- endpointslice metrics do not set namespace label HOT 2
- When collecting indicators kube_persistentvolume_info, it will fail HOT 7
- kube-state-metrics - write: broken pipe HOT 26
- Take field modifications into account in CRS configurations HOT 1
- Unable to opt in service account metrics with cli HOT 1
- I would like to calculate the duration for which certain pods are running HOT 1
- Kubernetes-Security-Slam-2023 HOT 10
- Add a workflow for release HOT 2
- SLSA Attestation to be generated with new releases. HOT 8
- Pod ready time HOT 4
- `kube_persistentvolume_*` and `kube_persistentvolumeclaim_*` should expose the volume name under the same label HOT 5
- Update kube-state-metrics helm chart to v2.0 HOT 2
- Timeline for a release of Kube State Metrics that uses v1.28 of the Kubernetes client-go package? HOT 3
- If a container doesn't have cpu limits, kube_pod_resource_limit reports the init-container limit HOT 4
- CustomResource: no metrics if CRD apply after ksm starts HOT 7
- kube_namespace_labels not exported after upgrading from 2.9.2 to 2.10.1 HOT 7
- Kube-state-metrics 20x spikes in memory usage at restart HOT 5
- Reconsider Stable Metrics Approach via CLI flag HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-state-metrics.