Comments (8)
It's highly encouraged to use https for inter cluster communication and even more so to access your cluster. It seems that you are not distributing correct certificates for your cluster components (or they might be generating certs on the fly), which is why you are getting those errors.
kube-state-metrics expects a functioning ServiceAccount setup, which means that the Pod gets a bearer token and a ca cert mounted that it validates cluster communication certificates against.
from kube-state-metrics.
@lesterwang Seems that you're using https for your apiserver with a self-signed CA which can not be handled by default golang http client.
from kube-state-metrics.
BTW, you should format your code and error log according to markdown for readability.
from kube-state-metrics.
This seems to be a problem with how your cluster is handling ServiceAccounts. kube-state-metrics simply uses the in cluster client configuration which is guaranteed to work.
from kube-state-metrics.
@andyxning @brancz when I create the kube-state-metrics pod, I use
kubectl -s http://{{apiserver}} create -f ...
I don't know why kube-state-metrics still use the https, I will investigate more.
Sometime I restart the kubernetes node, the kube-state-metrics can running well, sometime not. Even it works well, I can see many log like this
E0504 00:59:53.226610 1 reflector.go:199] k8s.io/kube-state-metrics/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1beta1.ReplicaSet: Get https://10.253.0.1:443/apis/extensions/v1beta1/replicasets?resourceVersion=0: x509: certificate signed by unknown authority
E0504 00:59:53.348348 1 reflector.go:199] k8s.io/kube-state-metrics/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1beta1.Deployment: Get https://10.253.0.1:443/apis/extensions/v1beta1/deployments?resourceVersion=0: x509: certificate signed by unknown authority
E0504 00:59:53.872967 1 reflector.go:199] k8s.io/kube-state-metrics/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1beta1.DaemonSet: Get https://10.253.0.1:443/apis/extensions/v1beta1/daemonsets?resourceVersion=0: x509: certificate signed by unknown authority
I will check my kuberneter cluster configuration
from kube-state-metrics.
I add the --apiserver
args to the container, then no error happens, seems the default apiserver argument can't access the kubernetes cluster
from kube-state-metrics.
@lesterwang can you share the container yaml where you added the 11apiserver arg
from kube-state-metrics.
@lesterwang can you share the container yaml where you added the 11apiserver arg
sorry, I can't find it.
from kube-state-metrics.
Related Issues (20)
- Need help to troubleshoot/understand issue with KSM pods HOT 2
- Wanted to know the ETA or date for next version release as that has some security vulnerability fixes HOT 3
- Some job metrics are missing if job has no conditions HOT 4
- Duplicate sample for ingress path metrics HOT 2
- Duplicate samples for customResourceState metrics HOT 3
- Support for Gateway API metrics HOT 1
- kube-state-metrics doesn't produce metric for Custom Resources HOT 3
- Version is not applied to the container release binary HOT 2
- Version info missing in v2.13.0 HOT 2
- kube-state-metrics jsonnet format wrong HOT 4
- Use PartialObjectMetadata for ConfigMaps and Secrets HOT 1
- `CustomResourceState` does not produce metrics for the aggregation layer if there is no `CustomResourceDefinition` defined HOT 1
- Add metric(s) for KSM errors HOT 2
- Metric "kube_node_role" missing (AKS) HOT 3
- Amazon Managed Service for Prometheus DataSource not recognized when importing HOT 1
- CustomResourceDefinitions status fields cause spam of errors that cannot be fixed HOT 3
- Add Storage Capacity metrics HOT 1
- labels_allow_list and annotations_allow_list wildcards clobber resource specific configuration HOT 1
- Support for VolumeSnapshot metrics HOT 1
- Export pod ephemeral PVCs metrics HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-state-metrics.