metrics-server: HA with 3 masters kubectl top wont work after Custom Metrics API

What happened: kubectl top only work on one master ( HA with 3 masters )

[root@APP198 log]$ kubectl top pod --all-namespaces
error: You must be logged in to the server (Unauthorized)

What you expected to happen: kubectl top to work on all masters like before ( on 3 masters )

How to reproduce it (as minimally and precisely as possible): after installed (Custom Metrics API) kubernetes-incubator/metrics-server kubectl top only works on one master

Environment:

  • Kubernetes version (use kubectl version): v1.10.2
  • Cloud provider or hardware configuration: vmware
  • OS (e.g. from /etc/os-release): centos 7.5
  • Kernel (e.g. uname -a): 3.10.0-862.2.3

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 1
  • Comments: 20 (5 by maintainers)

Most upvoted comments

I confirm that it is not a bug. It works for me when I have the same front-proxy-ca.crt on all master nodes.

+1
zioproto on May 17, 2018

I can manually control which of the 3 APIServers the load balancer sends requests to - after installing the metrics server - one of them ends up working properly (returns 200, vs 401). Have not yet been able to determine WHY it works when the others don’t. I am getting the same error you’re getting from the other 2 - 401 - unauthorized.

+1
pcbentz on May 16, 2018
Read more comments on GitHub
← metrics-server: "Failed to scrape node" "failed parsing metrics: expected timestamp or new record, got MNAME"
metrics-server: how to run metrics-server when apiserver does not have access to pods or services network →