Official metrics-server deploys onto Kubernetes is insecure.
This repo provides a way to generate metrics-server server certificate and key by Kubernetes CA. Then, deploys metrics-server in secure.
-
Clone upstream metrics-server manifests.
At here, we clone the current latest metrics-server tag
v0.4.1
, you could switch to your preferred metrics-server release version.git clone -b v0.4.1 [email protected]:kubernetes-sigs/metrics-server.git cd metrics-server/manifests git clone [email protected]:jenting/secure-metrics-server.git cd secure-metrics-server
-
Copy the Kubernetes CA certificate from remote machine to local machine.
NODE_NAME=`kind get nodes` CONTAINER_ID=`docker ps --filter "name=$NODE_NAME" -q` docker cp $CONTAINER_ID:/etc/kubernetes/pki/ca.crt kubernetes-ca.crt
-
Run generate secure metrics-server patch manifests.
./secure-metrics-server.sh
-
Apply the kustomization.yaml file
cd ../ kustomize build secure-metrics-server | kubectl apply -f -
-
Check the metrics-server bahavior
kubectl top nodes kubectl top pods