Skip to content

jenting/secure-metrics-server

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secure metrics server

Official metrics-server deploys onto Kubernetes is insecure.

This repo provides a way to generate metrics-server server certificate and key by Kubernetes CA. Then, deploys metrics-server in secure.

Prerequisite

Demo

KIND

  1. Clone upstream metrics-server manifests.

    At here, we clone the current latest metrics-server tag v0.4.1, you could switch to your preferred metrics-server release version.

    git clone -b v0.4.1 [email protected]:kubernetes-sigs/metrics-server.git
    cd metrics-server/manifests
    git clone [email protected]:jenting/secure-metrics-server.git
    cd secure-metrics-server
  2. Copy the Kubernetes CA certificate from remote machine to local machine.

    NODE_NAME=`kind get nodes`
    CONTAINER_ID=`docker ps --filter "name=$NODE_NAME" -q`
    docker cp $CONTAINER_ID:/etc/kubernetes/pki/ca.crt kubernetes-ca.crt
  3. Run generate secure metrics-server patch manifests.

    ./secure-metrics-server.sh
  4. Apply the kustomization.yaml file

    cd ../
    kustomize build secure-metrics-server | kubectl apply -f -
  5. Check the metrics-server bahavior

    kubectl top nodes
    kubectl top pods

About

Deploy Kubernetes metrics-server in secure

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages