profile
viewpoint
Paul Brousseau object88 Seattle, WA Working with Dexcare Health.

object88/langd 9

A Language Server Protocol implementation in Go for Go

object88/golang-relay-todo-modern 4

Classic Todo app with React & Relay Modern front end and Golang backend

object88/immutable 2

Experimental: Golang library for immutable collections

object88/golang-relay-treasurehunt 1

A Go/GoLang backed version of the Relay Treasure Hunt

LaurieLinz/collaborative_code_problems 0

Working together to solve code problems. Any language.

object88/bb 0

Brighter Blacker

issue commentkubernetes/kops

Unable to start metrics server

Ah! That explains why the last time that I did this, it worked; I had used the default insecure: false briefly, then switched to insecure: true. I appreciate the clear path forward; thanks!

SadmiB

comment created time in 18 days

issue commentkubernetes/kops

Unable to start metrics server

No, it doesn't work with 1.21.4 either. The problem seems to be that the cert-manager Issuer, metrics-server.addons.k8s.io does not exist:

$ kubectl --namespace kube-system get certificaterequests metrics-server-sstj8 --output yaml
apiVersion: cert-manager.io/v1
kind: CertificateRequest
metadata:
  annotations:
    cert-manager.io/certificate-name: metrics-server
    cert-manager.io/certificate-revision: "1"
    cert-manager.io/private-key-secret-name: metrics-server-scd4v
[SNIP]
  labels:
    addon.kops.k8s.io/name: metrics-server.addons.k8s.io
    addon.kops.k8s.io/version: 0.4.4
    app.kubernetes.io/managed-by: kops
    k8s-app: metrics-server
  name: metrics-server-sstj8
  namespace: kube-system
  ownerReferences:
  - apiVersion: cert-manager.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: Certificate
    name: metrics-server
spec:
  duration: 2160h0m0s
  groups:
  - system:serviceaccounts
  - system:serviceaccounts:cert-manager
  - system:authenticated
  issuerRef:
    kind: Issuer
    name: metrics-server.addons.k8s.io
  request: [REDACTED]
  uid: 73dfaaa3-735b-4410-ade1-d3dfe2860705
  usages:
  - server auth
  username: system:serviceaccount:cert-manager:cert-manager
status:
  conditions:
  - lastTransitionTime: "2021-12-31T04:43:42Z"
    message: Certificate request has been approved by cert-manager.io
    reason: cert-manager.io
    status: "True"
    type: Approved
  - lastTransitionTime: "2021-12-31T04:43:42Z"
    message: 'Referenced "Issuer" not found: issuer.cert-manager.io "metrics-server.addons.k8s.io"
      not found'
    reason: Pending
    status: "False"
    type: Ready

No issuers...

$ kubectl get issuers --all-namespaces
No resources found

Only the cluster issuer...

$ kubectl get clusterissuers                 
NAME               READY   AGE
letsencrypt-prod   True    290d

... that we created for our independently installed cert-manager (from before upgrading kops)

$ helm --namespace cert-manager list 
NAME        	NAMESPACE   	REVISION	UPDATED                                	STATUS  	CHART              	APP VERSION
cert-manager	cert-manager	32      	2021-12-19 12:44:40.454365208 +0000 UTC	deployed	cert-manager-v1.3.1	v1.3.1     

I can't find anything in the kops repo that refers to such an issuer; where is it expected to come from?

SadmiB

comment created time in 18 days

issue commentkubernetes/kops

Unable to start metrics server

I have just run into this today, upgrading to kops 1.20.3. If there isn't a going to be another release (which is perfectly reasonable), then what is the workaround going ahead? I don't plan on going to kops 1.21.X until we can smoothly upgrade to 1.20 across our clusters.

SadmiB

comment created time in 18 days

more