Deploy Kubernetes metrics-server in secure
APACHE-2.0 License
Official metrics-server deploys onto Kubernetes is insecure.
This repo provides a way to generate metrics-server server certificate and key by Kubernetes CA. Then, deploys metrics-server in secure.
Clone upstream metrics-server manifests.
At here, we clone the current latest metrics-server tag v0.4.1
, you could switch to your preferred metrics-server release version.
git clone -b v0.4.1 [email protected]:kubernetes-sigs/metrics-server.git
cd metrics-server/manifests
git clone [email protected]:jenting/secure-metrics-server.git
cd secure-metrics-server
Copy the Kubernetes CA certificate from remote machine to local machine.
NODE_NAME=`kind get nodes`
CONTAINER_ID=`docker ps --filter "name=$NODE_NAME" -q`
docker cp $CONTAINER_ID:/etc/kubernetes/pki/ca.crt kubernetes-ca.crt
Run generate secure metrics-server patch manifests.
./secure-metrics-server.sh
Apply the kustomization.yaml file
cd ../
kustomize build secure-metrics-server | kubectl apply -f -
Check the metrics-server bahavior
kubectl top nodes
kubectl top pods