Skip to content

Latest commit

 

History

History
53 lines (37 loc) · 1.55 KB

README.md

File metadata and controls

53 lines (37 loc) · 1.55 KB

Secure metrics server

Official metrics-server deploys onto Kubernetes is insecure.

This repo provides a way to generate metrics-server server certificate and key by Kubernetes CA. Then, deploys metrics-server in secure.

Prerequisite

Demo

KIND

  1. Clone upstream metrics-server manifests.

    At here, we clone the current latest metrics-server tag v0.4.1, you could switch to your preferred metrics-server release version.

    git clone -b v0.4.1 [email protected]:kubernetes-sigs/metrics-server.git
    cd metrics-server/manifests
    git clone [email protected]:jenting/secure-metrics-server.git
    cd secure-metrics-server
  2. Copy the Kubernetes CA certificate from remote machine to local machine.

    NODE_NAME=`kind get nodes`
    CONTAINER_ID=`docker ps --filter "name=$NODE_NAME" -q`
    docker cp $CONTAINER_ID:/etc/kubernetes/pki/ca.crt kubernetes-ca.crt
  3. Run generate secure metrics-server patch manifests.

    ./secure-metrics-server.sh
  4. Apply the kustomization.yaml file

    cd ../
    kustomize build secure-metrics-server | kubectl apply -f -
  5. Check the metrics-server bahavior

    kubectl top nodes
    kubectl top pods