https://github.com/jenting/secure-metrics-server

Deploy Kubernetes metrics-server in secure
https://github.com/jenting/secure-metrics-server

kubernetes metrics-server

Last synced: 11 months ago
JSON representation

Deploy Kubernetes metrics-server in secure

• Host: GitHub
• URL: https://github.com/jenting/secure-metrics-server
• Owner: jenting
• License: apache-2.0
• Created: 2020-03-05T01:26:30.000Z (over 6 years ago)
• Default Branch: main
• Last Pushed: 2020-12-04T07:45:43.000Z (over 5 years ago)
• Last Synced: 2025-04-14T16:17:50.468Z (about 1 year ago)
• Topics: kubernetes, metrics-server
• Language: Shell
• Homepage:
• Size: 10.7 KB
• Stars: 11
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Secure metrics server

Official [metrics-server](https://github.com/kubernetes-sigs/metrics-server) deploys onto [Kubernetes](https://github.com/kubernetes-sigs/metrics-server/blob/master/deploy/kubernetes/metrics-apiservice.yaml) is _insecure_.

This repo provides a way to generate metrics-server server certificate and key by Kubernetes CA.

Then, deploys metrics-server _in secure_.

## Prerequisite

- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux) CLI

- [kustomize](https://github.com/kubernetes-sigs/kustomize) CLI

## Demo

### KIND

1. Clone upstream metrics-server manifests.

   At here, we clone the current latest metrics-server tag `v0.4.1`, you could switch to your preferred metrics-server release version.

   ```shell

   git clone -b v0.4.1 git@github.com:kubernetes-sigs/metrics-server.git

   cd metrics-server/manifests

   git clone git@github.com:jenting/secure-metrics-server.git

   cd secure-metrics-server

   ```

2. Copy the Kubernetes CA certificate from remote machine to local machine.

   ```shell

   NODE_NAME=`kind get nodes`

   CONTAINER_ID=`docker ps --filter "name=$NODE_NAME" -q`

   docker cp $CONTAINER_ID:/etc/kubernetes/pki/ca.crt kubernetes-ca.crt

   ```

3. Run generate secure metrics-server patch manifests.

   ```shell

   ./secure-metrics-server.sh

   ```

4. Apply the _kustomization.yaml_ file

    ```shell

    cd ../

    kustomize build secure-metrics-server | kubectl apply -f -

    ```

5. Check the metrics-server bahavior

    ```shell

    kubectl top nodes

    kubectl top pods

    ```