Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why we still need to specify --requestheader-client-ca-file flag for metrics-server #1432

Open
fuxiaoting opened this issue Mar 4, 2024 · 3 comments
Open

Why we still need to specify --requestheader-client-ca-file flag for metrics-server #1432

fuxiaoting opened this issue Mar 4, 2024 · 3 comments
Assignees
@yangjunmyfm192085
Labels
triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@fuxiaoting
Copy link

Hello,
Is this known issue still valid?

metrics-server/KNOWN_ISSUES.md

Line 251 in a6a0ea3

To fix this problem you need to provide kube-apiserver proxy-client CA to Metrics Server under `--requestheader-client-ca-file` flag. You can read more about this flag in [Authenticating Proxy](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#authenticating-proxy)

We have set this flag in kube-apiserver k8s-args, and there is a configmap extension-apiserver-authentication created under namespace kube-system.
Why metrics-server apiservice could not get this setting from configmap extension-apiserver-authentication ?
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Mar 4, 2024
@dashpole
Copy link

dashpole commented Mar 7, 2024

/assign @yangjunmyfm192085
/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 7, 2024
@yangjunmyfm192085
Copy link
Contributor

yeah, metrics-server apiservice could get this setting from configmap extension-apiserver-authentication.
I'm not sure about the scene at that time /cc @QianChenglong

@yangjunmyfm192085
Copy link
Contributor

from here
#533

@machine424 machine424 mentioned this issue Apr 9, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yangjunmyfm192085 yangjunmyfm192085

Labels
triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fuxiaoting @dashpole @k8s-ci-robot @yangjunmyfm192085