I have a k8s 1.24 cluster built the hard way. Here is my setup
PKI Infra:
Kube-CA
All certs locally signed by Kube-CA including the Kubelet.
Created front-proxy-ca
Created certs as mentioned in kubernetes-the-hardway-virtualbox/15.Deploy-Metric-Server.md at master · ansilh/kubernetes-the-hardway-virtualbox · GitHub
Added to api-server and everything works as expected. Installed metrics-server using kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
It starts complaining about Certificate error:
E0403 01:39:41.376984 1 scraper.go:140] "Failed to scrape node" err="Get \"https://10.209.46.102:10250/metrics/resource\": x509: cannot validate certificate for 10.209.46.102 because it doesn't contain any IP SANs" node="worker003"
Had to disable cert checks with --kubelet-insecure-tls=true
Tried adding --kubelet-certificate-authority=/certs/ca.crt
and later --requestheader-client-ca-file=/certs/front-proxy-ca.pem
nothing looks to be working.
Wondering how hosted service providers can get everything going just with latest metric-server yaml applied without any changes to it? What am I missing?