Metrics server Pod is CrashLoopBackOff

vkatukam · January 21, 2020, 3:51pm

metrics server pod is crashing with the below error.

panic: failed to create listener: failed to listen on 0.0.0.0:443: listen tcp 0.0.0.0:443: bind: permission denied

metrics server is installed using https://github.com/kubernetes-sigs/metrics-server.git

Cluster information:

Kubernetes version:
Client Version: v1.17.1
Server Version: v1.17.1
Cloud being used: installed On-premise environment(Redhat Linux server 7)
Installation method: manual(followed the steps are given Installing kubeadm - Kubernetes) and created cluster
Host OS: Redhat Linux server 7
Flannel overlay network installed
CNI and version:

CRI and version:

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

tomasz.prus · January 21, 2020, 8:23pm

It looks like your pod wants to bind to port 443 which is allowed only for root user (ports < 1024 are restricted). Do you use these manifests: https://github.com/kubernetes-sigs/metrics-server/tree/master/deploy/1.8%2B to deploy it?

vkatukam · January 22, 2020, 7:00am

ports:

port: 443
protocol: TCP
targetPort: main-port

yes, i see above in service object, Could you please guide me to fix it.

tomasz.prus · January 22, 2020, 7:35am

Service can have low numbered ports, the problem is with pod with such ports.

In this script we can see that port start on port 4443 (additional args and in template.spec).

github.com

kubernetes-sigs/metrics-server/blob/master/deploy/1.8+/metrics-server-deployment.yaml#L35


serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
  emptyDir: {}
containers:
- name: metrics-server
  image: k8s.gcr.io/metrics-server-amd64:v0.3.6
  args:
    - --cert-dir=/tmp
    - --secure-port=4443
  ports:
  - name: main-port
    containerPort: 4443
    protocol: TCP
  securityContext:
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    runAsUser: 1000
  imagePullPolicy: Always
  volumeMounts:

vkatukam · January 22, 2020, 7:56am

i have modified like below and still getting same error. Please help me to fix it.

spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
args:
- --cert-dir=/tmp
- --kubelet-insecure-tls
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:

tomasz.prus · January 22, 2020, 8:36am

Your args:

args:
- --cert-dir=/tmp
- --kubelet-insecure-tls

but

    - --secure-port=4443

is missing…

vkatukam · January 22, 2020, 9:40am

i have added it to deployment, but getting below error
args:
- --cert-dir=/tmp
- --kubelet-insecure-tls
- --secure-port=4443
ports:

panic: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication: dial tcp 10.96.0.1:443: connect: no route to host

vkatukam · January 23, 2020, 11:40am

Can anyone help me on this.

vishnu · August 23, 2020, 3:35pm

@vkatukam : were you able to fix the issue ?

Topic		Replies	Views
Metrics-server CrashLoopBackOff with NEW install by rke General Discussions	3	2049	August 17, 2021
Metrics-server in crashloopbackoff microk8s	2	1341	September 22, 2023
Metrics Server fails with FailedDiscoveryCheck General Discussions metrics-server	2	13528	August 24, 2020
pod/Kube-dns and metrics-server in CrashLoopBackOff State on GKE General Discussions	5	1973	February 13, 2019
Problem with metrics k3s General Discussions	2	859	May 12, 2023

Metrics server Pod is CrashLoopBackOff

Cluster information:

Related Topics