Metrics server Pod is CrashLoopBackOff

metrics server pod is crashing with the below error.

panic: failed to create listener: failed to listen on 0.0.0.0:443: listen tcp 0.0.0.0:443: bind: permission denied

metrics server is installed using https://github.com/kubernetes-sigs/metrics-server.git

Cluster information:

Kubernetes version:
Client Version: v1.17.1
Server Version: v1.17.1
Cloud being used: installed On-premise environment(Redhat Linux server 7)
Installation method: manual(followed the steps are given Installing kubeadm - Kubernetes) and created cluster
Host OS: Redhat Linux server 7
Flannel overlay network installed
CNI and version:

CRI and version:

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

It looks like your pod wants to bind to port 443 which is allowed only for root user (ports < 1024 are restricted). Do you use these manifests: https://github.com/kubernetes-sigs/metrics-server/tree/master/deploy/1.8%2B to deploy it?

ports:

  • port: 443
    protocol: TCP
    targetPort: main-port

yes, i see above in service object, Could you please guide me to fix it.

Service can have low numbered ports, the problem is with pod with such ports.

In this script we can see that port start on port 4443 (additional args and in template.spec).

i have modified like below and still getting same error. Please help me to fix it.

spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
args:
- --cert-dir=/tmp
- --kubelet-insecure-tls
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:

Your args:

args:
- --cert-dir=/tmp
- --kubelet-insecure-tls

but

    - --secure-port=4443

is missing…

i have added it to deployment, but getting below error
args:
- --cert-dir=/tmp
- --kubelet-insecure-tls
- --secure-port=4443
ports:

panic: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication: dial tcp 10.96.0.1:443: connect: no route to host

Can anyone help me on this.

@vkatukam : were you able to fix the issue ?