Unable to authenticate the request error in metrics-server 0.6.3, eks 1.23

W_Rad · May 25, 2023, 1:48pm

Hi, I installed eks 1.23 with tf and metrics-server with helm, in metrics-server logs I have:

serving.go:342] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key) ││ I0525 13:06:59.591442 1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController ││ I0525 13:06:59.591466 1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController ││ I0525 13:06:59.591513 1 configmap_cafile_content.go:201] “Starting controller” name=“client-ca::kube-system::extension-apiserver-authentication::client-ca-file” ││ I0525 13:06:59.591531 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file ││ I0525 13:06:59.591574 1 configmap_cafile_content.go:201] “Starting controller” name=“client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file” ││ I0525 13:06:59.591585 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file ││ I0525 13:06:59.592024 1 secure_serving.go:267] Serving securely on [::]:4443 ││ I0525 13:06:59.592065 1 dynamic_serving_content.go:131] “Starting controller” name=“serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key” ││ I0525 13:06:59.592187 1 tlsconfig.go:240] “Starting DynamicServingCertificateController” ││ W0525 13:06:59.592292 1 shared_informer.go:372] The sharedIndexInformer has started, run more than once is not allowed ││ I0525 13:06:59.692076 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file ││ I0525 13:06:59.692136 1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController ││ I0525 13:06:59.692227 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file ││ E0525 13:07:33.746831 1 authentication.go:63] “Unable to authenticate the request” >err=“verifying certificate SN= failed: x509: certifi ││ cate signed by unknown authority”

I tried with step:

github.com

kubernetes-sigs/metrics-server/blob/master/KNOWN_ISSUES.md#incorrectly-configured-front-proxy-certificate

# Known issues

## Table of Contents

<!-- toc -->
- [Kubelet doesn't report metrics for all or subset of nodes](#kubelet-doesnt-report-metrics-for-all-or-subset-of-nodes)
- [Kubelet doesn't report pod metrics](#kubelet-doesnt-report-pod-metrics)
- [Metrics-server pod failed to reach running status](#metrics-server-pod-failed-to-reach-running-status)
- [HPA is unable to get resource utilization](#hpa-is-unable-to-get-resource-utilization)
- [Incorrectly configured front-proxy certificate](#incorrectly-configured-front-proxy-certificate)
- [Network problem when connecting with Kubelet](#network-problem-when-connecting-with-kubelet)
- [Unable to work properly in Amazon EKS](#unable-to-work-properly-in-amazon-eks)
<!-- /toc -->

## Kubelet doesn't report metrics for all or subset of nodes

**Symptoms**

If you run `kubectl top nodes` and not get metrics for all nods in the clusters or some nodes will return `<unknown>`  value. For example:

This file has been truncated. show original

but no luck, I want to set role with step:

github.com

kubernetes-sigs/metrics-server/blob/master/KNOWN_ISSUES.md#unable-to-work-properly-in-amazon-eks

# Known issues

## Table of Contents

<!-- toc -->
- [Kubelet doesn't report metrics for all or subset of nodes](#kubelet-doesnt-report-metrics-for-all-or-subset-of-nodes)
- [Kubelet doesn't report pod metrics](#kubelet-doesnt-report-pod-metrics)
- [Metrics-server pod failed to reach running status](#metrics-server-pod-failed-to-reach-running-status)
- [HPA is unable to get resource utilization](#hpa-is-unable-to-get-resource-utilization)
- [Incorrectly configured front-proxy certificate](#incorrectly-configured-front-proxy-certificate)
- [Network problem when connecting with Kubelet](#network-problem-when-connecting-with-kubelet)
- [Unable to work properly in Amazon EKS](#unable-to-work-properly-in-amazon-eks)
<!-- /toc -->

## Kubelet doesn't report metrics for all or subset of nodes

**Symptoms**

If you run `kubectl top nodes` and not get metrics for all nods in the clusters or some nodes will return `<unknown>`  value. For example:

This file has been truncated. show original

but I don’t know which role I should set, I don’t have role:

rolearn: arn:aws:iam::123456789123:role/kubernetes-devops

or maybe someone has another idea how to resolve my issue?

Topic		Replies	Views
Metrics Server fails with FailedDiscoveryCheck General Discussions metrics-server	2	15237	August 24, 2020
How to get metric-server work without setting --kubelet-insecure-tls=true General Discussions metrics-server	3	5894	November 20, 2023
Why my API server keep getting this error [Unable to authenticate the request]? General Discussions	0	8	November 20, 2024
Metrics-server on a 1.25+ k8s cluster General Discussions metrics-server	1	841	October 17, 2024
Kube-scheduler is failing with following errors- Kubenetes version v1.15.3 General Discussions	1	3628	September 18, 2019

Unable to authenticate the request error in metrics-server 0.6.3, eks 1.23

Related topics