-->

Sunday, March 6, 2022

[Solved] panic: unable to load configmap based request-header-client-ca-file: configmaps "extension-apiserver-authentication" is forbidden: User "system:serviceaccount:kubernetes-infra:metrics-server" cannot get resource "configmaps" in API group "" in the namespace "kube-system"

 

Issue:- 

Metric server is unable to load the configmap "extension-apiserver-authentication" and giving forbidden due to which metricserver does show load with kubectl top command.

Error:- 

  panic: unable to load configmap based request-header-client-ca-file: configmaps "extension-apiserver-authentication" is forbidden: User "system:serviceaccount:kubernetes-infra:metrics-server" cannot get resource "configmaps" in API group "" in the namespace "kube-system"

Effect:-

Metric server doesn't work and kubectl top command fails 

  Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)

Resolution:-

Replace

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - nodes/metrics
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  
  WITH
  
  apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - nodes/metrics
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/stats
  - namespaces
  - configmaps

Explanation:-

In the latest version of the metricserver , the yaml has reduced resources on which metrics server can authorise. So we need to add the nodes/stats , namespaces and configmaps which are used by the metric server for working. Because of the above missing resource when it tries to contact configmaps it getting an error after the resources in the yaml it as it able to successfully connect to the configmaps and run the top command. 

0 comments:

Post a Comment