My Oracle Support Banner

Kubernetes Metrics Server Unable to Communicate with kube-apiserver Instances on Master Nodes, "Err: Unable to authenticate request" in OCCNE 1.4 (Doc ID 2778621.1)

Last updated on MAY 21, 2021

Applies to:

Oracle Communications Cloud Native Core - 5G - Version Core 2.1.0 to Core 2.1.0 [Release All Releases]
Information in this document applies to any platform.

Symptoms

When the Kubernetes Metrics Server is unable to authenticate client certificates, several high-level commands may fail to execute within the cluster (e.g. kubectl top [pod|node]), and the metrics server pods logs will document repeated failures to authenticate and verify the supplied certificates.

Indications of this Behavior:

Examples of this condition are demonstrated below:

kubectl top [pod|node]

 

Changes

This behavior was observed within a OCCNE 1.4 deployment that had recently had the Kubernetes cluster certificates renewed using a procedure similar to that described within (Doc ID 2778189.1).

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
 Indications of this Behavior:
 kubectl top [pod|node]
 kubectl get hpa
 Logs from metrics server:
Changes
Cause
Solution
 Step 1: Collecting the Certificates
 Step 2: Create and mount the new configmap
 Step 3: Update the API server on each Master Node
 Step 4: Restart the Metrics Server:
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.