Installing the Metrics Server

The Kube Cluster Nodes test and the Pods by Namespace test collect metrics on CPU and memory usage from an endpoint provided by a Metrics Server. This means, for these metrics to be reported, a Metrics Server needs to be installed in the cluster. Metrics Server is a cluster-wide aggregator of resource usage data. It collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API.

By default, the Metrics Server is deployed in clusters created by kube-up.sh script as a Deployment object. If you use a different Kubernetes setup mechanism, you can deploy it using the provided deployment components.yaml file.

Metrics Server has specific requirements for cluster and network configuration. These requirements aren't the default for all cluster distributions. Before deploying the Metrics server therefore, ensure that your cluster distribution supports these requirements:

  • Metrics Server must be reachable from kube-apiserver by container IP address (or node IP if hostNetwork is enabled).

  • The kube-apiserver must enable an aggregation layer.

  • Nodes must have Webhook authentication and authorization enabled.

  • Kubelet certificate needs to be signed by cluster Certificate Authority (or disable certificate validation by passing --kubelet-insecure-tls to Metrics Server)

  • Container runtime must implement a container metrics RPCs (or have cAdvisor support)

  • Metrics Server requires the CAP_NET_BIND_SERVICE capability in order to bind to a privileged port as non-root. If you are running Metrics Server in an environment that uses PSPs or other mechanisms to restrict pod capabilities, ensure that Metrics Server is allowed to use this capability. This applies even if you use the --secure-port flag to change the port that Metrics Server binds to to a non-privileged port.

  • Depending on your cluster setup, you may also need to change flags passed to the Metrics Server container. Most useful flags:

    • --kubelet-preferred-address-types - The priority of node address types used when determining an address for connecting to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])

    • --kubelet-insecure-tls - Do not verify the CA of serving certificates presented by Kubelets. For testing purposes only.

    • --requestheader-client-ca-file - Specify a root certificate bundle for verifying client certificates on incoming requests.

To install the latest Metrics Server release, run the following command:

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml