can it be an rbac problem? maybe the gitlab operator did not setup rbac correctly

What is the cluster role to read from the metric service?

Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 6s default-scheduler Successfully assigned kube-system/rke2-metrics-server-74f878b999-lk95l to k8s Normal Pulled 5s kubelet Container image "rancher/hardened-k8s-metrics-server:v0.6.2-build20221202" already present on machine Normal Created 5s kubelet Created container metrics-server Normal Started 5s kubelet Started container metrics-server user@k8s:~$ k top node error: Metrics API not available

I0208 16:57:27.525523 1 server.go:558] external host was not specified, using 135.181.142.66 I0208 16:57:27.525851 1 server.go:158] Version: v1.24.10+rke2r1 I0208 16:57:27.525940 1 server.go:160] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK="" I0208 16:57:27.623658 1 plugins.go:158] Loaded 13 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,PodSecurityPolicy,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,RuntimeClass,DefaultIngressClass,MutatingAdmissionWebhook. I0208 16:57:27.623843 1 plugins.go:161] Loaded 12 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,PodSecurity,PodSecurityPolicy,Priority,PersistentVolumeClaimResize,RuntimeClass,CertificateApproval,CertificateSigning,CertificateSubjectRestriction,ValidatingAdmissionWebhook,ResourceQuota. I0208 16:57:27.623814 1 shared_informer.go:255] Waiting for caches to sync for node_authorizer I0208 16:57:27.626025 1 plugins.go:158] Loaded 13 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,PodSecurityPolicy,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,RuntimeClass,DefaultIngressClass,MutatingAdmissionWebhook. I0208 16:57:27.626054 1 plugins.go:161] Loaded 12 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,PodSecurity,PodSecurityPolicy,Priority,PersistentVolumeClaimResize,RuntimeClass,CertificateApproval,CertificateSigning,CertificateSubjectRestriction,ValidatingAdmissionWebhook,ResourceQuota. W0208 16:57:27.656094 1 genericapiserver.go:557] Skipping API apiextensions.k8s.io/v1beta1 because it has no resources. I0208 16:57:27.656881 1 instance.go:274] Using reconciler: lease I0208 16:57:27.789861 1 instance.go:587] API group "internal.apiserver.k8s.io" is not enabled, skipping. W0208 16:57:28.042606 1 genericapiserver.go:557] Skipping API authentication.k8s.io/v1beta1 because it has no resources. W0208 16:57:28.044058 1 genericapiserver.go:557] Skipping API authorization.k8s.io/v1beta1 because it has no resources. W0208 16:57:28.070262 1 genericapiserver.go:557] Skipping API certificates.k8s.io/v1beta1 because it has no resources. W0208 16:57:28.071447 1 genericapiserver.go:557] Skipping API coordination.k8s.io/v1beta1 because it has no resources. W0208 16:57:28.075607 1 genericapiserver.go:557] Skipping API networking.k8s.io/v1beta1 because it has no resources. W0208 16:57:28.077881 1 genericapiserver.go:557] Skipping API node.k8s.io/v1alpha1 because it has no resources. W0208 16:57:28.082701 1 genericapiserver.go:557] Skipping API rbac.authorization.k8s.io/v1beta1 because it has no resources. W0208 16:57:28.082725 1 genericapiserver.go:557] Skipping API rbac.authorization.k8s.io/v1alpha1 because it has no resources.

i created a /etc/rancher/rke2/config.yaml like this

user@k8s:~$ sudo cat /etc/rancher/rke2/config.yaml token: ----- tls-san: - k8s - k8s.mydomain.com ## Disable rke2 default ingress disable: rke2-ingress-nginx