https://rancher.com/ logo
#general
Title
# general
a

adamant-kite-43734

02/08/2023, 4:28 PM
This message was deleted.
c

creamy-pencil-82913

02/08/2023, 4:32 PM
rke2 comes with a metrics-server deployment. if you applied that, you now have two.
r

red-eve-83296

02/08/2023, 4:34 PM
I tried without adding it and it did not work
can it be an rbac problem? maybe the gitlab operator did not setup rbac correctly
What is the cluster role to read from the metric service?
r

red-eve-83296

02/08/2023, 4:45 PM
rke2-metrics-server is up and running
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 6s default-scheduler Successfully assigned kube-system/rke2-metrics-server-74f878b999-lk95l to k8s Normal Pulled 5s kubelet Container image "rancher/hardened-k8s-metrics-server:v0.6.2-build20221202" already present on machine Normal Created 5s kubelet Created container metrics-server Normal Started 5s kubelet Started container metrics-server user@k8s:~$ k top node error: Metrics API not available
c

creamy-pencil-82913

02/08/2023, 4:52 PM
check the apiserver logs to see why it can’t connect to the service
r

red-eve-83296

02/08/2023, 5:02 PM
no errors
I0208 165727.525523 1 server.go:558] external host was not specified, using 135.181.142.66 I0208 165727.525851 1 server.go:158] Version: v1.24.10+rke2r1 I0208 165727.525940 1 server.go:160] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK="" I0208 165727.623658 1 plugins.go:158] Loaded 13 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,PodSecurityPolicy,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,RuntimeClass,DefaultIngressClass,MutatingAdmissionWebhook. I0208 165727.623843 1 plugins.go:161] Loaded 12 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,PodSecurity,PodSecurityPolicy,Priority,PersistentVolumeClaimResize,RuntimeClass,CertificateApproval,CertificateSigning,CertificateSubjectRestriction,ValidatingAdmissionWebhook,ResourceQuota. I0208 165727.623814 1 shared_informer.go:255] Waiting for caches to sync for node_authorizer I0208 165727.626025 1 plugins.go:158] Loaded 13 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,PodSecurityPolicy,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,RuntimeClass,DefaultIngressClass,MutatingAdmissionWebhook. I0208 165727.626054 1 plugins.go:161] Loaded 12 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,PodSecurity,PodSecurityPolicy,Priority,PersistentVolumeClaimResize,RuntimeClass,CertificateApproval,CertificateSigning,CertificateSubjectRestriction,ValidatingAdmissionWebhook,ResourceQuota. W0208 165727.656094 1 genericapiserver.go:557] Skipping API apiextensions.k8s.io/v1beta1 because it has no resources. I0208 165727.656881 1 instance.go:274] Using reconciler: lease I0208 165727.789861 1 instance.go:587] API group "internal.apiserver.k8s.io" is not enabled, skipping. W0208 165728.042606 1 genericapiserver.go:557] Skipping API authentication.k8s.io/v1beta1 because it has no resources. W0208 165728.044058 1 genericapiserver.go:557] Skipping API authorization.k8s.io/v1beta1 because it has no resources. W0208 165728.070262 1 genericapiserver.go:557] Skipping API certificates.k8s.io/v1beta1 because it has no resources. W0208 165728.071447 1 genericapiserver.go:557] Skipping API coordination.k8s.io/v1beta1 because it has no resources. W0208 165728.075607 1 genericapiserver.go:557] Skipping API networking.k8s.io/v1beta1 because it has no resources. W0208 165728.077881 1 genericapiserver.go:557] Skipping API node.k8s.io/v1alpha1 because it has no resources. W0208 165728.082701 1 genericapiserver.go:557] Skipping API rbac.authorization.k8s.io/v1beta1 because it has no resources. W0208 165728.082725 1 genericapiserver.go:557] Skipping API rbac.authorization.k8s.io/v1alpha1 because it has no resources.
i created a /etc/rancher/rke2/config.yaml like this
user@k8s:~$ sudo cat /etc/rancher/rke2/config.yaml token: ----- tls-san: - k8s - k8s.mydomain.com ## Disable rke2 default ingress disable: rke2-ingress-nginx
47 Views