$ kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-5d78c9869d-9tcz8 1/1 Running 0 8h coredns-5d78c9869d-mnvbp 1/1 Running 0 8h etcd-k8s-control 1/1 Running 2 (7h53m ago) 8h kube-apiserver-k8s-control 1/1 Running 2 (7h53m ago) 8h kube-controller-manager-k8s-control 1/1 Running 2 (7h53m ago) 8h kube-proxy-bpcsb 1/1 Running 1 (7h54m ago) 8h kube-proxy-zcl86 1/1 Running 1 (7h53m ago) 8h kube-scheduler-k8s-control 1/1 Running 2 (7h53m ago) 8h metrics-server-7b4c4d4bfd-x4xpz 0/1 Running 0 3m54s ▲ 0 のままとなる。ログを見ると・・・証明書のチェックでエラーとなっている。
$ kubectl logs -n kube-system metrics-server-7b4c4d4bfd-x4xpz E0719 00:52:31.570169 1 scraper.go:140] "Failed to scrape node" err="Get \"https://xxx.xxx.xxx.xxx:10250/metrics/resource\": x509: cannot validate certificate for xxx.xxx.xxx.xxx because it doesn't contain any IP SANs" node="xxxxxxxxxxxx"
下記、記載の通り、引数に「--kubelet-insecure-tls」を追加してデプロイする。