Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
sigs.k8s.io/metrics-server
Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
Metrics Server collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API
for use by Horizontal Pod Autoscaler and Vertical Pod Autoscaler. Metrics API can also be accessed by kubectl top
,
making it easier to debug autoscaling pipelines.
Metrics Server is not meant for non-autoscaling purposes. For example, don't use it to forward metrics to monitoring solutions, or as a source of monitoring solution metrics. In such cases please collect metrics from Kubelet /metrics/resource
endpoint directly.
Metrics Server offers:
You can use Metrics Server for:
Don't use Metrics Server when you need:
For unsupported use cases, check out full monitoring solutions like Prometheus.
Metrics Server has specific requirements for cluster and network configuration. These requirements aren't the default for all cluster distributions. Please ensure that your cluster distribution supports these requirements before using Metrics Server:
--kubelet-insecure-tls
to Metrics Server)hostNetwork
is enabled). Read more about control plane to node communication..status.addresses
and port in .status.daemonEndpoints.kubeletEndpoint.port
field (default 10250). Metrics Server will pick first node address based on the list provided by kubelet-preferred-address-types
command line flag (default InternalIP,ExternalIP,Hostname
in manifests).Metrics Server can be installed either directly from YAML manifest or via the official Helm chart. To install the latest Metrics Server release from the components.yaml manifest, run the following command.
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
Installation instructions for previous releases can be found in Metrics Server releases.
Metrics Server | Metrics API group/version | Supported Kubernetes version |
---|---|---|
0.7.x | metrics.k8s.io/v1beta1 | 1.19+ |
0.6.x | metrics.k8s.io/v1beta1 | 1.19+ |
0.5.x | metrics.k8s.io/v1beta1 | *1.8+ |
0.4.x | metrics.k8s.io/v1beta1 | *1.8+ |
0.3.x | metrics.k8s.io/v1beta1 | 1.8-1.21 |
*Kubernetes versions lower than v1.16 require passing the --authorization-always-allow-paths=/livez,/readyz
command line flag
Metrics Server can be installed in high availability mode directly from a YAML manifest or via the official Helm chart by setting the replicas
value greater than 1
. To install the latest Metrics Server release in high availability mode from the high-availability.yaml manifest, run the following command.
On Kubernetes v1.21+:
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml
On Kubernetes v1.19-1.21:
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability.yaml
Note that this configuration requires having a cluster with at least 2 nodes on which Metrics Server can be scheduled.
Also, to maximize the efficiency of this highly available configuration, it is recommended to add the --enable-aggregator-routing=true
CLI flag to the kube-apiserver so that requests sent to Metrics Server are load balanced between the 2 instances.
The Helm chart is maintained as an additional component within this repo and released into a chart repository backed on the gh-pages
branch. A new version of the chart will be released for each Metrics Server release and can also be released independently if there is a need. The chart on the master
branch shouldn't be referenced directly as it might contain modifications since it was last released, to view the chart code use the chart release tag.
Metrics Server requires the CAP_NET_BIND_SERVICE
capability in order to bind to a privileged ports as non-root.
If you are running Metrics Server in an environment that uses PSSs or other mechanisms to restrict pod capabilities, ensure that Metrics Server is allowed
to use this capability.
This applies even if you use the --secure-port
flag to change the port that Metrics Server binds to a non-privileged port.
Starting from v0.5.0 Metrics Server comes with default resource requests that should guarantee good performance for most cluster configurations up to 100 nodes:
Metrics Server resource usage depends on multiple independent dimensions, creating a Scalability Envelope. Default Metrics Server configuration should work in clusters that don't exceed any of the thresholds listed below:
Quantity | Namespace threshold | Cluster threshold |
---|---|---|
#Nodes | n/a | 100 |
#Pods per node | 70 | 70 |
#Deployments with HPAs | 100 | 100 |
Resources can be adjusted proportionally based on number of nodes in the cluster. For clusters of more than 100 nodes, allocate additionally:
You can use the same approach to lower resource requests, but there is a boundary where this may impact other scalability dimensions like maximum number of pods per node.
Depending on your cluster setup, you may also need to change flags passed to the Metrics Server container. Most useful flags:
--kubelet-preferred-address-types
- The priority of node address types used when determining an address for connecting to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])--kubelet-insecure-tls
- Do not verify the CA of serving certificates presented by Kubelets. For testing purposes only.--requestheader-client-ca-file
- Specify a root certificate bundle for verifying client certificates on incoming requests.--node-selector
-Can complete to scrape the metrics from the Specified nodes based on labelsYou can get a full list of Metrics Server configuration flags by running:
docker run --rm registry.k8s.io/metrics-server/metrics-server:v0.7.2 --help
Metrics Server is a component in the core metrics pipeline described in Kubernetes monitoring architecture.
For more information, see:
Before posting an issue, first checkout Frequently Asked Questions and Known Issues.
Learn how to engage with the Kubernetes community on the community page.
You can reach the maintainers of this project at:
This project is maintained by SIG Instrumentation
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.