0

I have deploy a k8s cluster with kubeadm, I want to get controller manager's metrics with following command:

curl -k https://localhost:10257/metrics

but got the following error:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/metrics\"",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403
}

So my question is, how to get k8s controller manager's metrics?

Ren
  • 2,852
  • 2
  • 23
  • 45

1 Answers1

0

This is a forbidden error due to permission issues which need to be authenticated with a valid user. For this,You need to create a service account, then give that service account access permissions to the metrics Path through RBAC, then this will make that service account to get the metrics.

As per this Role and Cluster Binding doc, you need to allow metrics path(replace with /healthz) as below and give a try.

Allow GET and POST requests to the non-resource endpoint /healthz and all subpaths (must be in a ClusterRole bound with a ClusterRoleBinding to be effective):
rules:


- nonResourceURLs: ["/healthz", "/healthz/*"] # '*' in a nonResourceURL is a suffix glob match


 verbs: ["get", "post"]
Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19
  • @Ren : Please let me know whether the shared info was helpful. I am happy to assist if you have any further queries. If the answer was helpful, What should I do [when someone answers my question?](https://stackoverflow.com/help/someone-answers) – Hemanth Kumar Mar 29 '23 at 13:38