x509: certificate signed by unknown authority error in metrics server component.

Solution Verified - Updated -

Issue

  • The metrics-server pod shows errors about invalid certificates in their logs:

    authentication.go:64] Unable to authenticate the request due to an error: [x509: certificate signed by unknown authority, x509: certificate signed by unknown authority]

  • The Horizontal Pod Autoscaler (HPA) fails with the following error message:

    Warning  FailedComputeMetricsReplicas  5m  horizontal-pod-autoscaler  failed to get cpu utilization: unable to get metrics for resource cpu: unable to fetch metrics from resource metrics API: Unauthorized
Warning  FailedGetResourceMetric       1m  horizontal-pod-autoscaler  unable to get metrics for resource cpu: unable to fetch metrics from resource metrics API: Unauthorized
  • How to renew the TLS cert-key pair inside the metrics-server-certs secret.
  • How to regenerate the metrics-server-certs secret.

Environment

  • Red Hat OpenShift Container Platform
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content