Are there any known issues with metrics-server and configmap? I’ve tried a zillion things to get it to work but unable to. If in my deployment manifest I simply replace "image: k8s.gcr.io/metrics-server-amd64:v0.3.3" with “image: docker.io/alpine” it can read configmap files. But metrics-server throws the following error: “no such file or directory” when attempting to reference a configmap file. Which tends to make me suspect the problem is in metrics-server rather than the k8s environment.
My purpose is doing this is to make the server’s public and private keys (–tls-cert-file) available to the container. If a configmap is not the recommended way to provide the metrics-server its keys , please let me know what the recommended way is. (In tihs case I still would be curious why metrics-server cannot mount configmap volumes.)
I figured this out. The problem was a combination of a misleading error message from metric-server and zero insight into whether or not the container was able to see the files in the volume. In fact the files were there, but the error message made me think they weren’t. If you pass “–tls-cert-file” without also giving “–tls-private-key-file” (which I was doing just for testing) the error message is: “No such file or directory”. Instead of something more informative, like “Please specify both options together.” The metrics-server developers need to change this and save “No such file” for cases when the file actually does not exist or cannot be opened for reading. Thinking there was no file, there wasn’t any way to verify this from within the container because it only has one binary without any shell. Running “docker export” on the non-running container (not running because metrics-server would bomb out with the error) revealed an empty volume because kubelet had unmounted the volumes when stopping the container. Looking at the kubelet logs they were showing everything ok with the volume, and I could see the files under /var/lib/kublet/pods/…/. But all indications were that something was wrong because I had no insight into what the container itself was seeing. Once I started passing both the command line options for the certs, everything was working.