fix(kube-system): Run insecure metrics-server

This patch runs the metrics-server without CA validation since kubeadm doesn't create proper certificates for kubelets by default. Therefore, until this is fixed, this patch will work around the issue. References: https://v1-21.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#renew-certificates-with-the-kubernetes-certificates-api

fix(kube-system): Run insecure metrics-server
eeaa9d80 · Sheogorath · 1c6b8dfb · eeaa9d80 · eeaa9d80
Verified Commit eeaa9d80 authored 3 years ago by Sheogorath
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ This toolchain is still under development. Before it will be used in production
 - [x] Automate system configuration using Kubernetes (system-upgrade-controller)
 - [x] Provide an fully encrypted (handled on host level) storage class (longhorn)
 - [x] Deploy cert-manager
+- [ ] Deploy kubelet with proper certificates
 - [ ] Deploy credentials for cert-manager
 - [ ] Automate ingress-controller default certificate deployment
 - [ ] Automate ingress-controller configuration for proxy-protocol

--- a/infrastructure/kube-system/metrics-server.yaml
+++ b/infrastructure/kube-system/metrics-server.yaml
@@ -30,7 +30,7 @@ spec:
      - --cert-dir=/tmp
      - --kubelet-use-node-status-port
      - --metric-resolution=15s
-      - --kubelet-certificate-authority=/ca/ca.crt
+      - --kubelet-insecure-tls
    rbac:
      pspEnabled: true
    podDisruptionBudget: