Metrics Server

Kubernetes cluster resource metrics aggregator for the HPA and VPA.

Metrics Server is the official Kubernetes resource metrics pipeline implementation. It scrapes CPU and memory usage from kubelets and exposes them via the metrics.k8s.io API, which powers kubectl top, Horizontal Pod Autoscaler (HPA), and Vertical Pod Autoscaler (VPA). It is required in this cluster for HPA functionality and for kubectl top node/pod to work. It uses InternalIP and Hostname address types for kubelet communication, relying on kubelet-serving-cert-approver for valid serving certificates.

Installation

Architecture

HelmRelease metrics-server in namespace kube-system, chart version 3.13.0 from https://kubernetes-sigs.github.io/metrics-server/. Registers an APIService for metrics.k8s.io/v1beta1. Args: --kubelet-preferred-address-types=InternalIP,Hostname, --metric-resolution=15s. Does not use --kubelet-insecure-tls (valid kubelet certificates provided by kubelet-serving-cert-approver).

Security

No custom securityContext in the HelmRelease values; chart defaults apply. RBAC is cluster-scoped (needs to read nodes/stats from kubelets). APIService registration requires cluster-admin level permissions at install time.

Updates

Managed by Renovate. Chart version is semver-pinned (3.13.0).

Administration

Usage

kubectl top nodes and kubectl top pods use metrics-server. HPA objects reference cpu and memory metrics from the metrics.k8s.io API. No direct operator interaction with metrics-server is typically needed — it runs transparently as a cluster add-on.

Cluster-specific deviations from the above live in the per-cluster README — see k8s/infrastructure/talos/controllers/metrics-server/README.md.

Cluster Deployment

Talos

Metrics Server — Talos cluster

Cluster-specific notes only. General product info, "why we use it", and alternatives live in docusaurus/docs/platform/metrics-server.mdx.

Deviations from defaults

Defaults live in docusaurus/docs/platform/metrics-server.mdx — document anything this cluster does differently here, with a one-line reason.

Kubernetes Metadata

• HelmRelease: metrics-server@3.13.1
• HelmRepo: metrics-server (https://kubernetes-sigs.github.io/metrics-server/)

Rendered manifests (kustomize build)

apiVersion: v1
data:
  values.yaml: |
    args:
      - --kubelet-preferred-address-types=InternalIP,Hostname
      #- --kubelet-insecure-tls
      - --metric-resolution=15s

    #hostNetwork: true
    #dnsPolicy: ClusterFirstWithHostNet

    apiService:
      create: true

    # optional: resources
    resources:
      requests:
        cpu: 50m
        memory: 64Mi
kind: ConfigMap
metadata:
  name: metrics-server-values-7b5cgt5gtt
  namespace: kube-system

Edge

Kubernetes Metadata

• HelmRelease: metrics-server@3.13.1
• HelmRepo: metrics-server (https://kubernetes-sigs.github.io/metrics-server/)

Rendered manifests (kustomize build)

apiVersion: v1
data:
  values.yaml: |
    args:
      - --kubelet-preferred-address-types=InternalIP,Hostname
      #- --kubelet-insecure-tls
      - --metric-resolution=15s

    #hostNetwork: true
    #dnsPolicy: ClusterFirstWithHostNet

    apiService:
      create: true

    # optional: resources
    resources:
      requests:
        cpu: 50m
        memory: 64Mi
kind: ConfigMap
metadata:
  name: metrics-server-values-7b5cgt5gtt
  namespace: kube-system