Skip to content

kube-state-metrics: fix probes when RBAC proxy is enabled #6402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
LaurentGoderre wants to merge 1 commit into
base: main
Choose a base branch
from
Open

kube-state-metrics: fix probes when RBAC proxy is enabled #6402

LaurentGoderre wants to merge 1 commit into from

Conversation

@LaurentGoderre
Copy link

@LaurentGoderre LaurentGoderre commented Dec 11, 2025
edited
Loading

What this PR does / why we need it

When installing the kube-state-metrics with RBAC proxy enabled, the pod never reaches a healthy state.

> helm install rbac oci://ghcr.io/prometheus-community/charts/kube-state-metrics --set kubeRBACProxy.enabled=true
> kubectl describe pod/rbac-kube-state-metrics-668c776c-7r4vg

[...]
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
[...]
  Warning  Unhealthy  9s (x2 over 9s)   kubelet            Readiness probe errored and resulted in unknown state: strconv.Atoi: parsing "metrics": invalid syntax
  Warning  Unhealthy  3s (x2 over 13s)  kubelet            Liveness probe errored and resulted in unknown state: strconv.Atoi: parsing "http": invalid syntax

This is because the named ports are not created when rbac proxy is enabled. Additionally, having the host set to 127.0.0.1 when rbac proxy is enabled breaks the health check because the check originates from Kubernetes (outside the container) and therefore the connection is refused.

With this fix, the probes work as expected in all scenarios.

Special notes for your reviewer

Checklist

  • DCO signed
  • Chart Version bumped
  • Title of the PR starts with chart name (e.g. [prometheus-couchdb-exporter])

@LaurentGoderre LaurentGoderre force-pushed the kube-state-metrics-rbac-proxy-fix branch from 7c7cad4 to e6a0807 Compare December 11, 2025 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dotdc dotdc Awaiting requested review from dotdc dotdc is a code owner

@mrueg mrueg Awaiting requested review from mrueg mrueg is a code owner

@tariq1890 tariq1890 Awaiting requested review from tariq1890 tariq1890 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LaurentGoderre