metrics-server

metrics-server is a Kubernetes add-on that aggregates resource metrics (such as CPU and memory) from kubelets and exposes them to the Kubernetes API (commonly used by HPA/VPA and kubectl top).

Evaluated Apr 04, 2026 (0d ago)
Homepage ↗ Repo ↗ Monitoring kubernetes monitoring autoscaling metrics-api hpa cluster-observability
⚙ Agent Friendliness
46
/ 100
Can an agent use this?
🔒 Security
65
/ 100
Is it safe for agents?
⚡ Reliability
36
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
40
Error Messages
0
Auth Simplicity
55
Rate Limits
20

🔒 Security

TLS Enforcement
85
Auth Strength
65
Scope Granularity
50
Dep. Hygiene
50
Secret Handling
70

Security posture is largely determined by Kubernetes RBAC and the network/TLS configuration used for metrics-server to scrape kubelets. There is no evidence here of app-level secret leakage handling; assume best practices for cluster secrets and TLS validation, and avoid exposing metrics-server externally.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
50
Error Recovery
40
AF Security Reliability

Best When

Used inside a Kubernetes cluster where kubelet access to the aggregator can be secured, and where you need the Kubernetes Metrics API for autoscaling and troubleshooting.

Avoid When

You cannot securely grant the metrics-server access to kubelet stats endpoints, or when you require a full metrics/alerting stack rather than the Kubernetes Metrics API.

Use Cases

  • Autoscaling with Kubernetes HPA based on CPU/memory utilization
  • Viewing live cluster resource utilization via kubectl top
  • Providing metrics to controllers/ops tooling that require Kubernetes Metrics API

Not For

  • Long-term metrics storage/observability (Prometheus/Grafana are better fits)
  • Highly specialized telemetry pipelines
  • External/Internet-facing metrics exposure without network controls

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: Kubernetes RBAC (service account permissions to read metrics/metrics.k8s.io API) Kubelet authentication/authorization as configured for metrics-server to scrape node stats (commonly via TLS and kubelet endpoints)
OAuth: No Scopes: No

metrics-server itself is deployed as a Kubernetes component. Access to the exposed metrics API is typically controlled via Kubernetes RBAC rather than OAuth scopes.

Pricing

Free tier: No
Requires CC: No

Open-source component; cost is operational (cluster resources).

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • metrics-server depends on kubelet access; common failures are TLS/auth/connectivity issues to kubelets
  • Kubernetes version/metrics.k8s.io API compatibility can affect behavior across clusters
  • If metrics are missing/empty, downstream autoscaling may not work; agents may need to check logs and APIService conditions rather than only request failures

Alternatives

Prometheus + kube-state-metrics/node-exporter (for comprehensive observability) KEDA (for event-driven autoscaling, though it still may rely on metrics sources) cAdvisor/metrics pipelines depending on needs

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for metrics-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered