[英]Prometheus Outside Kubernetes Cluster
I'm trying to configure Prometheus outside Kubernetes Cluster.我正在尝试在 Kubernetes 集群之外配置 Prometheus。
Below is my Prometheus config.下面是我的 Prometheus 配置。
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
api_server: https://10.0.4.155:6443
scheme: https
tls_config:
insecure_skip_verify: true
basic_auth:
username: kube
password: Superkube01
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
These is how it looks:这是它的外观:
root@master01:~# kubectl cluster-info
Kubernetes master is running at https://10.0.4.155:6443
root@master01:~# kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 10.0.4.103:6443,10.0.4.138:6443,10.0.4.155:6443 11h
netchecker-service 10.2.0.10:8081 11h
root@master01:~#
But, when starting Prometheus, i'm getting below error.但是,在启动 Prometheus 时,我遇到了以下错误。
level=error ts=2018-05-29T13:55:08.171451623Z caller=main.go:216 component=k8s_client_runtime err="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:270: Failed to list *v1.Pod: Get https://10.0.4.155:6443/api/v1/pods?resourceVersion=0: x509: certificate signed by unknown authority"
Could anyone please tell me, what wrong i'm doing here?谁能告诉我,我在这里做错了什么?
Thanks, Pavanasam R谢谢,帕瓦纳萨姆 R
The error indicates that Prometheus is using a different certificate to sign its metric collection request than the one expected by your apiserver.该错误表明 Prometheus 正在使用与您的 apiserver 预期的证书不同的证书来签署其指标收集请求。
You really need to format your code in a code block so we can see the yaml formatting.您确实需要在代码块中格式化您的代码,以便我们可以看到 yaml 格式。 kubernetes_sd_configs
seems to be the wrong home for insecure_skip_verify
and basic_auth
according to this link .根据此链接, kubernetes_sd_configs
似乎是insecure_skip_verify
和basic_auth
的错误主页。 Might want to move them and try scraping again.可能想要移动它们并再次尝试抓取。
As of now your insecure_skip_verify is a part of kubernetes_sd_configs:.截至目前,您的 insecure_skip_verify 是 kubernetes_sd_configs: 的一部分。 Add it in api_server context as well.也将它添加到 api_server 上下文中。
kubernetes_sd_configs:
- api_server: https://<ip>:6443
role: node
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
tls_config:
insecure_skip_verify: true
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.