[英]Etcd cluster is unavailable or misconfigured; cannot validate certificate; because it doesn't contain any IP SANs
[英]Prometheus cannot scrape external etcd
我有在AWS實例上運行的Kubernetes集群,並在kubernetes內部運行了用於監控的prometheus。 Kubernetes外部運行着三台etcd服務器,我正在嘗試使用prometheus監視etcd的運行狀況。
Prometheus作為狀態集進行部署,並具有kubelet,節點導出器及其自身的度量。 但是,我無法從etcd獲取任何指標。
這是prometheus的配置的相關部分:
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus
namespace: monitoring
data:
prometheus.yml: |-
global:
scrape_interval: 30s
evaluation_interval: 30s
rule_files:
- /etc/alertmanager/*.rules
scrape_configs:
- job_name: etcd
scheme: https
static_configs:
- targets: ['x.x.x.x:2379']
tls_config:
ca_file: /etc/etcd/ssl/ca.pem
cert_file: /etc/etcd/ssl/client.pem
key_file: /etc/etcd/ssl/client-key.pem
insecure_skip_verify: true
- job_name: kubelets
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
這是我在Prometheus儀表板中遇到的錯誤:
Get https://x.x.x.x.:2379/metrics: x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs
證書是自簽名的,但是“ insecure_skip_verify”不應該這樣做嗎?
為了消除etcd問題,如果您正在使用etcd3,則可以將以下參數與etcd客戶端etcdctl
一起使用,並使用https://github.com/coreos/etcd/blob/master/Documentation中的步驟與etcd服務器進行交互/dev-guide/interacting_v3.md 。 如果可以正常運行,我會說這是一個普羅米修斯問題,因為它不遵守insecure_skip_verify: true
配置。
--insecure-skip-tls-verify=true skip server certificate verification
--insecure-transport=true disable transport security for client connections
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.