[stable/prometheus] How to monitor etcd with ssl? #6921
Comments
I ended up manually loading etcd's certificates into a Kubernetes Secret and adding this to prometheus chart's config : extraSecretMounts:
- name: prometheus-etcd-certificates
mountPath: /etcd-ssl
secretName: prometheus-etcd-certificates
readOnly: true
[...]
- job_name: 'etcd'
[...]
tls_config:
insecure_skip_verify: true
cert_file: /etcd-ssl/tls.crt
key_file: /etcd-ssl/tls.key |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
This issue is being automatically closed due to inactivity. |
in case this helps anyone, i built an on-prem v1.13.5 kubernetes cluster using kubeadm.. i also deploy my prometheus-operator into its own "metrics" namespace. so during cluster initialization, while bootstrapping the cluster, i also capture the generated etcd certs on the first master node using:
and then adding this to my values.yaml:
then the target gets scraped properly |
挂载证书解决问题 |
第一步: 第三步: |
Is this a request for help?: Yes
Is this a BUG REPORT or FEATURE REQUEST? (choose one): FEATURE REQUEST
Version of Helm and Kubernetes:
Which chart: stable/prometheus
What happened:
I need to update prometheus to scrape the etcd servers of the same cluster that Prometheus is running on. Here's my job config:
This doens't work as the cert file (ca.crt) is for Kubernetes cluster, not for etcd cluster.
Prometheus complains of bad certificate when scraping these endpoints:
What you expected to happen:
Is there a way to add these cert files that is needed for Prometheus to scrape etcd?
I imaging something like some variables with contents to mount to prometheus. Such as:
Then those file will be mounted to Prometheus in /prometheus.
Then the job configs for etcd can refer to these files.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know:
The text was updated successfully, but these errors were encountered: