You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I deployed kube-green with OLM on an Openshift platform and I would like to configure my local Prometheus to scrape its metrics.
But, when I try to configure it, queries returns server returned HTTP status 400 Bad Request on both ports 8443 and 9443.
After some investigation, it appears that /metrics is exposed only on the localhost:
There is also a service named kube-green-controller-manager-metrics-service on port 8443. But it is protected by the sidecar kube-rbac-proxy and a query returns 401 Unauthorized.
What is the solution to bypass the kube-rbac-proxy ?
Rgds.
The text was updated successfully, but these errors were encountered:
Thanks.
If I understand correctly the prometheus ServiceAccount should have permissions to /metrics, like in this example: https://github.com/brancz/kube-rbac-proxy/blob/master/examples/non-resource-url/client-rbac.yaml#L1-L7
But, this permission must be configured in a ClusterRole and in my case, with OpenShift namespace isolation, each project has has its own prometheus with a simple Role and I can't add this rule (nonResourceURLs).
So, it is not applicable.
Hello,
I deployed kube-green with OLM on an Openshift platform and I would like to configure my local Prometheus to scrape its metrics.
But, when I try to configure it, queries returns
server returned HTTP status 400 Bad Request
on both ports 8443 and 9443.After some investigation, it appears that /metrics is exposed only on the localhost:
There is also a service named
kube-green-controller-manager-metrics-service
on port 8443. But it is protected by the sidecarkube-rbac-proxy
and a query returns401 Unauthorized
.What is the solution to bypass the kube-rbac-proxy ?
Rgds.
The text was updated successfully, but these errors were encountered: