Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs even when server_name passed #3790

Closed
vbasavani opened this Issue Feb 3, 2018 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@vbasavani @brian-brazil
@vbasavani
Copy link

vbasavani commented Feb 3, 2018 

global:
  scrape_interval:     15s
  evaluation_interval: 15s
  scrape_timeout: 15s

# Alertmanager configuration
#alerting:
#  alertmanagers:
#  - static_configs:
#    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

scrape_configs:
  - job_name: 'kubernetes-pods'
    kubernetes_sd_configs:
    - role: pod
      api_server: 'https://api.internal.example.com'
      basic_auth:
        username: 'admin'
        password: 'password'
      tls_config:
        ca_file: '/opt/prometheus-2.1.0.linux-amd64/ca.crt'
        server_name: kubernetes
        insecure_skip_verify: false
    scheme: https
    relabel_configs:
    - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
      action: keep
      regex: true
    - source_labels: [__meta_kubernetes_pod_namespace,__meta_kubernetes_pod_label_name]
      separator: '/'
      target_label: job
    - source_labels: [__meta_kubernetes_pod_node_name]
      target_label: node
  - job_name: 'kubernetes-nodes'
    kubernetes_sd_configs:
    - role: node
      api_server: 'https://api.internal.example.com'
      basic_auth:
        username: 'admin'
        password: 'password'
      tls_config:
        ca_file: '/opt/prometheus-2.1.0.linux-amd64/ca.crt'
        server_name: kubernetes
        insecure_skip_verify: false
    scheme: https
    relabel_configs:
    - action: labelmap
      regex: __meta_kubernetes_node_label_(.+)

I am getting the below error.

Get https://x.x.x.x:10250/metrics: x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs

and the kubernetes cluster is running on aws using kops and the certificate has subject CN=kubernetes
can anybody help me on how to resolve this issue?

@vbasavani vbasavani changed the title annot validate certificate for x.x.x.x because it doesn't contain any IP SANs even when server_name passed cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs even when server_name passed Feb 3, 2018

@brian-brazil

This comment has been minimized.

Sign in to view
Copy link
Member

brian-brazil commented Feb 3, 2018

It makes more sense to ask questions like this on the prometheus-users mailing list rather than in a GitHub issue. On the mailing list, more people are available to potentially respond to your question, and the whole community can benefit from the answers provided.

@brian-brazil brian-brazil closed this Feb 3, 2018

@lock

This comment has been minimized.

Sign in to view
Copy link

lock bot commented Mar 22, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked and limited conversation to collaborators Mar 22, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.