Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v1.Pod: User \"kubernetes\" cannot list pods at the cluster scope #4081

Closed
kongsys opened this Issue Apr 12, 2018 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@kongsys @brian-brazil
@kongsys
Copy link

kongsys commented Apr 12, 2018
edited

Proposal

Use case. Why is this important?
prometheus access k8s, get error , prometheus use bearer token file
service-account.name is prometheus not Kubernetes ,and prometheus run in ec2

Nice to have' is not a good use case :)

Bug Report

What did you do?

What did you expect to see?

What did you see instead? Under which circumstances?

Environment

  • System information:

Linux 4.4.53-1.el7.centos.x86_64 x86_64

  • Prometheus version:

    prometheus, version 2.2.1

  • Alertmanager version:

    not yet use Altermanager

  • Prometheus configuration file:

# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
      - targets: ['localhost:9090']
  - job_name: "consul-prometheus"
    consul_sd_configs:
      - server: "172.31.13.134:8500"
        services: []
    relabel_configs:
      - source_labels: [__meta_consul_tags]
        regex: .*prometheus-target.*
        action: keep
  - job_name: "kubernetes-apiservices"

    kubernetes_sd_configs:
    - role: endpoints
      #api_server: https://172.31.12.82:6443
      api_server: https://172.31.12.82:6443
      bearer_token_file: /mnt/disk0/prometheus-2.2.1.linux-amd64/token
      tls_config:
        insecure_skip_verify: true
        cert_file: /mnt/disk0/prometheus-2.2.1.linux-amd64/kubernetes.pem
        key_file: /mnt/disk0/prometheus-2.2.1.linux-amd64/key.pem

    relabel_configs:
    - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
      action: keep
      regex: default;kubernetes;https
  • Logs:
level=error ts=2018-04-12T12:34:52.639922534Z caller=main.go:216 component=k8s_client_runtime err="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:268: Failed to list *v1.Endpoints: User \"kubernetes\" cannot list endpoints at the cluster scope. (get endpoints)"
level=error ts=2018-04-12T12:34:52.639971823Z caller=main.go:216 component=k8s_client_runtime err="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:269: Failed to list *v1.Service: User \"kubernetes\" cannot list services at the cluster scope. (get services)"
level=error ts=2018-04-12T12:34:52.640026257Z caller=main.go:216 component=k8s_client_runtime err="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:270: Failed to list *v1.Pod: User \"kubernetes\" cannot list pods at the cluster scope. (get pods)"
@brian-brazil

This comment has been minimized.

Sign in to view
Copy link
Member

brian-brazil commented Apr 12, 2018

It makes more sense to ask questions like this on the prometheus-users mailing list rather than in a GitHub issue. On the mailing list, more people are available to potentially respond to your question, and the whole community can benefit from the answers provided.

@brian-brazil brian-brazil closed this Apr 12, 2018

@lock

This comment has been minimized.

Sign in to view
Copy link

lock bot commented Mar 22, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked and limited conversation to collaborators Mar 22, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.