prometheus-operator通过https监控etcd
伍捷
要求:
- prometheus-operator的prometheus的生产环境要持久化
1、把相关的证书拷贝到prometheus中的prometheus目录下
kubectl cp /etc/etcd/ssl/etcd.pem -n monitoring prometheus-prometheus-kube-prometheus-prometheus-0:/prometheus/ -c prometheus
kubectl cp /etc/etcd/ssl/etcd-key.pem -n monitoring prometheus-prometheus-kube-prometheus-prometheus-0:/prometheus/ -c prometheus
kubectl cp /etc/kubernetes/ssl/ca.pem -n monitoring prometheus-prometheus-kube-prometheus-prometheus-0:/prometheus/ -c prometheus
2、修改servicemonitor的配置,增加证书配置
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app: kube-prometheus-stack-kube-etcd
app.kubernetes.io/instance: prometheus
app.kubernetes.io/part-of: kube-prometheus-stack
release: prometheus
name: prometheus-kube-prometheus-kube-etcd
namespace: monitoring
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
port: http-metrics
scheme: https #使用https协议
tlsConfig:
caFile: /prometheus/ca.pem #使用上边的证书
certFile: /prometheus/etcd.pem #使用上边的证书
keyFile: /prometheus/etcd-key.pem #使用上边的证书
insecureSkipVerify: true #忽略验证证书
jobLabel: jobLabel
namespaceSelector:
matchNames:
- kube-system
selector:
matchLabels:
app: kube-prometheus-stack-kube-etcd
release: prometheus
类似资料: