when i write tls_config twice in different location,everything is Ok!
- job_name: kubernetes-apiservers
scheme: https
tls_config:
ca_file: /etc/ssl/ca.crt
cert_file: /etc/ssl/client.crt
key_file: /etc/ssl/client.key
kubernetes_sd_configs:
- role: endpoints
api_server: "https://10.0.124.10:6443";
tls_config:
ca_file: /etc/ssl/ca.crt
cert_file: /etc/ssl/client.crt
key_file: /etc/ssl/client.key
relabel_configs:
- action: keep
regex: default;kubernetes;https
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
在2021年1月13日星期三 UTC+8 下午3:41:15<simple steve> 写道:
> yes, the option【 insecure_skip_verify: true 】 doesn't work !
> logs are the same【 *x509: certificate signed by unknown authority*】
> ,wheather i change *insecure_skip_verify* to *true *or *false *!
>
> 在2020年12月22日星期二 UTC+8 下午5:13:27<[email protected]> 写道:
>
>> insecure_skip_verify: true
>>
>> this option doesn't work ?
>>
>> 在2020年12月22日星期二 UTC+8 下午4:59:28<alex he> 写道:
>>
>>> I can use curl to visit k8s apiserver api:
>>>
>>> *curl https://10.10.10.68:6443/api/v1/nodes
>>> <https://10.10.10.68:6443/api/v1/nodes> --cacert kube-ca.pem --cert
>>> kube-node.pem --key kube-node-key.pem|head -n 20*
>>>
>>> "kind": "NodeList",
>>> "apiVersion": "v1",
>>> "metadata": {
>>> "selfLink": "/api/v1/nodes",
>>> "resourceVersion": "67299229"
>>> },
>>> "items": [
>>> {
>>> "metadata": {
>>> "name": "k8smaster12",
>>> "selfLink": "/api/v1/nodes/k8smaster12",
>>> "uid": "060be972-6346-11ea-a193-00155d0a3a00",
>>> "resourceVersion": "67299092",
>>> "creationTimestamp": "2020-03-11T03:11:38Z",
>>> "labels": {
>>> "beta.kubernetes.io/arch": "amd64",
>>> "beta.kubernetes.io/os": "linux",
>>> "kubernetes.io/arch": "amd64",
>>> "kubernetes.io/hostname": "k8smaster12",
>>>
>>>
>>> *but I can't use prometheus to visit k8s.this is my prometheus.yml:*
>>> root@alextest-55c44cddc8-gqcdt:~/prometheus-2.23.0.linux-amd64# cat
>>> prometheus.yml
>>> global:
>>> scrape_interval: 15s
>>> evaluation_interval: 15s
>>>
>>> alerting:
>>> alertmanagers:
>>>
>>> - static_configs:
>>> - targets:
>>>
>>> rule_files:
>>>
>>> scrape_configs:
>>>
>>> - job_name: "alexk8s-apiserver"
>>> kubernetes_sd_configs:
>>> - role: endpoints
>>> api_server: 'https://10.10.10.68:6443'
>>> scheme: https
>>> tls_config:
>>> insecure_skip_verify: true
>>> ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
>>> cert_file: /root/ssl/kube-node.pem
>>> key_file: /root/ssl/kube-node-key.pem
>>> bearer_token_file: /var/run/secrets/
>>> kubernetes.io/serviceaccount/token
>>> relabel_configs:
>>> - action: labelmap
>>> regex: _*meta_kubernetes_node_label*(.+)
>>>
>>>
>>> when I start prometheus, it reports:
>>> root@alextest-gqcdt:~/prometheus-2.23.0.linux-amd64# ./prometheus
>>>
>>> level=info ts=2020-12-22T08:39:27.185Z caller=main.go:322 msg="No time
>>> or size retention was set so using the default time retention" duration=15d
>>> level=info ts=2020-12-22T08:39:27.185Z caller=main.go:360 msg="Starting
>>> Prometheus" version="(version=2.23.0, branch=HEAD,
>>> revision=26d89b4b0776fe4cd5a3656dfa520f119a375273)" level=info
>>> ts=2020-12-22T08:39:27.185Z caller=main.go:365 build_context="(go=go1.15.5,
>>> user=root@37609b3a0a21, date=20201126-10:56:17)" level=info
>>> ts=2020-12-22T08:39:27.185Z caller=main.go:366 host_details="(Linux
>>> 4.15.0-123-generic #126-Ubuntu SMP Wed Oct 21 09:40:11 UTC 2020 x86_64
>>> alextest-55c44cddc8-gqcdt (none))" level=info ts=2020-12-22T08:39:27.186Z
>>> caller=main.go:367 fd_limits="(soft=1048576, hard=1048576)" level=info
>>> ts=2020-12-22T08:39:27.186Z caller=main.go:368 vm_limits="(soft=unlimited,
>>> hard=unlimited)" level=info ts=2020-12-22T08:39:27.188Z caller=main.go:722
>>> msg="Starting TSDB ..." level=info ts=2020-12-22T08:39:27.188Z
>>> caller=web.go:528 component=web msg="Start listening for connections"
>>> address=0.0.0.0:9090 level=info ts=2020-12-22T08:39:27.193Z
>>> caller=head.go:645 component=tsdb msg="Replaying on-disk memory mappable
>>> chunks if any" level=info ts=2020-12-22T08:39:27.193Z caller=head.go:659
>>> component=tsdb msg="On-disk memory mappable chunks replay completed"
>>> duration=4.9µs level=info ts=2020-12-22T08:39:27.193Z caller=head.go:665
>>> component=tsdb msg="Replaying WAL, this may take a while" level=info
>>> ts=2020-12-22T08:39:27.193Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=0 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.194Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=1 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.195Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=2 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.197Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=3 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.198Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=4 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.199Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=5 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.200Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=6 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.200Z caller=head.go:717 component=tsdb msg="WAL
>>> segment loaded" segment=7 maxSegment=7 level=info
>>> ts=2020-12-22T08:39:27.200Z caller=head.go:722 component=tsdb msg="WAL
>>> replay completed" checkpoint_replay_duration=102.209µs
>>> wal_replay_duration=7.33696ms total_replay_duration=7.495874ms level=info
>>> ts=2020-12-22T08:39:27.203Z caller=main.go:742 fs_type=794c7630 level=info
>>> ts=2020-12-22T08:39:27.203Z caller=main.go:745 msg="TSDB started"
>>> level=info ts=2020-12-22T08:39:27.203Z caller=main.go:871 msg="Loading
>>> configuration file" filename=prometheus.yml level=info
>>> ts=2020-12-22T08:39:27.204Z caller=main.go:902 msg="Completed loading of
>>> configuration file" filename=prometheus.yml totalDuration=1.170705ms
>>> remote_storage=2µs web_handler=500ns query_engine=1.5µs scrape=252.623µs
>>> scrape_sd=336.23µs notify=17.502µs notify_sd=18.502µs rules=1.5µs
>>> level=info ts=2020-12-22T08:39:27.204Z caller=main.go:694 msg="Server is
>>> ready to receive web requests." level=error ts=2020-12-22T08:39:27.253Z
>>> caller=klog.go:96 component=k8s_client_runtime func=ErrorDepth
>>> *msg="/app/discovery/kubernetes/kubernetes.go:514:
>>> Failed to watch *v1.Node: failed to list *v1.Node: Get
>>> \"https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0\
>>> <https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0%5C>":
>>> x509: certificate signed by unknown authority" level=error
>>> ts=2020-12-22T08:39:28.554Z caller=klog.go:96 component=k8s_client_runtime
>>> func=ErrorDepth msg="/app/discovery/kubernetes/kubernetes.go:514: Failed to
>>> watch *v1.Node: failed to list *v1.Node: Get
>>> \"https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0\
>>> <https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0%5C>":
>>> x509: certificate signed by unknown authority" level=error
>>> ts=2020-12-22T08:39:31.675Z caller=klog.go:96 component=k8s_client_runtime
>>> func=ErrorDepth msg="/app/discovery/kubernetes/kubernetes.go:514: Failed to
>>> watch *v1.Node: failed to list *v1.Node: Get
>>> \"https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0\
>>> <https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0%5C>":
>>> x509: certificate signed by unknown authority" level=error
>>> ts=2020-12-22T08:39:37.017Z caller=klog.go:96 component=k8s_client_runtime
>>> func=ErrorDepth msg="/app/discovery/kubernetes/kubernetes.go:514: Failed to
>>> watch *v1.Node: failed to list *v1.Node: Get
>>> \"https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0\
>>> <https://10.10.10.68:6443/api/v1/nodes?limit=500&resourceVersion=0%5C>":
>>> x509: certificate signed by unknown authority"*
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/d9d781a1-005d-4e23-982b-893a023768fcn%40googlegroups.com.
