Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scrape kubelets, cadvisor #180

Merged
merged 3 commits into from
Jan 18, 2018
Merged

scrape kubelets, cadvisor #180

merged 3 commits into from
Jan 18, 2018

Conversation

auhlig
Copy link
Member

@auhlig auhlig commented Jan 16, 2018
edited
Loading

prom scrapes kubelets, cadvisor metrics. tested in k-staging.

@auhlig auhlig requested a review from BugRoger as a code owner January 16, 2018 16:50
@auhlig auhlig changed the title scrape kubelets scrape kubelets, cadvisor Jan 16, 2018
@auhlig
Copy link
Member Author

auhlig commented Jan 16, 2018

not sure about the container_* metrics. it's a lot.

databus23
databus23 reviewed Jan 17, 2018
View reviewed changes
charts/kubernikus-system/charts/prometheus/templates/_prometheus.yaml.tpl Outdated
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why? Can we get this fixed?

Copy link
Member

@databus23 databus23 Jan 17, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we don't have kubernetes.default.svc added to the apiservers cert's SANs. kubernetes.default should work.

databus23
databus23 requested changes Jan 17, 2018
View reviewed changes
Copy link
Member

@databus23 databus23 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix the insecure: skip thingy

auhlig
auhlig commented Jan 17, 2018
View reviewed changes
charts/kubernikus-system/charts/prometheus/templates/_prometheus.yaml.tpl
action: replace
target_label: __scheme__
regex: https
replacement: http
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is still necessary to avoid Get https://198.18.0.22:10250/metrics: x509: cannot validate certificate for 198.18.0.22 because it doesn't contain any IP SANs

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, we can't add the whole node subnet as IPs to the certificates. So, here we need to grab the unsecured port or skip host validation

@auhlig
Copy link
Member Author

auhlig commented Jan 17, 2018

It's ready for another review @databus23

BugRoger
BugRoger approved these changes Jan 18, 2018
View reviewed changes
charts/kubernikus-system/charts/prometheus/templates/_prometheus.yaml.tpl
action: replace
target_label: __scheme__
regex: https
replacement: http
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, we can't add the whole node subnet as IPs to the certificates. So, here we need to grab the unsecured port or skip host validation

@BugRoger BugRoger merged commit d2750c2 into master Jan 18, 2018
@BugRoger BugRoger deleted the kubelets branch January 18, 2018 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BugRoger BugRoger BugRoger approved these changes

@databus23 databus23 databus23 approved these changes

Assignees
No one assigned
Labels
infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@auhlig @BugRoger @databus23