Prometheus：通过注释添加 insecure_skip_verify 或为 kubernetes pods 抓取配置适配

Question

通过使用此配置，它将为集群组件（如 API 服务器和节点）创建单独的抓取配置，并且服务将使用不同的身份验证配置。另请注意，Kubernetes 标签将添加为 Prometheus。

scrape_configs:
 - job_name: "kubernetes-apiservers"
   kubernetes_sd_configs:
     - role: endpoints

   # Default to scraping over https
   # If required, just disable this or change to http
   scheme: https

   # This TLS & authorization config is used to connect to the actual scrape
   # endpoints for cluster components. This is separate to discovery auth 
   # configuration because discovery & scraping are two separate concerns in 
   # Prometheus. The discovery auth config is automatic if Prometheus runs 
   # inside the cluster. Otherwise, more config options have to be provided 
   # within the
   # <kubernetes_sd_config>

   tls_config:
     ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

   # If your node certificates are self-signed or use a different CA to the
   # master CA, then disable certificate verification below. Note that
   # certificate verification is an integral part of a secure infrastructure,
   # so this should only be disabled in a controlled environment. You can
   # disable certificate verification by uncommenting the line below.
   insecure_skip_verify: true

   authorization:
     credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token


   # Keep only the default/kubernetes service endpoints for the https port.
   # This will add targets for each API server which Kubernetes adds an
   # endpoint to the default/kubernetes service.
   relabel_configs:
     - source_labels:
         [__meta_kubernetes_namespace,
          __meta_kubernetes_service_name,
          __meta_kubernetes_endpoint_port_name,]
       action: keep
       regex: default;kubernetes;https

请参阅此[文档][1]了解更多信息。[1]: https://github.com/prometheus/prometheus/blob/main/documentation/examples/prometheus-kubernetes.yml

Answer 1

通过使用此配置，它将为集群组件（如 API 服务器和节点）创建单独的抓取配置，并且服务将使用不同的身份验证配置。另请注意，Kubernetes 标签将添加为 Prometheus。

scrape_configs:
 - job_name: "kubernetes-apiservers"
   kubernetes_sd_configs:
     - role: endpoints

   # Default to scraping over https
   # If required, just disable this or change to http
   scheme: https

   # This TLS & authorization config is used to connect to the actual scrape
   # endpoints for cluster components. This is separate to discovery auth 
   # configuration because discovery & scraping are two separate concerns in 
   # Prometheus. The discovery auth config is automatic if Prometheus runs 
   # inside the cluster. Otherwise, more config options have to be provided 
   # within the
   # <kubernetes_sd_config>

   tls_config:
     ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

   # If your node certificates are self-signed or use a different CA to the
   # master CA, then disable certificate verification below. Note that
   # certificate verification is an integral part of a secure infrastructure,
   # so this should only be disabled in a controlled environment. You can
   # disable certificate verification by uncommenting the line below.
   insecure_skip_verify: true

   authorization:
     credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token


   # Keep only the default/kubernetes service endpoints for the https port.
   # This will add targets for each API server which Kubernetes adds an
   # endpoint to the default/kubernetes service.
   relabel_configs:
     - source_labels:
         [__meta_kubernetes_namespace,
          __meta_kubernetes_service_name,
          __meta_kubernetes_endpoint_port_name,]
       action: keep
       regex: default;kubernetes;https

请参阅此[文档][1]了解更多信息。[1]: https://github.com/prometheus/prometheus/blob/main/documentation/examples/prometheus-kubernetes.yml

Prometheus：通过注释添加 insecure_skip_verify 或为 kubernetes pods 抓取配置适配

答案1

相关内容