easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kube-prometheus: update etcd info

Browse Source 
Resolves issue #1629 in this repository.
This commit is contained in:
Joshua Olson
2018-08-01 09:17:58 -05:00
parent fe923a7239
commit bed6e4865a
5 changed files with 36 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
examples/etcd.jsonnet
View File

@@ -3,12 +3,29 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
_config+:: {
namespace: 'monitoring',
// Reference info: https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus/README.md#static-etcd-configuration
etcd+:: {
// Configure this to be the IP(s) to scrape - i.e. your etcd node(s) (use commans to separate multiple values).
ips: ['127.0.0.1'],
clientCA: importstr 'etcd-client-ca.crt',
clientKey: importstr 'etcd-client.key',
clientCert: importstr 'etcd-client.crt',
// Set these three variables to values that are valid to scrape etcd metrics with (check the apiserver container).
// Most likely these certificates are generated somewhere in an infrastructure repository, so using the jsonnet `importstr` function can
// be useful here. (Kube-aws stores these three files inside the credential folder.)
// All the sensitive information on the certificates will end up in a Kubernetes Secret.
clientCA: importstr '/path-on-your-work-machine/etcd-client-ca.crt',
clientKey: importstr '/path-on-your-work-machine/etcd-client.key',
clientCert: importstr '/path-on-your-work-machine/etcd-client.crt',
// A valid name for the certificate
serverName: 'etcd.my-cluster.local',
// TODO: enhance kube-prometheus-static-etcd.libsonnet to allow 'insecureSkipVerify: true' to be specified here (as an alternative to specifying a value for 'serverName').
// Note that insecureSkipVerify is only to be used if you cannot use a Subject Alternative Name.
// In case you have generated the etcd certificate with kube-aws:
// * If you only have one etcd node, you can use the value from 'etcd.internalDomainName' (specified in your kube-aws cluster.yaml) as the value for 'serverName'.
// * But if you have multiple etcd nodes, you will need to use 'insecureSkipVerify: true' (if using default certificate generators method), as the valid certificate domain
// will be different for each etcd node. (kube-aws default certificates are not valid against the IP - they were created for the DNS.)
},
},
};