Update GKE kubelet scraping docs (#1682)
This commit is contained in:
@@ -362,6 +362,8 @@ Should the Prometheus `/targets` page show kubelet targets, but not able to succ
|
||||
|
||||
As described in the [prerequisites](#prerequisites) section, in order to retrieve metrics from the kubelet token authentication and authorization must be enabled. Some Kubernetes setup tools do not enable this by default.
|
||||
|
||||
If you are using Google's GKE product, see [docs/GKE-cadvisor-support.md].
|
||||
|
||||
#### Authentication problem
|
||||
|
||||
The Prometheus `/targets` page will show the kubelet job with the error `403 Unauthorized`, when token authentication is not enabled. Ensure, that the `--authentication-token-webhook=true` flag is enabled on all kubelet configurations.
|
||||
|
@@ -1,7 +1,21 @@
|
||||
# Kubelet / cAdvisor special configuration updates for GKE
|
||||
|
||||
In order to allow Prometheus to access the endpoints provided by the kubelet/cAdvisor on GKE we have to downgrade the scheme to HTTP (from HTTPS).
|
||||
Prior to GKE 1.11, the kubelet does not support token
|
||||
authentication. Until it does, Prometheus must use HTTP (not HTTPS)
|
||||
for scraping.
|
||||
|
||||
You can configure this behavior through kube-prometheus with:
|
||||
```
|
||||
local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
|
||||
(import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet') +
|
||||
{
|
||||
_config+:: {
|
||||
# ... config here
|
||||
}
|
||||
};
|
||||
```
|
||||
|
||||
Or, you can patch and re-apply your existing manifests with:
|
||||
|
||||
On linux:
|
||||
|
||||
|
Reference in New Issue
Block a user