-
|
Hello, I am setting up monitoring for my RKE 1.29 cluster, and I want to scrape the Kube scheduler and controller-manager ports for Prometheus metrics. I added the following configuration to expose their ports outside of localhost: ---
kube-scheduler-arg:
- "--bind-address=0.0.0.0"
kube-controller-manager-arg:
- "--bind-address=0.0.0.0"Now my scrape (I'm using Victoriametrics Operator) fails with the following errors: For controller manager: For scheduler: As far as I can tell, these certs are self-signed and generated by the corresponding components. After changing the bind address, do I need to clean the old certs somehow? Or are there more flags I need to pass to get the certificates to include the Node InternalIP? Thanks in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Yes, the certs are generated internally by the scheduler and controller-manager. I'm not aware of any way to influence the hostnames for the internally-generated certificates. Your choices are probably to either manually generate your own certs and pass in the correct args to point the components at the cert+key, or disable certificate validation in whatever is scraping these pods. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, I disabled validation for now. |
Beta Was this translation helpful? Give feedback.
Yes, the certs are generated internally by the scheduler and controller-manager. I'm not aware of any way to influence the hostnames for the internally-generated certificates. Your choices are probably to either manually generate your own certs and pass in the correct args to point the components at the cert+key, or disable certificate validation in whatever is scraping these pods.