这里是掌舵图表值stable/prometheus
:https : //github.com/helm/charts/blob/master/stable/prometheus/values.yaml
我能够让它工作:
helm upgrade --install prometheus stable/prometheus \
--set extraScrapeConfigs="- job_name: 'myjob'
scrape_interval: 1s
metrics_path: /metrics
scheme: https
static_configs:
- targets: ['###.##.###.###:#####']
tls_config:
ca_file: /prometheus/ca.pem
key_file: /prometheus/key.pem
cert_file: /prometheus/cert.pem
insecure_skip_verify: true"
为了做到这一点,我不得不这样做:
kubectl cp localdir/ca.pem prometheus-server-abc:/prometheus -c prometheus-server
kubectl cp localdir/key.pem prometheus-server-abc:/prometheus -c prometheus-server
kubectl cp localdir/cert.pem prometheus-server-abc:/prometheus -c prometheus-server
我相信有一种更好、更合适的方法来使用Secret
and来做到这一点mountPath
。我尝试了以下类似的东西,但没有运气:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
ca.pem: base64encodedcapem
key.pem: base64encodedkeypem
cert.pem: base64encodedcertpem
kubectl apply -f mysecret
helm upgrade --install prometheus stable/prometheus \
--set extraSecretMounts="- name: mysecret-mount
mountPath: /somepathinpod/mysecret
secretName: mysecret" \
--set extraScrapeConfigs="- job_name: 'myjob'
scrape_interval: 1s
metrics_path: /metrics
scheme: https
static_configs:
- targets: ['###.##.###.###:#####']
tls_config:
ca_file: /somepathinpod/mysecret/ca.pem
key_file: /somepathinpod/mysecret/key.pem
cert_file: /somepathinpod/mysecret/cert.pem
insecure_skip_verify: true"
我希望证书神奇地出现在,/somepathinpod
但他们没有。
我假设我不必克隆整个 repo 并手动编辑 helm chart 以将 avolumeMount
放入prometheus-server
部署/pod,并且可以以某种方式更改我的 helm 命令。关于如何在那里获取我的证书的任何建议?
根据该文件,正确的钥匙的用途是server.extraSecretMounts
,而不仅仅是extraSecretMounts
。
还要通过以下方式验证 Kubernetes 上生成的 YAML 是否包含正确的挂载:
kubectl get deployment prometheus-server-object-name -o yaml
覆盖.yaml
server:
extraSecretMounts:
- name: mysecret-mount
mountPath: /etc/config/mysecret
secretName: mysecret
extraScrapeConfigs: |
- job_name: myjob
scrape_interval: 15s
metrics_path: /metrics
scheme: https
static_configs:
- targets:
- ###.##.###.###:#####
tls_config:
ca_file: /etc/config/mysecret/ca.pem
key_file: /etc/config/mysecret/key.pem
cert_file: /etc/config/mysecret/cert.pem
insecure_skip_verify: true
helm upgrade -f override.yaml prometheus stable/prometheus
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句