I'm trying to setup a Prometheus monitoring on a dedicated Linux VM to get Kubernetes cluster metrics.
Whatever I try, I'm always blocked with the nice message Unauthorized...
This is my scrape config for pods:
- job_name: 'Kubernetes'
scheme: https
tls_config:
insecure_skip_verify: true
bearer_token: %VeryLongLine%
kubernetes_sd_configs:
- api_server: https://%ClusterName%.hcp.westeurope.azmk8s.io
tls_config:
insecure_skip_verify: true
role: node
namespaces:
names: [default]
The token is the correct one because a Invoke-WebRequest from PowerShell works just fine.
Does anyone have an idea?
Thank you
- job_name: 'Kubernetes'
scheme: https
tls_config:
insecure_skip_verify: true
kubernetes_sd_configs:
- api_server: https://%ClusterName%.hcp.westeurope.azmk8s.io
bearer_token: %VeryLongLine%
role: node
namespaces:
names: [default]
Bearer token at the right place, so in the kubernetes config and not the job
Looks like you are missing the CA for your service account:
- job_name: 'Kubernetes'
scheme: https
tls_config:
insecure_skip_verify: true
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token: %VeryLongLine%
kubernetes_sd_configs:
- api_server: https://%ClusterName%.hcp.westeurope.azmk8s.io
role: node
namespaces:
names: [default]
Hope it helps!