Hello @roidelapluie ,
We are using user defined Prometheus and would like to know how can we implement node-exporter with TLS encryption with User-Defined Prometheus.
We have used OCP 4.8 (Openshift Container Platform ) as Prometheus and node-exporter
configuration file for node-exporter service is:
Exporter Side
- config.yaml
- node_exporter.crt
- node_exporter.key
$ podman run -i -t -v /home/supervisor/encryption:/tmp:z -p 9100:9100 quay.io/prometheus/node-exporter --web.config="/tmp/config.yaml"
Prometheus side
[root@ocp003-mng001 node]# cat service.yaml
apiVersion: v1
kind:
Service
metadata:
name: caasnode-exporter
namespace: pf-monitor
labels:
app: caasnode-exporter
spec:
ports:
- port: 9100
targetPort: 9100
name: metric
protocol: TCP
type: NodePort
[root@ocp003-mng001 node]# cat endpoints.yaml
kind: Endpoints
apiVersion: v1
metadata:
name: caasnode-exporter
namespace: pf-monitor
subsets:
- addresses:
- ip: 172.17.40.221
ports:
- port: 9100
name: metric
[root@ocp003-mng001 node]# cat serviceMonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
k8s-app: node-exporter
name: caasnode-exporter
namespace: pf-monitor
spec:
endpoints:
- interval: 30s
name: metric
scheme: https
tls_config:
ca_file: node_exporter.crt
selector:
matchLabels:
app: caasnode-exporter
[root@ocp003-mng001 node]# oc get pods -n openshift-user-workload-monitoring
NAME READY STATUS RESTARTS AGE
prometheus-operator-fb9dcc6c-tbvbj 2/2 Running 0 2d
prometheus-user-workload-0 5/5 Running 1 2d
prometheus-user-workload-1 5/5 Running 1 2d
thanos-ruler-user-workload-0 3/3 Running 0 2d
thanos-ruler-user-workload-1 3/3 Running 0 2d