I configure Prometheus to monitor all the node using kubelet metrics inside my OpenShift cluster in the following way:
I configure a cluster role using this yaml file
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cr-prometheus
rules:
- apiGroups: [""]
resources:
- /metrics
- nodes
- nodes/stats
- nodes/metrics
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups:
- extensions
resources:
- ingresses
verbs: ["get", "list", "watch"]
a cluster role binding beteween role and service account sa-prometheus under rbac auth
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: crb-prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cr-prometheus
subjects:
- kind: ServiceAccount
name: sa-prometheus
namespace: mon-01
I configure kubelet job under prometheus config yml file using the following config map
- job_name: 'kubelet'
kubernetes_sd_configs:
- role: node
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
in Promethues end point I receive
https://NodeIP:10250/metrics DOWN
instance="NodeIP"job="kubelet"
10.51s ago
2.425ms
server returned HTTP status 401 Unauthorized
My question is
what user the metric invocation wants ?
How I can define it? and where ?
The user is connected to some specific configuration/invocation when I start/create my kubrenetes environment ?
I do not found any user reference in many documentation
Many thanks in advance for any suggestion