I configure Prometheus to monitor all the node using kubelet metrics inside my OpenShift cluster in the following way:
I configure a cluster role using this yaml file
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cr-prometheus rules: - apiGroups: [""] resources: - /metrics - nodes - nodes/stats - nodes/metrics - services - endpoints - pods verbs: ["get", "list", "watch"] - apiGroups: - extensions resources: - ingresses verbs: ["get", "list", "watch"]
a cluster role binding beteween role and service account sa-prometheus under rbac auth
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: crb-prometheus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cr-prometheus subjects: - kind: ServiceAccount name: sa-prometheus namespace: mon-01
I configure kubelet job under prometheus config yml file using the following config map
- job_name: 'kubelet' kubernetes_sd_configs: - role: node scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
in Promethues end point I receive
https://NodeIP:10250/metrics DOWN instance="NodeIP"job="kubelet" 10.51s ago 2.425ms server returned HTTP status 401 Unauthorized
My question is
what user the metric invocation wants ?
How I can define it? and where ?
The user is connected to some specific configuration/invocation when I start/create my kubrenetes environment ?
I do not found any user reference in many documentation
Many thanks in advance for any suggestion