-
Notifications
You must be signed in to change notification settings - Fork 458
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[target allocator] Generate secret containing require TLS creds for scraping. #1844
Comments
Related to #1669 |
am i hit this if i see this log into collecor:
From curl TA at /scrap_confis i have this configuration for prometheus operator
|
@matej-g would you be able to work on this if you get a chance? if not i'll poll the group and see if anyone else can! |
also having the same problem, trying to migrate from kube prometheus stack |
Hey, @jaronoff97 let me take a look at this |
in #1710, work was done generate the store struct and dump it in the generated config. For this issue, the same struct must be reconciled in a k8s Secret (similar to https://github.com/prometheus-operator/prometheus-operator/blob/main/pkg/prometheus/server/operator.go#L1000) and this Secret mounted in the collector pods |
An alternative would be to put the content of the certs in the generated config without the indirection to a file (ca instead of ca_file, cert instead of cert_file, etc) |
This would support PodMonitors as well since those intentionally disable file references. And the suggested workaround of using |
if service monitors include the
.spec.tlsConfig
scraping fails unless the Collector has suitable volumes and volume mounts to bring in the correct credentials. The Prometheus Operator does generate such a secret (which can be reused), but ideally the target allocator would provide it's own.The text was updated successfully, but these errors were encountered: