Secure kubernetes monitoring in Prometheus using service discovery

Nico Gatti

7/7/23, 8:22 PM

I'm currently using Prometheus to scrape metrics from a /metrics endpoint on my pods.

In order to identify the pods I'm using kubernetes service discovery which discovers the pods and targets them through their internal IP.

The problem is I want to move from http to https scheme to secure the endpoints, but as Prometheus uses IP endpoint its giving me the error

x509: cannot validate certificate for 172.17.0.18 because it doesn't contain any IP SANs

I'm kinda lost on how to proceed to enable the client certificate validation without issuing a per IP certificate which does not have any sense as IPs are internal to the cluster and are not static.

0 + 0

monitoring

kubernetes

prometheus

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Secure kubernetes monitoring in Prometheus using service discovery

TH: ตรวจสอบ kubernetes อย่างปลอดภัยใน Prometheus โดยใช้การค้นหาบริการ

RO: Monitorizarea Kubernetes securizată în Prometheus utilizând descoperirea serviciului

RU: Безопасный мониторинг kubernetes в Prometheus с помощью обнаружения служб

VI: Giám sát kubernetes an toàn trong Prometheus bằng cách sử dụng dịch vụ khám phá

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.