以下是stable/prometheus
:https://github.com/helm/charts/blob/master/stable/prometheus/values.yaml
我能够使它起作用:
helm upgrade --install prometheus stable/prometheus \
--set extraScrapeConfigs="- job_name: 'myjob'
scrape_interval: 1s
metrics_path: /metrics
scheme: https
static_configs:
- targets: ['###.##.###.###:#####']
tls_config:
ca_file: /prometheus/ca.pem
key_file: /prometheus/key.pem
cert_file: /prometheus/cert.pem
insecure_skip_verify: true"
为此,我必须做:
kubectl cp localdir/ca.pem prometheus-server-abc:/prometheus -c prometheus-server
kubectl cp localdir/key.pem prometheus-server-abc:/prometheus -c prometheus-server
kubectl cp localdir/cert.pem prometheus-server-abc:/prometheus -c prometheus-server
我相信使用Secret
和mountPath
可以找到更好,更合适的方法。我没有运气就尝试了以下类似方法:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
ca.pem: base64encodedcapem
key.pem: base64encodedkeypem
cert.pem: base64encodedcertpem
kubectl apply -f mysecret
helm upgrade --install prometheus stable/prometheus \
--set extraSecretMounts="- name: mysecret-mount
mountPath: /somepathinpod/mysecret
secretName: mysecret" \
--set extraScrapeConfigs="- job_name: 'myjob'
scrape_interval: 1s
metrics_path: /metrics
scheme: https
static_configs:
- targets: ['###.##.###.###:#####']
tls_config:
ca_file: /somepathinpod/mysecret/ca.pem
key_file: /somepathinpod/mysecret/key.pem
cert_file: /somepathinpod/mysecret/cert.pem
insecure_skip_verify: true"
我希望证书能够神奇地出现在/somepathinpod
上,但它们没有出现。
我假设我不必克隆整个存储库,而是手动编辑头盔图表以将volumeMount
放入prometheus-server
部署/容器中,并且可以以某种方式更改我的头盔命令。关于如何获得我的证书的任何建议?
答案 0 :(得分:2)
根据documentation,正确使用的密钥将是server.extraSecretMounts
,而不只是extraSecretMounts
。
还要通过以下方式验证Kubernetes上生成的YAML是否包含正确的挂载:
kubectl get deployment prometheus-server-object-name -o yaml
override.yaml
server:
extraSecretMounts:
- name: mysecret-mount
mountPath: /etc/config/mysecret
secretName: mysecret
extraScrapeConfigs: |
- job_name: myjob
scrape_interval: 15s
metrics_path: /metrics
scheme: https
static_configs:
- targets:
- ###.##.###.###:#####
tls_config:
ca_file: /etc/config/mysecret/ca.pem
key_file: /etc/config/mysecret/key.pem
cert_file: /etc/config/mysecret/cert.pem
insecure_skip_verify: true
helm upgrade -f override.yaml prometheus stable/prometheus