search

VictoriaMetrics / operator

Kubernetes operator for Victoria Metrics
Apache License 2.0
425 stars 142 forks source link

How to set a certificate tls for VMStaticScrape #910

Closed KKulishov closed 6 months ago

KKulishov commented 6 months ago

Hello!

I want to collect metrics from a remote etcd service.

docs tlsconfig

I put the certificates in kubernetes secret , my example secret for etcd tls:

apiVersion: v1
kind: Secret
metadata:
  name: etcd-certs
  namespace: monitoring
type: Opaque
data:
  kube-ca.pem: |
    xxxxxxxxxxxxx
  kube-etcd-key.pem: |
    xxxxxxxxxx
  kube-etcd.pem: |
    xxxxxxxxxxxxxxxx

my example VMStaticScrape :

apiVersion: operator.victoriametrics.com/v1beta1
kind: VMStaticScrape
metadata:
  name: etcd
  namespace: monitoring
spec:
  jobName: static-etcd
  SecretOrConfigMap:
    secret: etcd-certs
  targetEndpoints:
    targets:
      - 10.80.1.1
      - 10.80.1.2
    port: 2379
    scheme: https
    scrape_interval: 30s
    tlsConfig:
      ca: kube-ca.pem
      certFile: kube-etcd.pem
      keySecret: kube-etcd-key.pem
      insecureSkipVerify: true

But when applied , gives an error message:

error: error validating "static-etcd.yml": error validating data: [ValidationError(VMStaticScrape.spec): unknown field "SecretOrConfigMap" in com.victoriametrics.operator.v1beta1.VMStaticScrape.spec, ValidationError(VMStaticScrape.spec.targetEndpoints): invalid type for com.victoriametrics.operator.v1beta1.VMStaticScrape.spec.targetEndpoints: got "map", expected "array"]; if you choose to ignore these errors, turn validation off with --validate=false

Can you tell me how to collect metrics indicating certificates tls?

Haleygo commented 6 months ago

Hello, From the error message, you have wrong value for spec.targetEndpoints which requires []TargetEndpoint, try adding - before your targets

  targetEndpoints:
  - targets:
      - 10.80.1.1
      - 10.80.1.2
    port: 2379
    scheme: https
    scrape_interval: 30s
KKulishov commented 6 months ago

I tried, change to ["10.80.1.1", "10.80.1.2"] but I get an error

error: error validating "static-etcd.yml": error validating data: ValidationError(VMStaticScrape.spec.targetEndpoints): invalid type for com.victoriametrics.operator.v1beta1.VMStaticScrape.spec.targetEndpoints: got "map", expected "array"; if you choose to ignore these errors, turn validation off with --validate=false

f41gh7 commented 6 months ago

I tried, change to ["10.80.1.1", "10.80.1.2"] but I get an error

error: error validating "static-etcd.yml": error validating data: ValidationError(VMStaticScrape.spec.targetEndpoints): invalid type for com.victoriametrics.operator.v1beta1.VMStaticScrape.spec.targetEndpoints: got "map", expected "array"; if you choose to ignore these errors, turn validation off with --validate=false

Try the following example: targetEndpoints expect list of arguments prefixed with - symbol: e.g. targets changed to - targets

apiVersion: operator.victoriametrics.com/v1beta1
kind: VMStaticScrape
metadata:
  name: etcd
  namespace: monitoring
spec:
  jobName: static-etcd
  SecretOrConfigMap:
    secret: etcd-certs
  targetEndpoints:
  - targets:
      - 10.80.1.1
      - 10.80.1.2
    port: 2379
    scheme: https
    scrape_interval: 30s
    tlsConfig:
      ca: kube-ca.pem
      certFile: kube-etcd.pem
      keySecret: kube-etcd-key.pem
      insecureSkipVerify: true
KKulishov commented 6 months ago

try 

apiVersion: operator.victoriametrics.com/v1beta1
kind: VMStaticScrape
metadata:
  name: etcd
  namespace: monitoring
spec:
  jobName: static-etcd
  SecretOrConfigMap:
    secret: etcd-certs
  targetEndpoints:
  - targets:
      - 10.80.1.1
      - 10.80.1.2
    port: 2379
    scheme: https
    scrape_interval: 30s
    tlsConfig:
      ca: kube-ca.pem
      certFile: kube-etcd.pem
      keySecret: kube-etcd-key.pem
      insecureSkipVerify: true

but gives this error error: error validating "static-etcd.yml": error validating data: [ValidationError(VMStaticScrape.spec): unknown field "SecretOrConfigMap" in com.victoriametrics.operator.v1beta1.VMStaticScrape.spec, ValidationError(VMStaticScrape.spec.targetEndpoints[0].tlsConfig.ca): invalid type for com.victoriametrics.operator.v1beta1.VMStaticScrape.spec.targetEndpoints.tlsConfig.ca: got "string", expected "map", ValidationError(VMStaticScrape.spec.targetEndpoints[0].tlsConfig.keySecret): invalid type for com.victoriametrics.operator.v1beta1.VMStaticScrape.spec.targetEndpoints.tlsConfig.keySecret: got "string", expected "map"]; if you choose to ignore these errors, turn validation off with --validate=false

solved the problem by designing static collection of metrics in vm-agent:

extraScrapeConfigs: 
  - job_name: etcd 
    scheme: https
    scrape_interval: 30s
    metrics_path: /metrics
    tls_config:
      insecure_skip_verify: true
      ca_file: /etc/kubernetes/tls/kube-ca.pem
      cert_file: /etc/kubernetes/tls/kube-etcd.pem
      key_file: /etc/kubernetes/tls/kube-etcd-key.pem
    static_configs:
    - targets:
      - 10.80.1.1:2379
      - 10.80.1.2:2379
      - 10.80.1.3:2379

in deployment vm-agent add secret to tls file