Open Ashikash13 opened 3 years ago
You can pass multiple --include-cert-glob
arguments. Can you just add the second path etcd path?
Does this not meet your needs?
Thanks for Replying , I already tried it it doesn't work that way either.
Let me brief you here I have logged in the pod now /etc/kubernetes/pki path looks like this
/etc/kubernetes/pki # pwd /etc/kubernetes/pki /etc/kubernetes/pki # ls apiserver-etcd-client.crt apiserver.crt ca.key front-proxy-ca.key sa.key apiserver-etcd-client.key apiserver.key etcd front-proxy-client.crt sa.pub apiserver-kubelet-client.crt audit-policy.yaml etcd-encryption-config.yaml front-proxy-client.key apiserver-kubelet-client.key ca.crt front-proxy-ca.crt kube-proxy.token
Note : These are master certificates and it works fine it captures the certificates and I can see it in NR dashboard with NRI-Prometheus integrated with it
ETCD : Path /etc/kubernetes/pki/etcd Pod Output : /etc/kubernetes/pki/etcd # ls ca.crt
In my kubernetes setup ie legacy setup under the above path we can not find ETCD certs under master node those certificate will be available only in ETCD node so is there a way to capture it ?
It's been many years since I ran a kops based k8s cluster, but if I recall the certs in /etc/kubernetes/pki/etcd
in the pod were mounted from a dir on the host node. This isn't true?
Yes true
Hi , Hope you are doing great
I have implemented cert-exporter by following the below document https://github.com/joe-elliott/cert-exporter/blob/master/docs/kops-masters.yaml
Problem I am facing : I am using Legacy Kubernetes which is setup on ec2 instance not EKS , I have deployed above daemonset which is running on master and my master certs are located at /etc/kubernetes/pki changing the argument in the DS, it started capturing the master certs
Now the issue is how to monitor ETCD cert where the certificates will be located in my etcd node at /etc/kubernetes/pki/etcd , Etcd certs will be only in etcd node for legacy kubernetes we can not find it in master node