Closed shbasha-clgx closed 4 weeks ago
/sig node /sig auth /sig instrumentation
Hi @shbasha-clgx,
As I understand, you don't have a self-signed certificate and need assistance in bypassing the tls verification. To resolve this issue, you can modify your values.yaml configuration file to disable certificate verification for kubelet metrics. You can achieve this by setting the 'insecure_skip_verify' field to 'true'.
you can update your values.yaml file like: values.yaml.txt
@Adarsh-verma-14 Hi , i tried that it is throwing below error Error: UPGRADE FAILED: values don't meet the specifications of the schema(s) in the following chart(s): opentelemetry-collector:
you can take reference from this page:https://github.com/open-telemetry/opentelemetry-collector/blob/main/config/configtls/README.md. May be it's help for skipping verify tls certificate.
@Adarsh-verma-14 Hi , after adding receivers:
kubeletstats: insecure_skip_verify: true
We are not seeing the tls error now but we are not able to get the cluster metrics in the otel collector logs although as exporter we put debug , below is the values.yaml file we are using.
mode: daemonset
presets: kubernetesAttributes: enabled: true kubeletMetrics: enabled: true hostMetrics: enabled: true logsCollection: enabled: true includeCollectorLogs: true
config: exporters: debug: {} # Enable OTLP HTTP exporter service: pipelines: logs: exporters:
nodeSelector: kubernetes.io/hostname: xxxxxx tolerations:
key: "node-role.kubernetes.io/control-plane" effect: "NoSchedule"
Hi @shbasha-clgx , you need to ensure that the configuration for collecting and exporting metrics is correct or not
I also reproduced it by using this values.yaml file
mode: daemonset
image:
repository: "otel/opentelemetry-collector-contrib"
tag: "latest"
presets: kubernetesAttributes: enabled: true kubeletMetrics: enabled: true hostMetrics: enabled: true logsCollection: enabled: true includeCollectorLogs: true
config: receivers: kubeletstats: insecure_skip_verify: true processors: batch: {} exporters: debug: {} # Enable OTLP HTTP exporter service: pipelines: metrics: receivers: [kubeletstats] processors: [batch] exporters: [debug] logs: processors: [batch] exporters: [debug]
nodeSelector: kubernetes.io/hostname: xxxxxx tolerations:
it's still failed from side due to memory_limiter issue. But you can try may be it will for your case or you can take reference from this file for the configuration for collecting and exporting metrics and I am also trying to resolve memory_limiter issue.
@Adarsh-verma-14 Thanks , please let me know if you have any update
@Adarsh-verma-14 i tried the file you have shared but still we are not able to get the metrics details when we check logs of otel collector pod, kindly assist
/assign @dashpole /triage accepted
@dashpole this is related to otel collector, could you perhaps guide them to the right place?
I would recommend posting in the opentelemetry slack channel for the collector: https://app.slack.com/client/T08PSQ7BQ/C01N6P7KR6W, or opening an issue with the collector, and tagging the kubeletstats receiver: https://github.com/open-telemetry/opentelemetry-collector-contrib
The authors of the receiver should be able to help you.
@ibihim: Closing this issue.
This does not appear to be an issue in Kubernetes.
Please try asking on the support channels https://github.com/kubernetes/kubernetes/blob/master/SUPPORT.md
/kind support /close
Hi Team, We are trying to install otel collector using helm and trying to get the kubernetesAttributes: enabled: true kubeletMetrics: enabled: true hostMetrics: enabled: true logsCollection: enabled: true includeCollectorLogs:
configuration added in values.yaml how ever we are facing below error , attached file for your reference.
Kindly look into this and please assist
error scraperhelper/scrapercontroller.go:197 Error scraping metrics {"kind": "receiver", "name": "kubeletstats", "data_type": "metrics", "error": "Get " [https://xxxx:xxxx/stats/summary":] tls: failed to verify certificate: x509: certificate signed by unknown authority", "scraper": "kubeletstats"}
we do not have self signed cert and need assistance on how to bypass this.