You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently hardcode the scrape config for kubelet scraping. The configuration defaults to verifying the target certificate over https by leaving insecure_skip_verify as false.
However, this can result in errors on K8s clusters where nodes are not provisioned certificates to include the IP address in the certificate SAN field:
Get "https://10.223.3.45:10250/metrics/cadvisor": tls: failed to verify certificate: x509: cannot validate certificate for 10.223.3.45 because it doesn't contain any IP SAN
We should either:
Expose this field as a configuration option for kubelet scraping in the OperatorConfig, e.g.
We currently hardcode the scrape config for kubelet scraping. The configuration defaults to verifying the target certificate over https by leaving
insecure_skip_verify
asfalse
.However, this can result in errors on K8s clusters where nodes are not provisioned certificates to include the IP address in the certificate SAN field:
We should either:
OperatorConfig
, e.g.insecure_skip_verify: true
in the hardcoded config.The text was updated successfully, but these errors were encountered: