etcd使用自签名证书,prometheus报错未知机构签发:x509: certificate signed by unknown authority,因为ETCD使用的是外部集群,有什么办法可以解决的么。
etcd使用自签名证书,prometheus报错未知机构签发 #2.11
benjaminhuoK零S- 最佳回复由 syfad 选择
syfad 对于外部etcd,你需要
- 用外部etcd的证书生成secret
kubectl -n kubesphere-monitoring-system create secret generic kube-etcd-client-certs --from-file=etcd-client-ca.crt=/etc/ssl/etcd/ssl/ca.pem --from-file=etcd-client.crt=/etc/ssl/etcd/ssl/admin-i-ezjb7gsk.pem --from-file=etcd-client.key=/etc/ssl/etcd/ssl/admin-i-ezjb7gsk-key.pem - 用外部etcd 各节点的ip 生成 endpoint 参考 https://github.com/kubesphere/prometheus-operator/blob/ks-v2.1.1/contrib/kube-prometheus/manifests/prometheus-endpointsEtcd.yaml
- 生成利用上述 endpoint 的 etcd service,参考 https://github.com/kubesphere/prometheus-operator/blob/ks-v2.1.1/contrib/kube-prometheus/manifests/prometheus-serviceEtcd.yaml
- 生成用于抓取etcd数据的 servicemonitor ,参考 https://github.com/kubesphere/prometheus-operator/blob/ks-v2.1.1/contrib/kube-prometheus/manifests/prometheus-serviceMonitorEtcd.yaml