We try to get data from the kube-state-metrics pod in OpenShift. This works fine if we start a standalone kube-state-metrics pod and expose it over an HTTP route:
- module: kubernetes
enabled: true
metricsets:
- state_node
- state_deployment
- state_replicaset
- state_pod
- state_container
period: 10s
in_cluster: false
add_metadata: true
labels.dedot: true
annotations.dedot: true
kube_config: /home/user/.kube/config
host: "master01.example.com"
hosts: ["kube-state-metrics.monitoring.svc:8080"]
However, if we try to use the kube-state-metrics pod which is part of the default OpenShift Container Platform since version 3.11 (located in the openshift-monitoring project), we need HTTPS for this:
- module: kubernetes
enabled: true
metricsets:
- state_node
- state_deployment
- state_replicaset
- state_pod
- state_container
period: 10s
in_cluster: false
add_metadata: true
labels.dedot: true
annotations.dedot: true
kube_config: /home/user/.kube/config
host: "master01.example.com"
hosts: ["https://prometheus-k8s-openshift-monitoring.example.com"]
ssl.certificate_authorities: ["/etc/pki/ca-trust/source/anchors/openshift-ca.crt"]
ssl.certificate: "/etc/origin/master/master.kubelet-client.crt"
ssl.key: "/etc/origin/master/master.kubelet-client.key"
We do not get any relevant information in the Metricbeat debug logs, but no metricset data is sent to Elasticsearch anymore.
How can we use kube-state-metrics over SSL?