Kubernetes Module - Kubelet -unauthorized error

pbedadham · March 1, 2019, 5:15am

Hi
I have Kubernetes 1.13.1 and Metricbeat 6.6.1 with Elasticsearch and Kibana. Not getting metrics of Kubelet though Kube-state-metric is working as expected.

--Not working--
kubernetes.yml: |-
- module: kubernetes
enabled: true
metricsets:
- node
- system
- pod
- container
- volume
period: 10s
host: {NODE_NAME} #hosts: ["https://{HOSTNAME}:10250"]
hosts: ["https://localhost:10250"]
ssl.verification_mode: none

I see below error in kibana

error.message:HTTP error 401 in container: 401 Unauthorized @timestamp:February 28th 2019, 21:05:53.407 beat.version:6.6.1 beat.name: beat.hostname: host.name: event.dataset:kubernetes.container event.duration:8,696,784 metricset.rtt:8,696 metricset.name:container metricset.module:kubernetes metricset.host:localhost:10250 _id:vMelN2kB8UQ-YSZ0AFq- _type:doc _index:metricbeat-6.6.1-2019.03.01 _score:
--------removed hostname in the above message----

Any help is appreciated - Thanks in advance

jsoriano · March 1, 2019, 10:26am

Hi @pbedadham and welcome

An unauthorized error can mean that actually metricbeat is not being able to authenticate with kubelet. The proper configuration will depend on the configuration of your cluster.

If your kubelet has the plain http port open (defaults to 10255), just use:

    hosts: ["http://localhost:10255"]

If you want to use the secured port, you probably also need to provide some credentials. If you are using service accounts something like this should work:

    hosts: ["https://localhost:10250"]
    bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
    ssl.certificate_authorities:
      - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt

pbedadham · March 1, 2019, 9:49pm

Thanks @jsoriano for reply. Made some changes as per below and it is working.

  hosts: ["https://${HOSTNAME}:10250"]
  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  ssl:
    # disable verification since kubelete uses self signed certificate
    verification_mode: none
    certificate_authorities:
      - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

system · March 29, 2019, 9:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Metricbeat kubernetes module collection 401 Beats beats-module , metricbeat	4	875	October 23, 2020
Metricbeat for Kubernetes 1.13? Beats metricbeat	3	727	March 21, 2019
Kubernetes Module of Metricbeat does not get metrics [7.9.2 with Kubernetes 1.21.1] Beats docker , metricbeat	1	377	June 11, 2021
HTTP error 401 in : 401 Unauthorized","service.name":"metricbeat" Beats metricbeat	9	2388	March 2, 2023
HTTP error 401 in node: 401 Unauthorized Beats metricbeat	3	5582	June 15, 2018

Kubernetes Module - Kubelet -unauthorized error

--Not working-- kubernetes.yml: |- - module: kubernetes enabled: true metricsets: - node - system - pod - container - volume period: 10s host: {NODE_NAME} #hosts: ["https://{HOSTNAME}:10250"] hosts: ["https://localhost:10250"] ssl.verification_mode: none

Thanks @jsoriano for reply. Made some changes as per below and it is working.

Related Topics

--Not working--
kubernetes.yml: |-
- module: kubernetes
enabled: true
metricsets:
- node
- system
- pod
- container
- volume
period: 10s
host: {NODE_NAME} #hosts: ["https://{HOSTNAME}:10250"]
hosts: ["https://localhost:10250"]
ssl.verification_mode: none