[solved] [kubernetes module] unable to enable ssl

Hello

according to the documentation, kubernetes module supports ssl connection [1].
But despite ssl setting enabled, it still talks http to the kubelet service.
Any ideas ?

[1] https://www.elastic.co/guide/en/beats/metricbeat/6.2/metricbeat-module-kubernetes.html

metricbeat.modules:
# Node metrics, from kubelet:
- module: kubernetes
  metricsets:
    - node
    - system
    - pod
    - container
    - volume
  period: 10s
  hosts: ["localhost:10250"]
  ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
  ssl.certificate: "/etc/pki/client/cert.pem"
  ssl.key: "/etc/pki/client/cert.key"

Hi @hamelg, you will need to update your hosts setting, try something like: ["https://localhost:10250"]

Best regards

Yes, standard kubelet ports are 10250 for https and 10255 for http.

I am sure what i say. SSL settings have no effect. Try it.
I am not alone to encounter this issue

Hi again,

Can you paste the config you are testing? There is something odd in the log you are pasting, as it's reporting port 10255

- module: kubernetes
  metricsets:
    - node
    - system
    - pod
    - container
    - volume
  period: 10s
  hosts: ["localhost:10250"]
  ssl.certificate_authorities: ["/etc/origin/node/ca.crt"]
  ssl.certificate: "/etc/origin/node/system:node:xxx.crt"
  ssl.key: "/etc/origin/node/system:node:xxx.key"

as you can see in the error message, metricbeat connect to the kubelet service without SSL.

error making http request: Get http://localhost:10250/stats/summary: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

Should be:

  hosts: ["https://localhost:10250"]

Great, it works now !
thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.