Vincent Brouillet Vince-Cercury
Vince-Cercury
/ gist:43c7afc1a6b0f580b0cb6fb27e650042
Created
September 1, 2017 00:12
How to monitor an external secure etcd cluster with Prometheus Operator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # How to monitor a secure external etcd service with Prometheus Operator | |
| This guide will help you monitor an external etcd cluster. When the etcd is not hosted inside Kubernetes. | |
| This is often the case with the Kubernetes setup. This has been tested with kube-aws but same principals will apply to other tools. | |
| # Step 1 - Make the etcd certificates available to Prometheus pod | |
| Prometheus Operator (and Prometheus) allow us to specify a tlsConfig. This is required as most likely your etcd metrics end points is secure. | |
| ## a - Create the secrets in the namespace | |
| Prometheus Operator allows us to mount secrets in the pod. By loading the secrets as files, they can be made available inside the Prometheus pod. |
Vince-Cercury
/ gist:188c7f84a55f1269336fb305d27ea76b
Last active
August 29, 2017 08:51
Vince Prometheus config etcd troubleshooting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| scrape_interval: 30s | |
| scrape_timeout: 10s | |
| evaluation_interval: 30s | |
| alerting: | |
| alertmanagers: | |
| - kubernetes_sd_configs: | |
| - api_server: null | |
| role: endpoints | |
| namespaces: |
Vince-Cercury
/ gist:f9857fe601c6fdcb0d3d1526f75fe233
Created
July 13, 2017 23:53
flex-etcd-iam error IAM roles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IAMRoleEtcd: | |
| Properties: | |
| RoleName: 'kube-etcd-role' | |
| AssumeRolePolicyDocument: | |
| Statement: | |
| - Action: | |
| - sts:AssumeRole | |
| Effect: Allow | |
| Principal: | |
| Service: |
Vince-Cercury
/ gist:b3e2b1fb1e738c9c349080a1ef9ec8a1
Created
July 13, 2017 23:50
flex-etcd-iam error cluster.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Unique name of Kubernetes cluster. In order to deploy | |
| # more than one cluster into the same AWS account, this | |
| # name must not conflict with an existing cluster. | |
| clusterName: kube-flex-etcd-iam | |
| # CoreOS release channel to use. Currently supported options: alpha, beta, stable | |
| # See coreos.com/releases for more information | |
| #releaseChannel: stable | |
| # The AMI ID of CoreOS. |
Vince-Cercury
/ gist:cef2c0b822e8a3ac1bf9099883b7e321
Created
July 13, 2017 23:48
flex-etcd-iam etcd error
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Jul 13 23:47:44 ip-10-0-0-238.ap-southeast-2.compute.internal etcd-wrapper[6068]: + exec /usr/bin/rkt run --uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid --trust-keys-from-https --mount volume=systemd-dir,target=/run/systemd/system --volume systemd-dir,kind=host,source=/run/systemd/system,readOnly=true --mount volume=notify,target=/run/systemd/notify --volume notify,kind=host,source=/run/systemd/notify --set-env=NOTIFY_SOCKET=/run/systemd/notify --volume data-dir,kind=host,source=/var/lib/etcd2,readOnly=false --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true --volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true --volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true --mount volume=data-dir,target=/var/lib/etcd --mount volume=etc-ssl-certs,target=/etc/ssl/certs --mount volume=usr-share-certs,target=/usr/share/ca-certificates --mount volume=etc-hosts,target=/etc/hosts --mount volume |