Tomáš Kukrál
Tomáš Kukrál
When I set `--authorization-mode=AlwaysAllow` then command to get metrics works.
I seems to be incorrect default configuration of `kubeadm`. When I have edited file `/etc/systemd/system/kubelet.service.d/kubeadm.conf` and commented line ``` #Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" ``` then prometheus is able to use direct kubelet...
Token is valid and recognized by apiserver ``` curl http://localhost:8001/apis/authentication.k8s.io/v1/tokenreviews -X POST -H 'Content-Type: application/json; charset=utf-8' -d @tokenreview.json { "kind": "TokenReview", "apiVersion": "authentication.k8s.io/v1", "metadata": { "creationTimestamp": null, "managedFields": [ {...
It must be related to some configuration of webhook auth. I must find some time to dig deeper. Not stale.
Testing it again on new installation
@SuperQ can you rebase your branch? I don't have permission to do it.
Just for a record when somebody find this issue ... It can workarounded by deploying [stakater/reloader](https://github.com/stakater/Reloader) and restarting harbor's pods when secret (tls cert) changes.
I'd love to have `/metrics` expoted by gogs.
:+1: nice!
I'd like to get this solved ... we are running 400 aks nodes and this `azure-npm` costs a lot for money due to incorrect requests configuration.