prometheus etcd-client-cert

# https://prometheus-community.github.io/helm-charts/ 으로 prometheus 설치시

# prometheus pod 가 실행할때 etcd-client-cert secret 을 참조하도록 설정했다.

# values.yaml  

kube-prometheus-stack:

  prometheus:

    prometheusSpec:

      replicas: 2

      secrets:

        - etcd-client-cert

# etcd-client-cert secret 생성

# k8s master 마스터 서버 접속해 아래 위치에서 3개의 파일을 가져온다.

ssh ysoftman@ysoftman-master-1.server

sudo -i

cp -v /etc/kubernetes/pki/etcd/etcd-ca.crt /home/ysoftman/

cp -v /etc/kubernetes/pki/apiserver-etcd-client.crt /home/ysoftman/

cp -v /etc/kubernetes/pki/apiserver-etcd-client.key /home/ysoftamn/

exit; exit;

# 로컬로 3개의 파일을 복사해 온다.

rsync ysoftman@ysoftman-master-1.server:/home/ysoftman/etcd-ca.crt .

rsync ysoftman@ysoftman-master-1.server:/home/ysoftman/apiserver-etcd-client.crt .

rsync ysoftman@ysoftman-master-1.server:/home/ysoftman/apiserver-etcd-client.key .

# 이 파일로 secret 을 생성한다.

kubectl create secret generic etcd-client-cert -n prometheus \

--from-literal=etcd-ca="$(cat etcd-ca.crt)" \

--from-literal=etcd-client="$(cat apiserver-etcd-client.crt)" \

--from-literal=etcd-client-key="$(cat apiserver-etcd-client.key)"