Created
August 9, 2017 11:45
-
-
Save ngtuna/9235afed0d6d14cdd0c7c6e00bb46e05 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl logs -n custom-metrics custom-metrics-apiserver-812990528-zc5zr -f | |
I0809 11:40:01.652887 1 serving.go:279] Generated self-signed cert (apiserver.local.config/certificates/apiserver.crt, apiserver.local.config/certificates/apiserver.key) | |
I0809 11:40:03.549396 1 round_trippers.go:386] curl -k -v -XGET -H "User-Agent: adapter/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Accept: application/json, */*" -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjdXN0b20tbWV0cmljcyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjdXN0b20tbWV0cmljcy1hcGlzZXJ2ZXItdG9rZW4tODNzaDkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiY3VzdG9tLW1ldHJpY3MtYXBpc2VydmVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODEzOThlMDAtN2NmNi0xMWU3LTg5NmQtMDgwMDI3NGE0ZjNiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmN1c3RvbS1tZXRyaWNzOmN1c3RvbS1tZXRyaWNzLWFwaXNlcnZlciJ9.IjUVsfpSJ0JBiL5zvJltnjdAc75wC-Mo3IsMzNK0P1TIweO5t40tTwK0jtgwWBFPNehqAyj4J9elz4r1gPj0WUlnJdS5tjxTBNwn1JBU9Q8gUc65Nh8dv-CqQ8F1XcpLf762l5yaXdVk6VcCsXq2iHIyFrZ1vpUs-2dxxeP-vqPQOXLgMbk3cDDBojdRQyaYz-xx-nvc1UUjMg3BemX-sRs3kowBdAqg9_en5VufuIYXeu4DFZJpSbwwN3QNkWNnCpwi4lDKJ0_a3w5ZAsmMrQy7SFksEusf0C7NeNJ_Mg-JZQMoN41XzqxvwM6xbY9ROtiJjJ3vy0hL48WVe6T0IA" https://10.0.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication | |
I0809 11:40:03.625945 1 round_trippers.go:405] GET https://10.0.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication 200 OK in 76 milliseconds | |
I0809 11:40:03.626042 1 round_trippers.go:411] Response Headers: | |
I0809 11:40:03.626052 1 round_trippers.go:414] Content-Type: application/json | |
I0809 11:40:03.626056 1 round_trippers.go:414] Content-Length: 1438 | |
I0809 11:40:03.626059 1 round_trippers.go:414] Date: Wed, 09 Aug 2017 11:40:03 GMT | |
I0809 11:40:03.626101 1 request.go:991] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"extension-apiserver-authentication","namespace":"kube-system","selfLink":"/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication","uid":"a8443a9d-7800-11e7-8fe1-0800274a4f3b","resourceVersion":"4810","creationTimestamp":"2017-08-03T04:03:07Z"},"data":{"client-ca-file":"-----BEGIN CERTIFICATE-----\nMIIC5zCCAc+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p\na3ViZUNBMB4XDTE2MTExOTIxMjExN1oXDTI2MTExNzIxMjExN1owFTETMBEGA1UE\nAxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOg0\nDPyBOPkwT/PLMr8Z0M+6+c0moT5uAyx9kRT+a0y8/Ryt+91M6I9bvzE4hIWDUqNy\nVUryUlvqv+WmUlxdxqLA3cIQDBQhyM/0VY7a9YcZgwCRydEq4aQLwcc3adInb1kU\nSQrpVEdDqRVv0ubosrCjFb1gBWEi7/4xRsRAXW/hldFU5OBHIrbacSh1Us4AAaCp\nM7pWNdRJnHPhazIepOY/jdJNM5ntpSOuUXgbHre37YP+xScpqgJpkEyVEBjen7iP\nfBKZLHL/5ZrUPuzPYlq9nOFlBdpyu6DGkUIjMTsVakJj5eh27mVj3QL6jcQ4CCey\n0bhZHjSm3CHvYDfuYscCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW\nMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\nDQEBCwUAA4IBAQBKubtmjB2RkNy2T/wOBfzLKTO7hFsB7VGpg32/5pTQ0lSXKxoy\n8FTcA9mJIWjXgAxptphCSPjT8gA2dFzrqeb2GpZ7Ti2x1WU/qVhkuDrbSCtHVJyn\nG1EOpFoOt7D5HJQ02OHjQMfJzPHvM1s+Bzn6yHpdrnZ3Ah9jcuDrRVnNEKVmCfyy\n8z2AGRpfNHoQCmASi3tr0SN8QZe5w3Yd+hDa+uCgXXKt/0+5AK0ik0Bs+uIuQf1i\nBAL5x0bazMePRe3KYjjqIM+9S66MX5f1mwxgnKRUfB8rtvFQfdfVlBxCyj4GMlAU\nmngkEtSjIBLEKfqR739Uy41XTdrBaxgvmixK\n-----END CERTIFICATE-----\n"}} | |
I0809 11:40:03.629907 1 round_trippers.go:386] curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: adapter/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjdXN0b20tbWV0cmljcyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjdXN0b20tbWV0cmljcy1hcGlzZXJ2ZXItdG9rZW4tODNzaDkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiY3VzdG9tLW1ldHJpY3MtYXBpc2VydmVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODEzOThlMDAtN2NmNi0xMWU3LTg5NmQtMDgwMDI3NGE0ZjNiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmN1c3RvbS1tZXRyaWNzOmN1c3RvbS1tZXRyaWNzLWFwaXNlcnZlciJ9.IjUVsfpSJ0JBiL5zvJltnjdAc75wC-Mo3IsMzNK0P1TIweO5t40tTwK0jtgwWBFPNehqAyj4J9elz4r1gPj0WUlnJdS5tjxTBNwn1JBU9Q8gUc65Nh8dv-CqQ8F1XcpLf762l5yaXdVk6VcCsXq2iHIyFrZ1vpUs-2dxxeP-vqPQOXLgMbk3cDDBojdRQyaYz-xx-nvc1UUjMg3BemX-sRs3kowBdAqg9_en5VufuIYXeu4DFZJpSbwwN3QNkWNnCpwi4lDKJ0_a3w5ZAsmMrQy7SFksEusf0C7NeNJ_Mg-JZQMoN41XzqxvwM6xbY9ROtiJjJ3vy0hL48WVe6T0IA" https://10.0.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication | |
I0809 11:40:03.633406 1 round_trippers.go:405] GET https://10.0.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication 200 OK in 3 milliseconds | |
I0809 11:40:03.633504 1 round_trippers.go:411] Response Headers: | |
I0809 11:40:03.633586 1 round_trippers.go:414] Content-Length: 1438 | |
I0809 11:40:03.633652 1 round_trippers.go:414] Date: Wed, 09 Aug 2017 11:40:03 GMT | |
I0809 11:40:03.633667 1 round_trippers.go:414] Content-Type: application/json | |
I0809 11:40:03.633713 1 request.go:991] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"extension-apiserver-authentication","namespace":"kube-system","selfLink":"/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication","uid":"a8443a9d-7800-11e7-8fe1-0800274a4f3b","resourceVersion":"4810","creationTimestamp":"2017-08-03T04:03:07Z"},"data":{"client-ca-file":"-----BEGIN CERTIFICATE-----\nMIIC5zCCAc+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p\na3ViZUNBMB4XDTE2MTExOTIxMjExN1oXDTI2MTExNzIxMjExN1owFTETMBEGA1UE\nAxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOg0\nDPyBOPkwT/PLMr8Z0M+6+c0moT5uAyx9kRT+a0y8/Ryt+91M6I9bvzE4hIWDUqNy\nVUryUlvqv+WmUlxdxqLA3cIQDBQhyM/0VY7a9YcZgwCRydEq4aQLwcc3adInb1kU\nSQrpVEdDqRVv0ubosrCjFb1gBWEi7/4xRsRAXW/hldFU5OBHIrbacSh1Us4AAaCp\nM7pWNdRJnHPhazIepOY/jdJNM5ntpSOuUXgbHre37YP+xScpqgJpkEyVEBjen7iP\nfBKZLHL/5ZrUPuzPYlq9nOFlBdpyu6DGkUIjMTsVakJj5eh27mVj3QL6jcQ4CCey\n0bhZHjSm3CHvYDfuYscCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW\nMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\nDQEBCwUAA4IBAQBKubtmjB2RkNy2T/wOBfzLKTO7hFsB7VGpg32/5pTQ0lSXKxoy\n8FTcA9mJIWjXgAxptphCSPjT8gA2dFzrqeb2GpZ7Ti2x1WU/qVhkuDrbSCtHVJyn\nG1EOpFoOt7D5HJQ02OHjQMfJzPHvM1s+Bzn6yHpdrnZ3Ah9jcuDrRVnNEKVmCfyy\n8z2AGRpfNHoQCmASi3tr0SN8QZe5w3Yd+hDa+uCgXXKt/0+5AK0ik0Bs+uIuQf1i\nBAL5x0bazMePRe3KYjjqIM+9S66MX5f1mwxgnKRUfB8rtvFQfdfVlBxCyj4GMlAU\nmngkEtSjIBLEKfqR739Uy41XTdrBaxgvmixK\n-----END CERTIFICATE-----\n"}} | |
Error: cluster doesn't provide requestheader-client-ca-file | |
Usage: | |
[flags] | |
Flags: | |
--alsologtostderr log to standard error as well as files | |
--authentication-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io. | |
--authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster. | |
--authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s) | |
--authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. | |
--authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s) | |
--authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s) | |
--bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0). (default 0.0.0.0) | |
--cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates") | |
--client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate. | |
--contention-profiling Enable lock contention profiling, if profiling is enabled | |
--enable-swagger-ui Enables swagger ui on the apiserver at /swagger-ui | |
--lister-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to list any described objets | |
--log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) | |
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) | |
--log_dir string If non-empty, write log files in this directory | |
--logtostderr log to standard error instead of files (default true) | |
--metrics-relist-interval duration interval at which to re-list the set of all available metrics from Prometheus (default 10m0s) | |
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true) | |
--prometheus-url string URL and configuration for connecting to Prometheus. Query parameters are used to configure the connection (default "https://localhost") | |
--rate-interval duration period of time used to calculate rate metrics from cumulative metrics (default 5m0s) | |
--requestheader-allowed-names stringSlice List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed. | |
--requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers | |
--requestheader-extra-headers-prefix stringSlice List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-]) | |
--requestheader-group-headers stringSlice List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group]) | |
--requestheader-username-headers stringSlice List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user]) | |
--secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 443) | |
--stderrthreshold severity logs at or above this threshold go to stderr (default 2) | |
--tls-ca-file string If set, this certificate authority will used for secure access from Admission Controllers. This must be a valid PEM-encoded CA bundle. Altneratively, the certificate authority can be appended to the certificate provided by --tls-cert-file. | |
--tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes. | |
--tls-private-key-file string File containing the default x509 private key matching --tls-cert-file. | |
--tls-sni-cert-key namedCertKey A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default []) | |
-v, --v Level log level for V logs (default 0) | |
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging | |
panic: cluster doesn't provide requestheader-client-ca-file | |
goroutine 1 [running]: | |
main.main() | |
/go/src/github.com/directxman12/k8s-prometheus-adapter/cmd/adapter/adapter.go:41 +0x114 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Did you get this to work? I am stuck at the point you started in this issue
Basically:
Before that everything looks fine:
and the log shows that it is actually collecting the values, just not exposing them properly:
Any input appreciated.