From 5733de0dfe34ec519ff0dd7b1de9e033e111d1bb Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Mon, 27 Jun 2016 14:38:51 +0100 Subject: [PATCH] Kubernetes SD: Update example config with TLS options --- documentation/examples/prometheus-kubernetes.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/documentation/examples/prometheus-kubernetes.yml b/documentation/examples/prometheus-kubernetes.yml index b2c762aed..22df79df1 100644 --- a/documentation/examples/prometheus-kubernetes.yml +++ b/documentation/examples/prometheus-kubernetes.yml @@ -9,12 +9,23 @@ scrape_configs: - job_name: 'kubernetes-cluster' + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + # This TLS & bearer token file config is used to connect to the actual scrape # endpoints for cluster components. This is separate to discovery auth # configuration (`in_cluster` below) because discovery & scraping are two # separate concerns in Prometheus. tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + # insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: