Comments (5)
l0calhost
commented on June 9, 2024
1
Hey @eoinoreilly30, as far as i can see, there is no shell installed in the telegraf sidecar container, so no. To check the mounts, i used kubectl describe pod <pod-name> and inspected the "Mounts" section. But the missing error message in the telegraf container and arriving metrics were the main indicators everything went smooth. ;)
from telegraf-operator.
l0calhost
commented on June 9, 2024
Same here.
My app runs with our custom CA applied and is able to communicate with internal https systems. Adding the telegraf-operator sidecar container leads to
E! [agent] Error writing to outputs.http: Post "https:///telegraf": x509: certificate signed by unknown authority
It seems it does not respect the main containers CA.
Trying to workaround by setting up k8s volume and volumemount providing a tls_ca to the [[outputs.http]] like
[[outputs.http]]
url = "https:///telegraf"
method = "POST"
data_format = "json"
content_encoding = "gzip"
tls_ca = "/etc/custom-ca/my-custom-ca.pem"
[...]
results in another error:
2023-07-03T07:54:11Z E! [telegraf] Error running agent: Error loading config file /etc/telegraf/telegraf.conf: error parsing http array, could not read certificate "/etc/custom-ca/my-custom-ca.pem": open /etc/custom-ca/my-custom-ca.pem: no such file or directory
although the file is readable in the main container.
Is there a way to configure telegraf-operator to use the main containers CA(s) or provide a custom one on global configuration level?
from telegraf-operator.
eoinoreilly30
commented on June 9, 2024
@l0calhost How did you add the CA secret volume? Via the helm chart or something else?
from telegraf-operator.
l0calhost
commented on June 9, 2024
@eoinoreilly30 I added my CA as a ConfigMap to my helm chart. And i guess i figured it out. #104 gave me the missing hint.
Here's what i did:
- Add a config map containing the custom CA:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: certs
data:
customca.pem: |
<INSRT_CUSTOM_CA_HERE>- Add a volume referencing the ConfigMap:
volumes:
- name: my-custom-ca
configMap:
name: certs- Add a pod annotation configuring the mount:
telegraf.influxdata.com/volume-mounts: '{"my-custom-ca":"/path/to/ca"}'- Configure telegraf http output to use the cert:
[[outputs.http]]
url = "https:///telegraf"
method = "POST"
data_format = "json"
content_encoding = "gzip"
tls_ca = "/path/to/ca/customca.pem"
[...]from telegraf-operator.
eoinoreilly30
commented on June 9, 2024
Thanks @l0calhost! I was able to configure the volume-mount and use the CA successfully
We already had the CA as a secret volume in the pod that we want the telegraf sidecar to be placed, so using the telegraf.influxdata.com/volume-mounts: '{"my-custom-ca": "/etc/ssl/certs"}' annotation I was able to mount the CA at /etc/ssl/certs in the telegraf sidecar successfully. Then used tls_ca = "/etc/ssl/certs/ca.crt" in the output plugin.
Are you able to look inside the telegraf sidecar container with kubectl exec bash to see if the volume is mounted successfully?
I am using helm chart version: 1.3.11 and telegraf 1.27.1
from telegraf-operator.
Related Issues (20)
- I can't find how to mount a volume? HOT 2
- Multiple classes for the single pod
- Telegraf-istio sidecar is killed with OOM HOT 1
- when OLM update telegraf-operator version, the classes secret data be reset null
- Sidecar not injecting on AKS HOT 1
- Ability to set Basic Auth credentials for the default prometheus input plugin
- Add support for mounted secrets
- Add support for storing configuration in configmap HOT 1
- Missing telegraf sidecar after pod destroy
- Support Default Environment Variables on Sidecar
- Support `name_override` for `metrics_version: 2`
- InfluxDBv2 authorization fails if docker secrets are used HOT 1
- support sidecar containers feature (kubernetes 1.29)
- issue - telegraf-operator - MountVolume.SetUp failed for volume "telegraf-config" : secret "telegraf-XXXX" not found HOT 8
- Elasticsearch query HOT 1
- Allow removing resource requests/limits on sidecar
- How to set `metric_version` on `inputs.prometheus`
- Should metric-version be a string? HOT 3
- Weird behaviour of cpu&memory limits&requests? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from telegraf-operator.