From 14d57e1fec8e21de757fb822ae6061dbc63b2c3c Mon Sep 17 00:00:00 2001 From: Carlos Eduardo <carlosedp@gmail.com> Date: Wed, 28 Feb 2018 13:36:28 -0500 Subject: [PATCH] Added information on webhook token authentication Added information on webhook token authentication and information on how to update the manifests if Kubernetes is already deployed with kubeadm. --- docs/kube-prometheus-on-kubeadm.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/kube-prometheus-on-kubeadm.md b/docs/kube-prometheus-on-kubeadm.md index fac211db..e1fe2da9 100644 --- a/docs/kube-prometheus-on-kubeadm.md +++ b/docs/kube-prometheus-on-kubeadm.md @@ -48,14 +48,22 @@ In addition, we will be using `node-exporter` to monitor the `cAdvisor` service > The kubeadm deb package ships with configuration for how the kubelet should be run. Note that the `kubeadm` CLI command will never touch this drop-in file. This drop-in file belongs to the kubeadm deb/rpm package. -Again, we need to expose the `cadvisor` that is installed and managed by the `kubelet` daemon. To do so, we do the following on all the masters and nodes: +Again, we need to expose the `cadvisor` that is installed and managed by the `kubelet` daemon and allow webhook token authentication. To do so, we do the following on all the masters and nodes: ``` sed -e "/cadvisor-port=0/d" -i /etc/systemd/system/kubelet.service.d/10-kubeadm.conf +sed -e "s/--authorization-mode=Webhook/--authentication-token-webhook=true --authorization-mode=Webhook/" systemctl daemon-reload systemctl restart kubelet ``` +In case you already have a Kubernetes deployed with kubeadm, change the address kube-controller-manager and kube-scheduler listens in addition to previous kubelet change: + +``` +sed -e "s/- --address=127.0.0.1/- --address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-controller-manager.yaml +sed -e "s/- --address=127.0.0.1/- --address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-scheduler.yaml +``` + With these changes, your Kubernetes cluster is ready. ## Metric Sources -- GitLab