From f7ee14685ac2c4abdfbcb78b7c1da611798a6c88 Mon Sep 17 00:00:00 2001
From: Frederic Branczyk <fbranczyk@gmail.com>
Date: Mon, 8 Jan 2018 17:20:45 +0100
Subject: [PATCH] kube-prometheus: Use secure kubelet metrics endpoints

---
 .../prometheus-k8s-service-monitor-kubelet.yaml     | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/manifests/prometheus/prometheus-k8s-service-monitor-kubelet.yaml b/manifests/prometheus/prometheus-k8s-service-monitor-kubelet.yaml
index 60ddc0c4..16c9752d 100644
--- a/manifests/prometheus/prometheus-k8s-service-monitor-kubelet.yaml
+++ b/manifests/prometheus/prometheus-k8s-service-monitor-kubelet.yaml
@@ -7,11 +7,20 @@ metadata:
 spec:
   jobLabel: k8s-app
   endpoints:
-  - port: http-metrics
+  - port: https-metrics
+    scheme: https
     interval: 30s
-  - port: cadvisor
+    tlsConfig:
+      insecureSkipVerify: true
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+  - port: https-metrics
+    scheme: https
+    path: /metrics/cadvisor
     interval: 30s
     honorLabels: true
+    tlsConfig:
+      insecureSkipVerify: true
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
   selector:
     matchLabels:
       k8s-app: kubelet
-- 
GitLab