unable to load specified CA cert in target allocator #3572
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Component(s)
target allocator
What happened?
Description
I'm trying to run TA with Prom CR, while using autoGenerateCert true and certManager false.
I see the secret is populated:
apiVersion: v1 data: ca.crt: ++++++++ tls.crt: ++++++++ tls.key: ++++++++ kind: Secret metadata: annotations: helm.sh/hook: 'pre-install,pre-upgrade' helm.sh/hook-delete-policy: before-hook-creation kubectl.kubernetes.io/last-applied-configuration: >- {"apiVersion":"v1","data":{"ca.crt":"++++++++","tls.crt":"++++++++","tls.key":"++++++++"},"kind":"Secret","metadata":{"annotations":{"helm.sh/hook":"pre-install,pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation"},"labels":{"app.kubernetes.io/component":"webhook","app.kubernetes.io/instance":"<cluster_name>-opentelemetry-operator","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"opentelemetry-operator","app.kubernetes.io/version":"0.94.0","argocd.argoproj.io/instance":"<cluster_name>-opentelemetry-operator","helm.sh/chart":"opentelemetry-operator-0.48.0"},"name":"<cluster_name>-opentelemetry-operator-controller-manager-service-cert","namespace":"opentelemetry"},"type":"kubernetes.io/tls"} creationTimestamp: '2024-12-23T08:55:47Z' labels: app.kubernetes.io/component: webhook app.kubernetes.io/instance:<cluster_name>-opentelemetry-operator app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: 0.94.0 argocd.argoproj.io/instance: <cluster_name>-opentelemetry-operator helm.sh/chart: opentelemetry-operator-0.48.0 name: >- <cluster_name>-opentelemetry-operator-controller-manager-service-cert namespace: opentelemetry resourceVersion: '665456594' uid: a5c19d0f-414c-40b5-a4da-7da52cde746a type: kubernetes.io/tlsbut still can't get it to work.
Also tried to mount it in the collector crd:
volumes: - name: prometheus-certs secret: secretName: {{ .Values.scraper.prometheusSecretName }} items: - key: ca.crt path: {{ .Values.scraper.prometheusSecretPath }} containers: - name: otel-scraper volumeMounts: - name: prometheus-certs mountPath: /etc/prometheus/certs/ readOnly: trueand still getting the same error
Steps to Reproduce
Install operator and enable target allocator with self signed certs
Expected Result
I'm able to scrapte targets over https
Actual Result
Getting error creating new scrape pool
Kubernetes Version
1.30.0
Operator version
0.94.0
Collector version
0.94.0
Environment information
Environment
OS: (e.g., "Ubuntu 20.04")
Compiler(if manually compiled): (e.g., "go 14.2")
Log output
2024-12-23T09:19:20.836Z error scrape/manager.go:219 error creating new scrape pool {"kind": "receiver", "name": "prometheus", "data_type": "metrics", "error": "error creating HTTP client: unable to load specified CA cert /etc/prometheus/certs/secret_monitoring_<cluster_name>-admission_ca: open /etc/prometheus/certs/secret_monitoring_<cluster_name>-admission_ca: no such file or directory", "errorVerbose": "unable to load specified CA cert /etc/prometheus/certs/secret_monitoring_<cluster_name>-admission_ca: open /etc/prometheus/certs/secret_monitoring_<cluster_name>-admission_ca: no such file or directory\nerror creating HTTP client\ngithub.com/prometheus/prometheus/scrape.newScrapePool\n\tgithub.com/prometheus/[email protected]/scrape/scrape.go:293\ngithub.com/prometheus/prometheus/scrape.(*Manager).reload\n\tgithub.com/prometheus/[email protected]/scrape/manager.go:217\ngithub.com/prometheus/prometheus/scrape.(*Manager).reloader\n\tgithub.com/prometheus/[email protected]/scrape/manager.go:199\nruntime.goexit\n\truntime/asm_amd64.s:1650", "scrape_pool": "serviceMonitor/monitoring/<cluster_name>-operator/0"}Additional context
No response
The text was updated successfully, but these errors were encountered: