<div dir="ltr"><div>One of the first services i am trying to monitor is etcd. etcd in OCP is configured as per the below:</div><br><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>/var/lib/origin/openshift.local.config/master/master-config.yaml</div></blockquote><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>etcdClientInfo:</div></div><div><div> ca: ca.crt</div></div><div><div> certFile: master.etcd-client.crt</div></div><div><div> keyFile: master.etcd-client.key</div></div><div><div> urls:</div></div><div><div> - <a href="https://10.2.2.2:4001">https://10.2.2.2:4001</a></div></div><div><br></div></blockquote>Which responds with the below cURL:<div><br><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">curl <a href="https://10.2.2.2:4001/metrics">https://10.2.2.2:4001/metrics</a> --cacert ./ca.crt --cert ./master.etcd-client.crt --key ./master.etcd-client.key<br><br></blockquote>So without the <span style="font-size:12.800000190734863px">"Identity" configuration</span> section set on the agent config, i'd get a TLS error. As etcd is a core part of OCP, I don't have much control over the client certs and expect there might be other services which require the same setup using different certs that i might want to monitor.</div><div><br></div><div>Hope that makes things clear, and Merry Christmas.</div><div><br></div><div>Cheers.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 24, 2016 at 3:30 PM, John Mazzitelli <span dir="ltr"><<a href="mailto:mazz@redhat.com" target="_blank">mazz@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> Currently it seems you can only provide the agent configmap with the identity<br>
> field. But what i want to actually do, is provide this based on the pods<br>
> config map><br>
</span>> [chomp]<br>
<span class="">> Is that possible? or planned for the future?<br>
<br>
</span>I was hoping this wasn't going to be needed :) But we did talk about it.<br>
<br>
It is not possible today because there is one major problem with what you suggest that would need to be solved somehow:<br>
<br>
> cert_file: /var/run/secrets/client-crt/<wbr>client.crt<br>
> private_key_file: /var/run/secrets/client-key/<wbr>client.key<br>
<br>
That is inside your configmap on your OpenShift project (which may or may not be the same project where the agent is deployed).<br>
<br>
So - what file system is that actually referring to? And how does the agent get access to those files?<br>
______________________________<wbr>_________________<br>
hawkular-dev mailing list<br>
<a href="mailto:hawkular-dev@lists.jboss.org">hawkular-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/hawkular-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/hawkular-dev</a><br>
</blockquote></div><br></div>