Kubernetes API Issue

Troubleshooting
1

Hi,
I’m trying to reach my Kubernetes API but somehow I’m unable to set it up with UI.
To access the environment I use env.yaml , please note “certificate-authority-data” contains long string of random characters I replaced it with same letter for demonstration same for env-test.
My K8s and VM are reachable, to one another as Im monitoring some hosts which are hosted on similar CIDR within AWS.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt
ttttttttttttttttttttttttttttttttttdsadasdasdasfgasdasdasfasfasfasdasdas
    server: https://TEST.us-east-2.eks.amazonaws.com
  name: env-test
contexts:
- context:
    cluster: env-test
    user: env-test
  name: env-test
users:
- name: env-test
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - --region
      - us-east-2
      - eks
      - get-token
      - --cluster-name
      - env-test
      command: aws
current-context: env-test
kind: Config

With this Kubeconfig file im able to reach my Kubernetes API with command like this locally

KUBECONFIG=env-aws.yml  kubectl get pods

However this is the my UI part , where after I add endpoint im unsure regarding generating a token. I have tried different things but I wasn’t able to get metrics for K8s

Screenshot 2023-05-22 at 21.58.13
Screenshot 2023-05-22 at 21.58.131263×937 65 KB

Could you please advise which steps should I take, and how could I debug my issue.

2

Hi Ronald,

did you look at the instructions at Monitoring Kubernetes ? They are pretty detailed and if you follow them, a token will be generated :).

Gerd

3

Thank you I made some progress.
Generate Certificate and Token , added them to checkMK.
Now my Problem is once I create a host , how do I link that host to my K8s ?
This is my Host:

Screenshot 2023-05-23 at 10.06.20
Screenshot 2023-05-23 at 10.06.201285×888 132 KB

How to Link this host to my K8s

Screenshot 2023-05-23 at 10.08.14
Screenshot 2023-05-23 at 10.08.141392×921 105 KB

After I activate everything on site nothing happens

4

In the context of the Kubernetes rule, set a hostname “my-k8s-cluster”
This way, the rule is applied to that specific host and the host then knows it has to fetch the data from the K8s API

5

Okay Thanks ,
So it should Match the host-name.
Where I might troubleshoot this logs in /var/log im not able to see relevant log.

Screenshot 2023-05-23 at 10.17.37
Screenshot 2023-05-23 at 10.17.371474×207 28.8 KB

6

I found my issue looks like the token generated with aws eks --region get-token gives a token that is only valid of 15 minutes , do you maybe know if there is a way to get that token to be permanent

7

A token will be automatically generated, if you installed it via the provided helm chart. After the installation, you are also provided with commands to get the token as well.
You can use helm get notes RELEASE_NAME to see the commands again.
Our documentation also provides details on how to get the right token

You also need to use a token of the respective service account. A generic token is probably not best practice anyway and might not have the rights required, or might have too many rights. Because the token might be the one of the user creating it, and not of a service account.