The installation of the helm chart itself worked without problems, however I still face problems with the cluster collector.
The cluster collector reported “Failed attempting to communicate with cluster collector at URL…”. To get more details about the error, I changed the agent_kuby.py file
except requests.HTTPError as e:
print(e)
raise CollectorHandlingException(
title="Connection Error",
detail=e.response.text,
# detail=error_message,
) from e
Now I receive a more detailed error message
Connection Error ({"detail":"Access denied for Service Account checkmk-monitoring-cluster-collector in Namespace checkmk-monitoring! See logs for TokenReview."} )
CRIT, Nodes with container collectors: 2/3, Nodes with machine collectors: 3/3
I checked the logs of the pod itself, it reports
{
"kind": "TokenReview",
"apiVersion": "authentication.k8s.io/v1",
"metadata": {
"creationTimestamp": null,
"managedFields": [
{
"manager": "python-requests",
"operation": "Update",
"apiVersion": "authentication.k8s.io/v1",
"time": "2022-12-05T11:05:25Z",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:spec": {
"f:token": {}
}
}
}
]
},
"spec": {
"token": "***token***"
},
"status": {
"authenticated": true,
"user": {
"username": "system:serviceaccount:checkmk-monitoring:checkmk-monitoring-cluster-collector",
"uid": "9e03836e-a3dc-432c-9897-f0e8a40b9423",
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:checkmk-monitoring",
"system:authenticated"
]
},
"audiences": [
"https://kubernetes.default.svc.cluster.local",
"rke2"
]
}
}
I understand this log in this way - the token was accepted, however some access still is denied. Where can I check for more details, which access exactly does not work?