Native Kubernetes Monitoring - Checkmk Raw Edition 2.1.0p18

Hi ,

We are trying to configure Native Kubernetes monitoring in Checkmk Raw Edition 2.1.0p18 and following the below document

But, we are stuck in Providing communication via Ingress, can we use the existing ingress service for checkmk collector config, and how we configure that in yaml file?
We do have ingress in our environment but we don’t understand how to configure it in yaml file…

Secondly, for configuring the cluster collector for HTTPS- there are 3 certificates namely clusterCollectorKey, clusterCollectorCert, and checkmkCaCert. The first 2 belong to the K8 cluster whereas checkmkCaCert belongs to our checkmk server…am I correct in my understanding?

Please help, we are quite curious to explore native K8 monitoring in checkmk.



Any suggestion on the ingress configuration in yaml, we have a name of Ingress along with IP address of 2 load balancers along with the ports. As per the below screenshot in checkmk documentation, do we need to add only the name of ingress on the hosts?
and what needs to be updated on paths? or only enabled has to be set true and rest of the configuration as it is…

We will start with the configuration in 1 hour , any ideas please:)


You can define the existing ingress in the “host:” . Just replace checkmk-cluster-collector.local with that value and use the correspoding annotations and ClassName depending on the ingress controller used by you.

This is used for cluster collector’s SSL certificate verification.
The checkmkCaCert is basically the CA cert which will be mounted into the node collector to verify the cluster collector cert.
Also documented here: Monitoring Kubernetes

Thank you so much !!
Very Sorry for bothering you:(

So all three certificates need to be generated on the K8 Cluster? we have sles sp4 as OS on K8.
We have a certificate portal in our organization where we submit the CSR.

  1. we create the conf file like below where we specify all the details like CN, O, OU etc
    [ req ]
    default_bits = 2048
    distinguished_name = dn
    req_extensions = req_ext
    [ dn ]
    CN = <service_name>. .cluster.local //What should be the service name here?
    [ req_ext ]
    subjectAltName = @alt_names
    DNS = <service_name>. .cluster.local //what should be the service name?
    Then we run the command
    openssl req -new -out sslcert.csr -keyout private.key -config config.cnf

Here we will get the key which would be the Cluster Collector key and after submitting the CSR, will get the Cluster Collector server certificate from my organization, now from where I will get checkmkCACert?
Do I have to create another conf file in K8 Cluster for checkmkCACert with FQDN as the name of the ingress?



We used Ingress but didn’t define the annotations, after installing the collector we got the token and CA cert but when we ran the last command to verify the setup, it could not resolve the host, we suspect maybe because we didn’t define the annotations so that could be a reason…could you give us the example of input and output of how you configure Ingress and what output you get? Do we need to remove the line below the annotations?