checkmk version 1.60p8, kubernetes version 1.15
the ca certificate is declined because the regarding host isn’t in the certificate.
The host is configured w the hostname (no IP configured), Checkmk can reach it via ping and sees it “UP” but for kubernetes service discovery cert check obviously the resolved IP address (1.1.1.1) will be used which is not in the cert. It doesn’t make sense to put the resolved IP address into the cert because it’s a loadbalancer and the IP might change.
So actually we can use the connection to the kubernetes cluster only insecure by checking “ignore certificate errors” in the data source configuration for kubernetes.
(names and addresses are fake for obfuscation reasons)
- FETCHING DATA
[special_kubernetes] Execute data source
[special_kubernetes] ERROR: Agent exited with code 1: HTTPSConnectionPool(host=‘1.1.1.1’, port=443): Max retries exceeded with url: /apis/storage.k8s.io/v1/storageclasses (Caused by SSLError(CertificateError(“hostname ‘1.1.1.1’ doesn’t match either of ‘master1.labs.de’, ‘kubernetes’, ‘kubernetes.default’, ‘kubernetes.default.svc’, ‘kubernetes.default.svc.cluster.local’, ‘master.intg.labs.de’, ‘172.31.0.1’, ‘10.2.3.132’”,),))
[piggyback] Execute data source