diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index b4d06070c067..8e29128f2008 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -23,7 +23,7 @@ name: kube-prometheus-stack sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus -version: 58.4.0 +version: 58.4.1 appVersion: v0.73.2 kubeVersion: ">=1.19.0-0" home: https://github.com/prometheus-operator/kube-prometheus diff --git a/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml index f27f232abf94..a3e28d718851 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml @@ -35,7 +35,7 @@ spec: {{- end }} tlsConfig: caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true + insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }} bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index 26d930e6a616..a12ec508dddd 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -1290,6 +1290,12 @@ kubelet: ## https: true + ## Skip TLS certificate validation when scraping. + ## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs + ## + insecureSkipVerify: true + ## Enable scraping /metrics/cadvisor from kubelet's service ## cAdvisor: true