问题描述

当前在我在Prometheus中的 kubernetes-nodes 工作中，端点/api/v1/nodes/gk3-<集群名称> -default-pool-<任意的>/代理/指标被抓

Currently in my kubernetes-nodes job in Prometheus, The endpoint /api/v1/nodes/gk3-<cluster name>-default-pool-<something arbitrary>/proxy/metrics is being scraped

但是问题是我收到403错误，该错误表示 GKEAutopilot authz:群集作用域资源"nodes/proxy"；在邮递员上手动尝试时会被管理并且访问被拒绝

But the thing is I'm getting a 403 error which says GKEAutopilot authz: cluster scoped resource "nodes/proxy" is managed and access is denied when I try it manually on postman

如何在GKE Autopilot上解决此问题?

How do I get around this on GKE Autopilot?

推荐答案

虽然Autopilot文档未特别提及节点代理API，但这在限制"部分中:

While the Autopilot docs don't mention the node proxy API specifically, this is in the limitations section:

Most external monitoring tools require access that is restricted. Solutions from several Google Cloud partners are available for use on Autopilot, however not all are supported, and custom monitoring tools cannot be installed on Autopilot clusters.

鉴于端口转发和所有其他节点级别的访问受到限制，这似乎不可用.尚不清楚Autopilot甚至根本没有使用Kubelet，并且它们可能不会告诉您.

Given that port-forward and all other node-level access is restricted it seems likely this is not available. It's not clear that Autopilot even uses Kubelet at all and they probably aren't going to tell you.

这篇关于在GKE自动驾驶仪上使用Prometheus?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！