我有一些由 Thanos 集中监控的
openshift (4.8)8.3.1从我的桌面访问 URL 时效果很好。但是,当从数据源配置面板访问时,我收到 403 错误
我的假设是我错误配置了与 TLS 密钥相关的某些内容。
有什么想法吗?
这是日志错误的内容:
t=2021-12-31T16:08:05+0200 lvl=eror msg="Instant query failed" logger=tsdb.prometheus query=1+1 err="Post \"https://thanos-querier-openshift-monitoring.mycluster/api/v1/query\": x509: certificate signed by unknown authority"
t=2021-12-31T16:08:05+0200 lvl=info msg="Request Completed" logger=context userId=1 orgId=1 uname=admin method=POST path=/api/ds/query status=400 remote_addr=[::1] time_ms=33 size=166 referer=http://localhost:3000/datasources/edit/wTJvnKAnk
t=2021-12-31T16:08:13+0200 lvl=eror msg="Instant query failed" logger=tsdb.prometheus query=1+1 err="client_error: client error: 403"
t=2021-12-31T16:08:13+0200 lvl=info msg="Request Completed" logger=context userId=1 orgId=1 uname=admin method=POST path=/api/ds/query status=400 remote_addr=[::1] time_ms=53 size=65 referer=http://localhost:3000/datasources/edit/wTJvnKAnk
t=2021-12-31T16:08:14+0200 lvl=eror msg="Instant query failed" logger=tsdb.prometheus query=1+1 err="client_error: client error: 403"
t=2021-12-31T16:08:14+0200 lvl=info msg="Request Completed" logger=context userId=1 orgId=1 uname=admin method=POST path=/api/ds/query status=400 remote_addr=[::1] time_ms=50 size=65 referer=http://localhost:3000/datasources/edit/wTJvnKAnk
t=2021-12-31T16:39:17+0200 lvl=eror msg="Instant query failed" logger=tsdb.prometheus query=1+1 err="client_error: client error: 403"
t=2021-12-31T16:39:17+0200 lvl=info msg="Request Completed" logger=context userId=1 orgId=1 uname=admin method=POST path=/api/ds/query status=400 remote_addr=[::1] time_ms=81 size=65 referer=http://localhost:3000/datasources/edit/wTJvnKAnk
您的 TLS 验证有问题:
x509: certificate signed by unknown authority
最简单的选择是检查 Prometheus 数据源中的
Skip TLS Verify更安全(也更复杂)的选项是将使用的 CA 证书也添加到 Grafana 容器中,这样 Grafana 将能够验证 Prometheus 证书。