By using this configuration it will create separate scrape configs for cluster components like API server and node and the services will use different authentication configs. also note Kubernetes labels will be added as Prometheus.
scrape_configs: - job_name: "kubernetes-apiservers" kubernetes_sd_configs: - role: endpoints # Default to scraping over https # If required, just disable this or change to http scheme: https # This TLS & authorization config is used to connect to the actual scrape # endpoints for cluster components. This is separate to discovery auth # configuration because discovery & scraping are two separate concerns in # Prometheus. The discovery auth config is automatic if Prometheus runs # inside the cluster. Otherwise, more config options have to be provided # within the # <kubernetes_sd_config> tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt # If your node certificates are self-signed or use a different CA to the # master CA, then disable certificate verification below. Note that # certificate verification is an integral part of a secure infrastructure, # so this should only be disabled in a controlled environment. You can # disable certificate verification by uncommenting the line below. insecure_skip_verify: true authorization: credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token # Keep only the default/kubernetes service endpoints for the https port. # This will add targets for each API server which Kubernetes adds an # endpoint to the default/kubernetes service. relabel_configs: - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name,] action: keep regex: default;kubernetes;https
Please refer to this [document][1] for more information. [1]: https://github.com/prometheus/prometheus/blob/main/documentation/examples/prometheus-kubernetes.yml
