Metricbeat uses HTTP helper to gather metrics from kubelet + many Prometheus endpoints. In order to use the safe port (HTTPS) we need to implement a way to fetch service account token from the metricbeat container. A request like this works:
TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt https://localhost:10250/stats/summary -H "Authorization: Bearer $TOKEN"
Metricbeat uses HTTP helper to gather metrics from kubelet + many Prometheus endpoints. In order to use the safe port (HTTPS) we need to implement a way to fetch service account token from the metricbeat container. A request like this works:
more on service account tokens:
https://kubernetes.io/docs/concepts/storage/volumes/#projected
https://kubernetes.io/docs/reference/access-authn-authz/authentication/