/var/run/secrets missing

Hi, when i follow the tutorial , I would like to know how to automatically create these folders and this folder should have the token and ca.crt, please let me know how to do it, i am following certified kubernetes administrator course, but in between i just went to kubernetes the hard way and i see that the author showed us how to create certs. But still for me its not working.

Reason:- I am trying to do a kubernetes monitoringELK, prometheus/grafana), so for both metricbeat and prometheus operator, i would require the certs to check the kube-api-server metrics, would be helpful if someone can help here.

  • post-author-pic
    Will B


    Kubernetes the Hard Way is all about creating the certs manually. They eventually go into different directories depending on the cert. It sounds like what you need are client certs for these monitoring services, so check out the lesson on generating client certificates and generate an additional client cert for each of these services.

    Here's a quick example. You will need a copy of the CA public cert and key (ca.pem and ca-key.pem) and the CA config file (ca-config.json):

    # Use locahost for the address if the monitoring service is running on a Kubernetes control server, otherwise the IP address of the server it is running on.

    cat > metricbeat-csr.json << EOF
    "CN": "system:node:metricbeat",
    "key": {
    "algo": "rsa",
    "size": 2048
    "names": [
    "C": "US",
    "L": "Portland",
    "O": "system:nodes",
    "OU": "Kubernetes The Hard Way",
    "ST": "Oregon"

    cfssl gencert \
    -ca=ca.pem \
    -ca-key=ca-key.pem \
    -config=ca-config.json \
    -hostname=${ADDRESS} \
    -profile=kubernetes \
    metricbeat-csr.json | cfssljson -bare metricbeat

    You would do the same thing for prometheus. This should generate client certs that you can use for those services.

  • post-author-pic

    Thank you :)

Looking For Team Training?

Learn More