Annotate nginx-ingress addon for Prometheus auto-discovery

* Add Google Cloud firewall rule to allow worker to worker access
to health and metrics
This commit is contained in:
Dalton Hubble 2018-05-19 13:05:50 -07:00
parent 2ae126bf68
commit 28d0891729
6 changed files with 38 additions and 0 deletions

View File

@ -40,6 +40,7 @@ Notable changes between versions.
* Update Grafana from v5.04 to v5.1.3 ([#208](https://github.com/poseidon/typhoon/pull/208))
* Disable Grafana Google Analytics by default ([#214](https://github.com/poseidon/typhoon/issues/214))
* Update nginx-ingress from 0.14.0 to 0.15.0
* Annotate nginx-ingress service so Prometheus auto-discovers and scrapes service endpoints ([#222](https://github.com/poseidon/typhoon/pull/222))
## v1.10.2

View File

@ -3,6 +3,9 @@ kind: Service
metadata:
name: nginx-ingress-controller
namespace: ingress
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '10254'
spec:
type: ClusterIP
selector:

View File

@ -3,6 +3,9 @@ kind: Service
metadata:
name: nginx-ingress-controller
namespace: ingress
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '10254'
spec:
type: ClusterIP
selector:

View File

@ -3,6 +3,9 @@ kind: Service
metadata:
name: nginx-ingress-controller
namespace: ingress
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '10254'
spec:
type: ClusterIP
selector:

View File

@ -135,6 +135,20 @@ resource "google_compute_firewall" "internal-kubelet" {
target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"]
}
# Allow Prometheus to scrape ingress-controller
resource "google_compute_firewall" "ingress-health" {
name = "${var.cluster_name}-ingress-health"
network = "${google_compute_network.network.name}"
allow {
protocol = "tcp"
ports = [10254]
}
source_tags = ["${var.cluster_name}-worker"]
target_tags = ["${var.cluster_name}-worker"]
}
resource "google_compute_firewall" "internal-kubelet-readonly" {
name = "${var.cluster_name}-internal-kubelet-readonly"
network = "${google_compute_network.network.name}"

View File

@ -135,6 +135,20 @@ resource "google_compute_firewall" "internal-kubelet" {
target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"]
}
# Allow Prometheus to scrape ingress-controller
resource "google_compute_firewall" "ingress-health" {
name = "${var.cluster_name}-ingress-health"
network = "${google_compute_network.network.name}"
allow {
protocol = "tcp"
ports = [10254]
}
source_tags = ["${var.cluster_name}-worker"]
target_tags = ["${var.cluster_name}-worker"]
}
resource "google_compute_firewall" "internal-kubelet-readonly" {
name = "${var.cluster_name}-internal-kubelet-readonly"
network = "${google_compute_network.network.name}"