Annotate nginx-ingress addon for Prometheus auto-discovery

* Add Google Cloud firewall rule to allow worker to worker access to health and metrics
2025-07-17 18:11:33 +02:00 · 2018-05-19 13:05:50 -07:00
parent 2ae126bf68
commit 28d0891729
6 changed files with 38 additions and 0 deletions
--- a/google-cloud/container-linux/kubernetes/network.tf
+++ b/google-cloud/container-linux/kubernetes/network.tf
@ -135,6 +135,20 @@ resource "google_compute_firewall" "internal-kubelet" {
  target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"]
 }

+# Allow Prometheus to scrape ingress-controller
+resource "google_compute_firewall" "ingress-health" {
+  name    = "${var.cluster_name}-ingress-health"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = [10254]
+  }
+
+  source_tags = ["${var.cluster_name}-worker"]
+  target_tags = ["${var.cluster_name}-worker"]
+}
+
 resource "google_compute_firewall" "internal-kubelet-readonly" {
  name    = "${var.cluster_name}-internal-kubelet-readonly"
  network = "${google_compute_network.network.name}"