Enable kube-proxy metrics and allow Prometheus scrapes

* Configure kube-proxy --metrics-bind-address=0.0.0.0 (default
127.0.0.1) to serve metrics on 0.0.0.0:10249
* Add firewall rules to allow Prometheus (resides on a worker) to
scrape kube-proxy service endpoints on controllers or workers
* Add a clusterIP: None service for kube-proxy endpoint discovery

addons/prometheus/discovery/kube-controller-manager.yaml

@@ -1,3 +1,4 @@
+# Allow Prometheus to scrape service endpoints
 apiVersion: v1
 kind: Service
 metadata:
@@ -7,7 +8,6 @@ metadata:
     prometheus.io/scrape: 'true'
 spec:
   type: ClusterIP
-  # service is created to allow prometheus to scrape endpoints
   clusterIP: None
   selector:
     k8s-app: kube-controller-manager

addons/prometheus/discovery/kube-proxy.yaml

@@ -0,0 +1,19 @@
+# Allow Prometheus to scrape service endpoints
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-proxy
+  namespace: kube-system
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '10249'
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    k8s-app: kube-proxy
+  ports:
+    - name: metrics
+      protocol: TCP
+      port: 10249
+      targetPort: 10249

addons/prometheus/discovery/kube-scheduler.yaml

@@ -1,3 +1,4 @@
+# Allow Prometheus to scrape service endpoints
 apiVersion: v1
 kind: Service
 metadata:
@@ -7,7 +8,6 @@ metadata:
     prometheus.io/scrape: 'true'
 spec:
   type: ClusterIP
-  # service is created to allow prometheus to scrape endpoints
   clusterIP: None
   selector:
     k8s-app: kube-scheduler