Update Prometheus discovery of kube components

* Kubernetes v1.22.0 disabled kube-controller-manager insecure port, which was used internally for Prometheus metrics scraping * Configure Prometheus to discover and scrape endpoints for kube-scheduler and kube-controller-manager via the authenticated https ports, via bearer token * Change firewall ports to allow Prometheus (on worker nodes) to scrape kube-scheduler and kube-controller-manager targets that run on controller(s) with hostNetwork * Disable the insecure port on kube-scheduler
2025-08-10 07:26:03 +02:00 · 2021-08-10 21:08:49 -07:00
parent 0c99b909a9
commit cbef202eec
22 changed files with 74 additions and 34 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -7,6 +7,8 @@ Notable changes between versions.
 ## v1.22.0

 * Kubernetes [v1.22.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md#v1220)
+* Switch `kube-controller-manager` and `kube-scheduler` to use secure port only
+  * Update Prometheus config to discover endpoints and use a bearer token to scrape

 ### Fedora CoreOS