Update Prometheus discovery of kube components

* Kubernetes v1.22.0 disabled kube-controller-manager insecure port, which was used internally for Prometheus metrics scraping * Configure Prometheus to discover and scrape endpoints for kube-scheduler and kube-controller-manager via the authenticated https ports, via bearer token * Change firewall ports to allow Prometheus (on worker nodes) to scrape kube-scheduler and kube-controller-manager targets that run on controller(s) with hostNetwork * Disable the insecure port on kube-scheduler
2025-07-29 19:41:33 +02:00 · 2021-08-10 21:08:49 -07:00
parent 0c99b909a9
commit cbef202eec
22 changed files with 74 additions and 34 deletions
--- a/google-cloud/flatcar-linux/kubernetes/network.tf
+++ b/google-cloud/flatcar-linux/kubernetes/network.tf
@ -55,7 +55,7 @@ resource "google_compute_firewall" "internal-kube-metrics" {

  allow {
    protocol = "tcp"
-    ports    = [10251, 10252]
+    ports    = [10257, 10259]
  }

  source_tags = ["${var.cluster_name}-worker"]