k0: expose controller-manager and scheduler metrics
We want to be able to scrape controller-manager and scheduler metrics
into Prometheus. For that, each of them needs to:
1) listen on a secure port
2) have authn enabled
With this, any k8s user with the right permissions (and a bearer token
or TLS certificate) can come in and access metrics over a node's public
IP address. Access without a certificate/token gets thrown into the
system:anonymous user, which as no access to any API.
Change-Id: I267680f92f748ba63b6762e6aaba3c417446e50b
diff --git a/cluster/nix/defs-cluster-k0.nix b/cluster/nix/defs-cluster-k0.nix
index 832c741..c3519cc 100644
--- a/cluster/nix/defs-cluster-k0.nix
+++ b/cluster/nix/defs-cluster-k0.nix
@@ -70,7 +70,9 @@
ports = {
k8sAPIServerPlain = 4000;
k8sAPIServerSecure = 4001;
- k8sControllerManagerPlain = 0; # 4002; do not serve plain http
+ k8sControllerManagerPlain = 0; # would be 4002; do not serve plain http
k8sControllerManagerSecure = 4003;
+ k8sSchedulerPlain = 0; # would be 4004; do not serve plain http
+ k8sSchedulerSecure = 4005;
};
}