k0: expose controller-manager and scheduler metrics We want to be able to scrape controller-manager and scheduler metrics into Prometheus. For that, each of them needs to: 1) listen on a secure port 2) have authn enabled With this, any k8s user with the right permissions (and a bearer token or TLS certificate) can come in and access metrics over a node's public IP address. Access without a certificate/token gets thrown into the system:anonymous user, which as no access to any API. Change-Id: I267680f92f748ba63b6762e6aaba3c417446e50b

commit: 1257389d3dba07fedfb43ce4b6a5862142d4b832 [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Sat Oct 10 14:55:08 2020 +0200
committer: q3k <q3k@hackerspace.pl> Sat Oct 10 16:00:15 2020 +0000
tree: e11fdf90244b8fce0c17454fff29f30081c2513a
parent: 36224c617a1e0924e95a64c047091d3678885d82 [diff] [blame]
diff --git a/cluster/nix/defs-cluster-k0.nix b/cluster/nix/defs-cluster-k0.nix
index 832c741..c3519cc 100644
--- a/cluster/nix/defs-cluster-k0.nix
+++ b/cluster/nix/defs-cluster-k0.nix

@@ -70,7 +70,9 @@
   ports = {
     k8sAPIServerPlain = 4000;
     k8sAPIServerSecure = 4001;
-    k8sControllerManagerPlain = 0; # 4002; do not serve plain http
+    k8sControllerManagerPlain = 0; # would be 4002; do not serve plain http
     k8sControllerManagerSecure = 4003;
+    k8sSchedulerPlain = 0; # would be 4004; do not serve plain http
+    k8sSchedulerSecure = 4005;
   };
 }
commit	1257389d3dba07fedfb43ce4b6a5862142d4b832	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Sat Oct 10 14:55:08 2020 +0200
committer	q3k <q3k@hackerspace.pl>	Sat Oct 10 16:00:15 2020 +0000
tree	e11fdf90244b8fce0c17454fff29f30081c2513a
parent	36224c617a1e0924e95a64c047091d3678885d82 [diff] [blame]