Filippo Giunchedi has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/389930 )
Change subject: profile: allow Prometheus to access k8s kubelet
......................................................................
profile: allow Prometheus to access k8s kubelet
Bug: T177395
Change-Id: I7cfd2c4ed738724d582b1de77e2ea7ec825a4e50
---
M modules/profile/manifests/kubernetes/node.pp
1 file changed, 8 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/30/389930/1
diff --git a/modules/profile/manifests/kubernetes/node.pp
b/modules/profile/manifests/kubernetes/node.pp
index 86ad7fc..4809dfa 100644
--- a/modules/profile/manifests/kubernetes/node.pp
+++ b/modules/profile/manifests/kubernetes/node.pp
@@ -5,6 +5,7 @@
$use_cni = hiera('profile::kubernetes::use_cni'),
$masquerade_all = hiera('profile::kubernetes::node::masquerade_all', true),
$username = hiera('profile::kubernetes::node::username',
'client-infrastructure'),
+ $prometheus_nodes = hiera('prometheus_nodes', []),
) {
base::expose_puppet_certs { '/etc/kubernetes':
@@ -39,4 +40,11 @@
port => '10250',
srange => "(@resolve((${master_hosts_ferm})))",
}
+
+ $prometheus_ferm_nodes = join($prometheus_nodes, ' ')
+ ferm::service { 'kubelet-http-prometheus':
+ proto => 'tcp',
+ port => '10250',
+ srange => "(@resolve((${prometheus_ferm_nodes}))
@resolve((${prometheus_ferm_nodes}), AAAA))"
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/389930
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7cfd2c4ed738724d582b1de77e2ea7ec825a4e50
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Filippo Giunchedi <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
