[MediaWiki-commits] [Gerrit] operations/puppet[production]: profile: allow Prometheus to access k8s kubelet

Fri, 10 Nov 2017 06:57:03 -0800 

Alexandros Kosiaris has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/389930 )

Change subject: profile: allow Prometheus to access k8s kubelet
......................................................................


profile: allow Prometheus to access k8s kubelet

Use read-only kubelet API HTTP, i.e. 10255.

Bug: T177395
Change-Id: I7cfd2c4ed738724d582b1de77e2ea7ec825a4e50
---
M modules/profile/manifests/kubernetes/node.pp
1 file changed, 10 insertions(+), 0 deletions(-)

Approvals:
  Giuseppe Lavagetto: Looks good to me, but someone else must approve
  Alexandros Kosiaris: Verified; Looks good to me, approved



diff --git a/modules/profile/manifests/kubernetes/node.pp 
b/modules/profile/manifests/kubernetes/node.pp
index 86ad7fc..1763df5 100644
--- a/modules/profile/manifests/kubernetes/node.pp
+++ b/modules/profile/manifests/kubernetes/node.pp
@@ -5,6 +5,7 @@
   $use_cni = hiera('profile::kubernetes::use_cni'),
   $masquerade_all = hiera('profile::kubernetes::node::masquerade_all', true),
   $username = hiera('profile::kubernetes::node::username', 
'client-infrastructure'),
+  $prometheus_nodes = hiera('prometheus_nodes', []),
   ) {
 
     base::expose_puppet_certs { '/etc/kubernetes':
@@ -39,4 +40,13 @@
         port   => '10250',
         srange => "(@resolve((${master_hosts_ferm})))",
     }
+
+    if !empty($prometheus_nodes) {
+        $prometheus_ferm_nodes = join($prometheus_nodes, ' ')
+        ferm::service { 'kubelet-http-readonly-prometheus':
+            proto  => 'tcp',
+            port   => '10255',
+            srange => "(@resolve((${prometheus_ferm_nodes})) 
@resolve((${prometheus_ferm_nodes}), AAAA))"
+        }
+    }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/389930
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7cfd2c4ed738724d582b1de77e2ea7ec825a4e50
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to