https://rancher.com/ logo
#rke2
Title
v

victorious-analyst-3332

05/18/2022, 2:03 PM
Howdy all 👋 Is it expected that the
kube-controller-manager
metrics on port 10252 are not exposed in RKE2 deployments. We are currently testing
v1.22.9+rke2r2
deployed via Rancher
v2.6.5
and are seeing the following differences from RKE deployments. Thanks a lot. RKE cluster:
Copy code
# netstat -tulpn | grep kube-contro
tcp6       0      0 :::10252                :::*                    LISTEN      17396/kube-controll
tcp6       0      0 :::10257                :::*                    LISTEN      17396/kube-controll
RKE2 cluster:
Copy code
# netstat -tulpn | grep kube-contro
tcp        0      0 127.0.0.1:10257         0.0.0.0:*               LISTEN      39961/kube-controll
c

creamy-pencil-82913

05/18/2022, 5:29 PM
you can override the default flags for that component with --kube-controller-manager-arg and change the bind-address value to 0.0.0.0 if you’d like to expose it.
v

victorious-analyst-3332

05/18/2022, 5:30 PM
would that also expose the metrics port missing on the RKE2 instance?
we are currently using
metrics-bind-address=0.0.0.0:10249
under
kube-proxy-arg
, but I didn’t see a similar arg upstream for kube-controller-manager
c

creamy-pencil-82913

05/18/2022, 5:31 PM
it’s just bind-address, it doesn’t have a separate listener for metrics
v

victorious-analyst-3332

05/18/2022, 5:40 PM
in RKE, the 10252 is an HTTP endpoint vs HTTPS 🤔
will do some testing, thank you
c

creamy-pencil-82913

05/18/2022, 8:30 PM
it depends on the Kubernetes version. They switched everything over to secure at some point.
v

victorious-analyst-3332

05/18/2022, 9:25 PM
seeing that now after validating on an RKE cluster running the same 1.22.9 version. working on updating our scrapers to use the https endpoint with auth now
r

rapid-helmet-86074

05/19/2022, 2:25 PM
I don't remember about this one specifically, but I think some had an option for insecure port enable to turn the HTTP port back on (I was looking at some Kubernetes lockdown guidance and it was saying to verify those options weren't present on 3-6 different items).
55 Views