This message was deleted.
# rke2
a
This message was deleted.
c
you can override the default flags for that component with --kube-controller-manager-arg and change the bind-address value to 0.0.0.0 if you’d like to expose it.
v
would that also expose the metrics port missing on the RKE2 instance?
we are currently using
metrics-bind-address=0.0.0.0:10249
under
kube-proxy-arg
, but I didn’t see a similar arg upstream for kube-controller-manager
c
it’s just bind-address, it doesn’t have a separate listener for metrics
v
in RKE, the 10252 is an HTTP endpoint vs HTTPS 🤔
will do some testing, thank you
c
it depends on the Kubernetes version. They switched everything over to secure at some point.
v
seeing that now after validating on an RKE cluster running the same 1.22.9 version. working on updating our scrapers to use the https endpoint with auth now
r
I don't remember about this one specifically, but I think some had an option for insecure port enable to turn the HTTP port back on (I was looking at some Kubernetes lockdown guidance and it was saying to verify those options weren't present on 3-6 different items).