metropolis: implement Metrics Service
This is the first pass at a Metrics Service. It currently consists of an
HTTP reverse proxy which authenticates incoming connections using the
Cluster CA and certificates, and passes these connections over to a
locally running node_exporter.
In the future more exporters will be added, and we will likely also run
our own exporter for Metropolis-specific metrics.
Change-Id: Ibab52aa303965dd7d975f5035f411d1c56ad73e6
Reviewed-on: https://review.monogon.dev/c/monogon/+/1816
Tested-by: Jenkins CI
Reviewed-by: Leopold Schabel <leo@monogon.tech>
diff --git a/metropolis/node/ports.go b/metropolis/node/ports.go
index 440f127..50e9e9a 100644
--- a/metropolis/node/ports.go
+++ b/metropolis/node/ports.go
@@ -37,6 +37,14 @@
// NodeManagement is the TCP port on which the node-local management service
// serves gRPC traffic for NodeManagement.
NodeManagement Port = 7839
+ // MetricsPort is the TCP port on which the Metrics Service exports
+ // Prometheus-compatible metrics for this node, secured using TLS and the
+ // Cluster/Node certificates.
+ MetricsPort Port = 7840
+ // MetricsNodeListenerPort is the TCP port on which the Prometheus node_exporter
+ // runs, bound to 127.0.0.1. The Metrics Service proxies traffic to it from the
+ // public MetricsPort.
+ MetricsNodeListenerPort Port = 7841
// KubernetesAPIPort is the TCP port on which the Kubernetes API is
// exposed.
KubernetesAPIPort Port = 6443