AKS Kube Proxy doesn't expose metrics

Question

I'm trying to scrape the AKS kube-proxy metrics with Prometheus without success, the reason is that some of the metrics are only exposed to localhost as the following example:

tcp LISTEN 0  16384  127.0.0.1:10249 *:*                    

AKS version: 1.16.9

To validate this I also tried to add this to the kube-proxy DeamonSet :

--metrics-bind-address=0.0.0.0

After the pods restart I can see the metrics, but after some minutes Azure will bring back the version to the managed one, removing the metrics bind address.

Answer 1

There is the following thread: "kube-proxy cannot be scraped for metrics #1395" at AKS/issues on Github.

As of Sep 2020, the issue is not resolved on AKS 1.16.9, 1.16.10, 1.17.7...

the metrics are only locally available, it seems it listens to localhost only and can not be accesses from outside. Prometheus can't access it.

The discussion continued at "Prometheus scrape metrics for kube-proxy #1695". The latest post in that thread is your's, so I assume you are totally aware of how exactly scraping works on AKS as of now :-D (compared to Azure Monitor).

UPD. Just for the sake of "Search engine optimization" (the answer in that github tread) :

palma21 commented 2 days ago

This was not possible to be changed on the fleet for security concerns on clusters with 1.15 and prior. We'll take a look at this now that 1.15 has been removed.