I’m looking for the best way to define two different Kubernetes Service resources as part of a Deployment.
I’m using the
Deploy Kubernetes containers step with the blue-green rollout strategy and that’s working fine with a single Service defined of type Load Balancer.
However, that service exposes the API endpoints, basic health check, and metrics (prometheus). This exposes the metrics through the load balancer to external consumers which isn’t necessary and exposes potential sensitive information in the metrics.
I can set up my app to expose the apis on one port and the metrics on a separate port but I need to then define two services. One Load Balancer service the exposes the API endpoints and health check. Another Node Port service targeting a different port that exposes only the metrics (and add a label to signify that it hosts prometheus metrics).
From that point I can configure a Prometheus ServiceMonitor to look for services with the label the metrics service has and specify the metrics service’s defined port name to discover and scrape metrics from all apps that are exposing metrics.