Open up port 10250 between nodes for prometheus

[tobstarr]

Prometheus uses port 10250 to collect metrics from the nodes in a cluster over https. This port is not open in the default security group settings of the workers in stack-template.json (but 10255 is).

I guess it would make sense to also open port 10250 by default so that people are not running into that firewall issue (as I did)?

I would be willing to draft a PR if you are willing to add this firewall rule to the defaults.

[felixbuenemann]

@tobstarr Is this required in a default cluster as created by kube-aws up or only if additional addons are configured?

[tobstarr]

it would be only necessary for addons consuming cadvisor (which can also be accessed on - non ssl - port 10255 which is already open). So I thought it might sense to either open both or none?

[felixbuenemann]

Ah, I didn't make the connection to cadvisor. I agree that it makes sense to open both ports.

I suggest you make a PR and add a short description of your use case.