As part of our CF monitoring we want to collect data from the DEA varz endpoints to help us calculate our headroom. In the spirit of eating our own dogfood we want to deploy this a micro service on CF itself.
The challenge we face is the DEA explicitly denies the containers to talk to the varz endpoint for the DEA the app runs on. It can happily hit varz for all other DEAs. The deny is handled by an iptable reject on the dea's interface.
Looking at my options, I could run the app outside of CF or add an iptable rule to the dea's. Neither option fills me with joy.
How have others approached the problem of collecting varz data for analysis? Admin-ui does this but runs on a VM, possibly for this very reason.