[cf-dev] Capturing data from DEA varz endpoints

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Capturing data from DEA varz endpoints

john mcteague

As part of our CF monitoring we want to collect data from the DEA varz endpoints to help us calculate our headroom. In the spirit of eating our own dogfood we want to deploy this a micro service on CF itself.

The challenge we face is the DEA explicitly denies the containers to talk to the varz endpoint for the DEA the app runs on. It can happily hit varz for all other DEAs. The deny is handled by an iptable reject on the dea's interface.

Looking at my options, I could run the app outside of CF or add an iptable rule to the dea's. Neither option fills me with joy.

How have others approached the problem of collecting varz data for analysis? Admin-ui does this but runs on a VM, possibly for this very reason.

Thanks
John.


_______________________________________________
cf-dev mailing list
[hidden email]
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Capturing data from DEA varz endpoints

aaron_huber
Administrator
You can use the allow_host_access property in your manifest to enable the access.  It simply suppresses the iptables rule you mention that rejects the traffic.

https://github.com/cloudfoundry/cf-release/blob/master/jobs/dea_next/spec#L37

Aaron Huber
Intel Corporation