Re: Can I secure Prometheus/JMX monitoring Network Policies?

Home Messages Hashtags Subgroups

Jakub Scholz #72 Hi David, I'm afraid you are right - they cannot be secured through network policies right now. The built in Strimzi network policies open the ports up and you cannot close it anymore. And for Prometheus and JMX ports it is not configurable in any way. Feel free to open a GitHub enhancement issue for it if you want. Thanks & Regards Jakub toggle quoted message Show quoted text On Tue, May 4, 2021 at 5:38 PM David Lynn <david.james.lynn@...> wrote: Hi, I am currently using strimzi with monitoring enabled. I am also using Network Policies to secure my cluster communication. I have found a method to secure my listeners to allow specific sources to be accessed: https://strimzi.io/docs/operators/latest/using.html#configuration-listener-network-policy-reference However Strimzi also creates network policies for the Prometheus/JMX ports, and I have been currently unable to see where I would specify the networkPolicyPeers required to restrict communication. I believe I cannot add these to the listeners, as described in this comment: https://strimzi.io/docs/operators/latest/using.html#property-generic-listeners-reference Is there somewhere where I can add the Network Policy restrictions for port 9404 (Prometheus) and 9999 (JMX)? Thanks, David
More All Messages By This Member

Join cncf-strimzi-dev@lists.cncf.io to automatically receive all group messages.