Re: Can I secure Prometheus/JMX monitoring Network Policies?

Jakub Scholz

Hi David,

I'm afraid you are right - they cannot be secured through network policies right now. The built in Strimzi network policies open the ports up and you cannot close it anymore. And for Prometheus and JMX ports it is not configurable in any way. Feel free to open a GitHub enhancement issue for it if you want.

Thanks & Regards

On Tue, May 4, 2021 at 5:38 PM David Lynn <david.james.lynn@...> wrote:

I am currently using strimzi with monitoring enabled. I am also using Network Policies to secure my cluster communication.

I have found a method to secure my listeners to allow specific sources to be accessed:

However Strimzi also creates network policies for the Prometheus/JMX ports, and I have been currently unable to see where I would specify the networkPolicyPeers required to restrict communication.

I believe I cannot add these to the listeners, as described in this comment:

Is there somewhere where I can add the Network Policy restrictions for port 9404 (Prometheus) and 9999 (JMX)?


Join to automatically receive all group messages.