Allow homelab to scrape CNPG metrics on port 9187
Add tcp:9187 to tag:homelab → tag:k8s ACL rule for Prometheus to scrape CloudNativePG metrics endpoint. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
329f58499b
commit
74c218063d
1 changed files with 4 additions and 4 deletions
|
|
@ -74,11 +74,11 @@
|
|||
"dst": ["tag:homelab"],
|
||||
"ip": ["tcp:3001", "tcp:2200"],
|
||||
},
|
||||
// Homelab can reach k8s PostgreSQL for borgmatic backups
|
||||
// Homelab can reach k8s PostgreSQL for borgmatic backups and metrics scraping
|
||||
{
|
||||
"src": ["tag:homelab"],
|
||||
"dst": ["tag:k8s"],
|
||||
"ip": ["tcp:5432"],
|
||||
"ip": ["tcp:5432", "tcp:9187"],
|
||||
},
|
||||
],
|
||||
|
||||
|
|
@ -141,10 +141,10 @@
|
|||
"accept": ["tag:kiwix:443", "tag:forge:443", "tag:feed:443", "tag:pg:5432"],
|
||||
"deny": ["tag:grafana:443", "tag:loki:3100", "tag:nas:445", "tag:registry:443", "tag:k8s-api:443"],
|
||||
},
|
||||
// Homelab can reach homelab and NAS
|
||||
// Homelab can reach homelab, NAS, and k8s metrics
|
||||
{
|
||||
"src": "tag:homelab",
|
||||
"accept": ["tag:homelab:22", "tag:nas:445"],
|
||||
"accept": ["tag:homelab:22", "tag:nas:445", "tag:k8s:9187"],
|
||||
},
|
||||
// K8s workloads can reach registry and forge (on indri:3001 HTTP, :2200 SSH)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue