kube-prometheus
kube-prometheus copied to clipboard
prometheus-operator
Please document ports for communication between all the components
What is missing?
I was not able to find the documentation that gives a list of which component talks to which component on which port. This includes both kube-promehteus components and relevant kubernetes components
Why do we need it?
I'm running a cluster with default deny policy on cluster level. This means that all communications from and to of all pods in the cluster are disabled by default.
In order to make kube-prometheus work, I need to put specific Network Policies in place, that would allow kube-prometheus to function. In order to do that, I need to know which component need to talk to which and on which port. This information is dispersed over various documentation, and for some components I was not able to find any.
Without this information it's extremely difficult to configure the policies correctly and make the cluster secure.
Environment
-
kube-prometheus version:
3caeca980339cf13f56cb07d7edd6a741e496852
Anything else we need to know?:
A bonus point for supplying required network policies as part of kube-prometheus
Agreed this should be documented. Could you contribute your network policies though? I think that's a great way of not just documenting but keeping them up to date. Maybe we can even run e2e tests with a default deny policy.
Sorry, I did do some policies on the lap, but I do not see they are of sufficient quality for contributing. Some of them are quite wide and really has to be narrower, for most real-life use cases.
