john mcteague <john.mcteague@...>
As part of our CF monitoring we want to collect data from the DEA varz
endpoints to help us calculate our headroom. In the spirit of eating our
own dogfood we want to deploy this a micro service on CF itself.
The challenge we face is the DEA explicitly denies the containers to talk
to the varz endpoint for the DEA the app runs on. It can happily hit varz
for all other DEAs. The deny is handled by an iptable reject on the dea's
Looking at my options, I could run the app outside of CF or add an iptable
rule to the dea's. Neither option fills me with joy.
How have others approached the problem of collecting varz data for
analysis? Admin-ui does this but runs on a VM, possibly for this very