Re: Deprecation Notice: bosh-hm-forwarder is moving

Joseph Rodriguez <jrodriguez@...>
 

Bosh system metrics can not filter based on deployment (or any other criteria).

We haven't heard about this use case yet but it does sound interesting. If filtering were an option, would you have one deployment of CF with no filter enabled to receive metrics from deployments for non-cf releases (e.g. postgres, redis, et cetera)?

In terms of security, there are no deployment-level permissions on the forwarder client: any consumer that successfully connects to the bosh-system-metrics-server has access to the entire stream. Filtering could occur on either end (director or forwarder), but either way, all metrics will be accessible to any deployment.

It would be relatively straight-forward to fork and add a deployment filter option to the code (1).

1. This is where the bosh-system-metrics-forwarder receives metrics from the bosh-system-metrics-server: https://github.com/cloudfoundry/bosh-system-metrics-forwarder-release/blob/master/src/github.com/pivotal-cf/bosh-system-metrics-forwarder/pkg/ingress/ingress.go#L182

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.