Re: Deprecation Notice: bosh-hm-forwarder is moving

Mike Youngstrom
 

Thanks Joseph,

Perhaps just sending everything would be fine as long as the deployment were added as a tag to the metric or something.  I'll keep thinking about it, look at the code now that it is available, and create an issue in the release repository if I want to discuss it further before putting together any kind of PR or anything.

Thanks,
Mike

On Mon, Jun 4, 2018 at 1:42 PM, Joseph Rodriguez <jrodriguez@...> wrote:
Bosh system metrics can not filter based on deployment (or any other criteria).

We haven't heard about this use case yet but it does sound interesting. If filtering were an option, would you have one deployment of CF with no filter enabled to receive metrics from deployments for non-cf releases (e.g. postgres, redis, et cetera)?

In terms of security, there are no deployment-level permissions on the forwarder client: any consumer that successfully connects to the bosh-system-metrics-server has access to the entire stream. Filtering could occur on either end (director or forwarder), but either way, all metrics will be accessible to any deployment.

It would be relatively straight-forward to fork and add a deployment filter option to the code (1).

1. This is where the bosh-system-metrics-forwarder receives metrics from the bosh-system-metrics-server: https://github.com/cloudfoundry/bosh-system-metrics-forwarder-release/blob/master/src/github.com/pivotal-cf/bosh-system-metrics-forwarder/pkg/ingress/ingress.go#L182


Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.