Capturing data from DEA varz endpoints

john mcteague <john.mcteague@...>

As part of our CF monitoring we want to collect data from the DEA varz
endpoints to help us calculate our headroom. In the spirit of eating our
own dogfood we want to deploy this a micro service on CF itself.

The challenge we face is the DEA explicitly denies the containers to talk
to the varz endpoint for the DEA the app runs on. It can happily hit varz
for all other DEAs. The deny is handled by an iptable reject on the dea's

Looking at my options, I could run the app outside of CF or add an iptable
rule to the dea's. Neither option fills me with joy.

How have others approached the problem of collecting varz data for
analysis? Admin-ui does this but runs on a VM, possibly for this very


Aaron Huber

You can use the allow_host_access property in your manifest to enable the
access. It simply suppresses the iptables rule you mention that rejects the

Aaron Huber
Intel Corporation

View this message in context:
Sent from the CF Dev mailing list archive at