Securley Accessing Prometheus and Kibana in Production


I am planning on using the Rancher Library versions of Prometheus and the ELK stack. I was wondering what people had been doing in production to expose the services securely?

Using ingress with cert-manager is one way, if you expose via Loadbalancer, you can terminate TLS on LB as well.

Awesome, that’s the answer I was hoping for :slightly_smiling_face:

I was also thinking this morning it might be worth while to be extra cautious and throw on a networkpolicy that only allows ingress from a specific IP range, etc.

Absolutely, it’s usually straightforward to allow traffic from very specific cidr ranges and ports. If you are on a Cloud such as AWS, security groups are the standard approach which you can also organise to have inter-dependencies directly or using ‘self’.