Hi,
I am planning on using the Rancher Library versions of Prometheus and the ELK stack. I was wondering what people had been doing in production to expose the services securely?
Using ingress with cert-manager is one way, if you expose via Loadbalancer, you can terminate TLS on LB as well.
Awesome, that’s the answer I was hoping for 
I was also thinking this morning it might be worth while to be extra cautious and throw on a networkpolicy that only allows ingress from a specific IP range, etc.
Absolutely, it’s usually straightforward to allow traffic from very specific cidr ranges and ports. If you are on a Cloud such as AWS, security groups are the standard approach which you can also organise to have inter-dependencies directly or using ‘self’.