-
Notifications
You must be signed in to change notification settings - Fork 28
Network Isolation
Nicolas Degory edited this page Jun 23, 2017
·
2 revisions
Cf. issue #1305
Network isolation should be implemented to restrict access to core services. Identifying the services that should talk together will help building the list of networks and which services should use them.
| Network name | Usage | Main service | Other services |
|---|---|---|---|
| public | for user services that should be virtualized by the proxy service | haproxy | |
| core | api server | amplifier | amplifier-gateway |
| core-public | api gateway public URL | amplifier-gateway | haproxy |
| storage | kv store | etcd | amplifier |
| queue | message processing | nats | agent, ampbeat, amplifier, node_exporter |
| logs | log gathering and processing chain | elasticsearch | kibana, ampbeat, amplifier |
| logs-public | log UI URL | kibana | haproxy |
| monitoring | metrics gathering and processing | prometheus | grafana, alertmanager, node_exporter, nats_exporter, haproxy_exporter |
| monitoring-public | metrics public URL | grafana | prometheus, haproxy |
| proxy | haproxy internals | haproxy | haproxy_exporter |
| portal_public | portal UI URL | portal | haproxy |