Open ayoub-belarbi opened 5 years ago
Right now we allow inbound access from all ips to the exporters in Azure, we should improve that to only allow access from other nodes since we don't need access to the exporters from outside world. Only the monitoring node need that.
Example can be found here: https://github.com/SUSE/ha-sap-terraform-deployments/blob/c4b149ad4c6cff0e3152ae635a6aa8b473daf823/azure/network.tf#L405
Try to extend the range of ha-exporter from 9002 to further.
Right now we allow inbound access from all ips to the exporters in Azure, we should improve that to only allow access from other nodes since we don't need access to the exporters from outside world. Only the monitoring node need that.
Example can be found here: https://github.com/SUSE/ha-sap-terraform-deployments/blob/c4b149ad4c6cff0e3152ae635a6aa8b473daf823/azure/network.tf#L405