DevOps

Complexity Out. Simplicity In.

Learn How Dan the DevOps is Using Alcide

Here is a scenario that explains the meeting point of DevOps and Security teams: Dan the DevOps wants to use Slack in order to connect to Prometheus while Sara, the security pro, is reluctant.
Dan
Hi Sara! Since most of our teams are already sending messages and files through Slack channels to coordinate their work, I thought we might streamline the process by opening our systems health monitoring toolkit to the relevant teams on Slack.
Sara
OK… which components require this access?
Dan
Prometheus alert manager
Sara
OK. But we need to define an access list for alert manager to access slack. How do you plan on doing that?
Dan
We’re going to provide egress access to the internet for alert manager
Sara
What else is running on the server that hosts alert manager?
Dan
Lots of other stuff…
Sara
So no. Egress access is not an option. We need to isolate Alertmanager in a better way so that other components are not getting internet access.
Dan
Security groups won’t do either…We can leverage a proxy server with an API filtering list to isolate and provision access to alert manager.
Sara
Honestly, that sounds like an implementation nightmare
Dan
Well…with Alcide I can specify the API endpoint on the Prometheus alert manager VM and containers and open access dynamically only to slack servers.