We are using Hosted Grafana instance, and own Prometheus as data source.
We would like to restrict access to the Prometheus server only from Grafana.
Which IP’s we can add to the firewall in order to Grafana successfully get metrics from Prometheus?
Thank you.
We’re in the process of setting up docs for Hosted Grafana, in the meantime this maybe answers your question?
Source IPs for whitelisting
If your corporate network requires external services to be on a whitelist to allow access, you can use the following lists to update your ACLs.
JSON format: https://grafana.com/api/hosted-grafana/source-ips
Text format: https://grafana.com/api/hosted-grafana/source-ips.txt
DNS lookup: src-ips.hosted-grafana.grafana.net
Those lists are always updated with IP addresses of the nodes on our clusters that might be running Hosted Grafana instances.
I use a shared hosting for my database (Hostgator cPanel), and entering IPs one at a time is very annoying. I tried adding grafana.net and grafana.com to the ACL (for my Hosted Grafana instance), but alas that did not work, and now I see why.
I made a little wildcard mask list for your list of IPs. This probably still allows millions of IPs, but it’s better than allowing %.bc.googleusercontent.com.
Use it at your own risk. It could be distilled down a bit, but it’s not my server so big deal.
|104.1%.%.%|
|34.6%.%.%|
|34.7%.%.%|
|35.1%.%.%|
|35.2%.%.%|
Thanks for this. Do you happen to know how often those IPs change?