Lock down Prometheus Alertmanager and NATS ports by default (#378)

* Stop exposing Alertmanager and NATS ports This commit stops exposing the Prometheus Alertmanager and NATS ports by default on Swarm. The respective sections are commented out with a note on re-enabling them. Signed-off-by: John McCabe <john@johnmccabe.net> * Revert queue-worker dev tag in yaml Signed-off-by: John McCabe <john@johnmccabe.net>
2025-06-08 16:26:47 +00:00 · 2017-11-30 00:05:09 +00:00 · 2017-11-30 00:05:09 +00:00 · bc16d125bf
commit bc16d125bf
parent 1aa6270fcc
4 changed files with 26 additions and 14 deletions
--- a/docker-compose.armhf.yml
+++ b/docker-compose.armhf.yml
@ -45,8 +45,10 @@ services:
            - '-config.file=/alertmanager.yml'
        networks:
            - functions
-        ports:
-            - 9093:9093
+        # Uncomment the following port mapping if you wish to expose the Prometheus
+        # Alertmanager UI.
+        # ports:
+        #     - 9093:9093
        deploy:
            placement:
                constraints: [node.role == manager]
--- a/docker-compose.extended.armhf.yml
+++ b/docker-compose.extended.armhf.yml
@ -27,9 +27,11 @@ services:

    nats:
        image: nats-streaming:0.6.0
-        ports:
-            - 4222:4222
-            - 8222:8222
+        # Uncomment the following port mappings if you wish to expose the 
+        # NATS client and/or management ports
+        # ports:
+        #     - 4222:4222
+        #     - 8222:8222
        command: "--store memory --cluster_id faas-cluster"
        networks:
            - functions
@ -82,8 +84,10 @@ services:
            - '-config.file=/alertmanager.yml'
        networks:
            - functions
-        ports:
-            - 9093:9093
+        # Uncomment the following port mapping if you wish to expose the Prometheus
+        # Alertmanager UI.
+        # ports:
+        #     - 9093:9093
        deploy:
            placement:
                constraints: [node.role == manager]
--- a/docker-compose.extended.yml
+++ b/docker-compose.extended.yml
@ -32,9 +32,11 @@ services:

    nats:
        image: nats-streaming:0.6.0
-        ports:
-            - 4222:4222
-            - 8222:8222
+        # Uncomment the following port mappings if you wish to expose the 
+        # NATS client and/or management ports
+        # ports:
+        #     - 4222:4222
+        #     - 8222:8222
        command: "--store memory --cluster_id faas-cluster"
        networks:
            - functions
@ -99,8 +101,10 @@ services:
            - '-config.file=/alertmanager.yml'
        networks:
            - functions
-        ports:
-            - 9093:9093
+        # Uncomment the following port mapping if you wish to expose the Prometheus
+        # Alertmanager UI.
+        # ports:
+        #     - 9093:9093
        deploy:
            resources:
                limits:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -59,8 +59,10 @@ services:
            - '-config.file=/alertmanager.yml'
        networks:
            - functions
-        ports:
-            - 9093:9093
+        # Uncomment the following port mapping if you wish to expose the Prometheus
+        # Alertmanager UI.
+        # ports:
+        #     - 9093:9093
        deploy:
            resources:
                limits: