necro-cloud · khatrivarun · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -22,7 +22,7 @@ module "cluster-issuer" {
 
 # Complete Observability Stack Deployment
 module "observability" {
-  source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=main"
+  source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=task/93/garage-dashboards"
 
   // Certificates Details
   cluster_issuer_name = module.cluster-issuer.cluster-issuer-name
@@ -35,7 +35,7 @@ module "observability" {
 
 # Garage Deployment for an S3 compatible object storage solution
 module "garage" {
-  source = "git::https://github.com/necro-cloud/modules//modules/garage?ref=main"
+  source = "git::https://github.com/necro-cloud/modules//modules/garage?ref=task/93/garage-dashboards"
 
   // Certificates Details
   cluster_issuer_name = module.cluster-issuer.cluster-issuer-name
@@ -46,6 +46,9 @@ module "garage" {
   // Granting required namespaces access to the Garage cluster
   access_namespaces = "postgres,ferret"
 
+  // Observability details
+  observability_namespace = module.observability.observability_namespace
+
   // Configuring required configurations on the Garage Cluster
   required_buckets     = var.garage_required_buckets
   required_access_keys = var.garage_required_access_keys

diff --git a/modules/garage/configmap.tf b/modules/garage/configmap.tf
@@ -37,6 +37,7 @@ resource "kubernetes_config_map" "garage_config" {
 
       [admin]
       api_bind_addr = "[::]:3903"
+      metrics_require_token = false
     EOF
   }
 }

diff --git a/modules/garage/networkpolicy.tf b/modules/garage/networkpolicy.tf
@@ -99,8 +99,30 @@ resource "kubernetes_network_policy" "garage_network_access_policy" {
         port     = 3943
       }
     }
+
+    # Rule 5: Allow OpenTelemetry Collector to scrape Garage metrics
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            "kubernetes.io/metadata.name" = var.observability_namespace
+          }
+        }
 
-    # -------------- INGRESS RULES -------------- #
+        pod_selector {
+          match_labels = {
+            "app.kubernetes.io/instance" = "otel-collector" 
+          }
+        }
+      }
+
+      ports {
+        protocol = "TCP"
+        port     = 3903
+      }
+    }
+
+    # -------------- EGRESS RULES -------------- #
     # Rule 1: Allow egress to other Garage pods
     egress {
       to {

diff --git a/modules/garage/statefulset.tf b/modules/garage/statefulset.tf
@@ -29,6 +29,13 @@ resource "kubernetes_stateful_set" "statefulset" {
           component = "pod"
           "part-of" = "garage"
         }
+
+        // Scrape for metrics
+        annotations = {
+          "prometheus.io/scrape" = "true"
+          "prometheus.io/port"   = "3903"
+          "prometheus.io/path"   = "/metrics"
+        }
       }
 
       spec {

diff --git a/modules/garage/variables.tf b/modules/garage/variables.tf
@@ -24,6 +24,12 @@ variable "namespace" {
   default     = "garage"
 }
 
+variable "observability_namespace" {
+  description = "Namespace where all components for observability are deployed"
+  type        = string
+  nullable    = false
+}
+
 # --------------- GARAGE CERTIFICATE VARIABLES --------------- #
 variable "cluster_issuer_name" {
   description = "Name for the Cluster Issuer to be used to generate internal self signed certificates"
-Original file line number
+Diff line change
@@ Expand Up / @@ -37,6 +37,7 @@ resource "kubernetes_config_map" "garage_config" { @@
           [admin]
           api_bind_addr = "[::]:3903"
+          metrics_require_token = false
         EOF
       }
     }
@@ Expand Down @@