Investigate running an frp tunnel for Prometheus exporters on restricted networks

Prometheus gets metrics using outgoing HTTP connections (from Prometheus to the exporter). This means that it doesn't work if the service/exporter is on a management network.

A solution for that is to use a reverse tunnel. This is simpler and safer than a VPN solution. A good tool for this is frp, which supports a whole variety of configurations and transports (including WebSocket).

We could run a server on Kubernetes that receives incoming frp connections, using WebSockets, and serves incoming HTTP requests, by forwarding through the tunnel. Then Prometheus can be configured to scrape it.