The Cloud-VPS infrastructure is now hosting certain services (including the OpenStack API and our DNS servers) using cloud realm IP addresses via servers with both wikiprod and cloud realm connectivity using our cloudsw switches. This setup is following case 4 documented on https://wikitech.wikimedia.org/wiki/Cross-Realm_traffic_guidelines#Case_4:_cloud-dedicated_hardware.
An open question is how to implement (Prometheus-based) monitoring for those services. Current prometheus hardware does not currently have connectivity to the cloud realm addresses. We have cloudmetrics hardware that's currently running the cloud vps prometheus instance, however those are not in WMCS dedicated racks so they're currently relying on a hack to permit access to the cloud-realm addresses.
The simplest solution for now would be to relocate cloudmetrics hosts to WMCS racks and give them addresses in cloud-private, however T336854: Move labs/wmcs (OpenStack) Prometheus instance off cloudmetrics hosts to prometheus* hosts has plans to consolidate the cloud vps Prometheus instance to current prometheus hosts which needs a different solution.