It seems to me that these are two different directions – locking down the admin endpoints more vs. not locking down the health endpoints at all.
In what scenario would one want to have /-/healthy and /-/ready protected? /MR On Thu, Sep 23, 2021 at 6:11 PM Julien Pivotto <[email protected]> wrote: > On 23 Sep 07:57, 'Robin Wittler' via Prometheus Developers wrote: > > Hello, > > > > I want to start a discussion if Prometheus should have config options to > > disable security on the "/-/healthy" and "/-/ready" endpoints. > > > > Thanks to Amrit Pal Singh to bring this to the github issue list at > > first: https://github.com/prometheus/prometheus/issues/9166 > > > > Running Prometheus with enabled basic Auth on K8S actually requires some > > workarounds to be able to use the liveness and/or readiness checks. One > > would be the mentioned "httpHeaders" option - which requires to put > > somewhat plain credentials in the K8S definitions (which I really do not > > want). > > > > Currently I've disabled Basic Auth in Prometheus and use an nginx in > Front > > that takes care about Auth on all endpoints, except for /-/ready and > > /-/healthy. But I do not like this either. :) > > > > Julien Pivotto suggested to talk about this at the dev mailing list ... > so > > please add your thoughts about this. Thx. > > Yes, I'd like to discuss how we could work with other usecases: > > - Restricting prometheus admin endpoints to certain users. > - Restricting certain pushgateway users to certain path (to force them > to only post on their metrics). > > I feel like we could either decide we do not want those usecases or find > a solution that would fit them all. > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Prometheus Developers" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/fd2122fc-9aca-4b98-976a-6fa6e61c1eb3n%40googlegroups.com > . > > > -- > Julien Pivotto > @roidelapluie > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/20210923181118.GA86116%40hydrogen > . > -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_ga8Gw8BQ%3Df-kUHNMN4yZyWmP%3DXJD5md51ZuMaY8Kw7i7Q%40mail.gmail.com.
