On 26 Oct 11:43, Matthias Rampke wrote: > It seems to me that these are two different directions – locking down the > admin endpoints more vs. not locking down the health endpoints at all. > > In what scenario would one want to have /-/healthy and /-/ready protected? > > /MR
When do not use it and do not want to disclose the app behind it. > > > On Thu, Sep 23, 2021 at 6:11 PM Julien Pivotto <[email protected]> > wrote: > > > On 23 Sep 07:57, 'Robin Wittler' via Prometheus Developers wrote: > > > Hello, > > > > > > I want to start a discussion if Prometheus should have config options to > > > disable security on the "/-/healthy" and "/-/ready" endpoints. > > > > > > Thanks to Amrit Pal Singh to bring this to the github issue list at > > > first: https://github.com/prometheus/prometheus/issues/9166 > > > > > > Running Prometheus with enabled basic Auth on K8S actually requires some > > > workarounds to be able to use the liveness and/or readiness checks. One > > > would be the mentioned "httpHeaders" option - which requires to put > > > somewhat plain credentials in the K8S definitions (which I really do not > > > want). > > > > > > Currently I've disabled Basic Auth in Prometheus and use an nginx in > > Front > > > that takes care about Auth on all endpoints, except for /-/ready and > > > /-/healthy. But I do not like this either. :) > > > > > > Julien Pivotto suggested to talk about this at the dev mailing list ... > > so > > > please add your thoughts about this. Thx. > > > > Yes, I'd like to discuss how we could work with other usecases: > > > > - Restricting prometheus admin endpoints to certain users. > > - Restricting certain pushgateway users to certain path (to force them > > to only post on their metrics). > > > > I feel like we could either decide we do not want those usecases or find > > a solution that would fit them all. > > > > > > > > > > -- > > > You received this message because you are subscribed to the Google > > Groups "Prometheus Developers" group. > > > To unsubscribe from this group and stop receiving emails from it, send > > an email to [email protected]. > > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/prometheus-developers/fd2122fc-9aca-4b98-976a-6fa6e61c1eb3n%40googlegroups.com > > . > > > > > > -- > > Julien Pivotto > > @roidelapluie > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Prometheus Developers" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/prometheus-developers/20210923181118.GA86116%40hydrogen > > . > > > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_ga8Gw8BQ%3Df-kUHNMN4yZyWmP%3DXJD5md51ZuMaY8Kw7i7Q%40mail.gmail.com. -- Julien Pivotto @roidelapluie -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/20211026114537.GA652427%40hydrogen.
