csquire commented on issue #2801: Prometheus integration: requiring allowed ips is too restrictive URL: https://github.com/apache/cloudstack/issues/2801#issuecomment-413656164 Hi @rhtyd, thanks for your response. I understand it is by design, but there are good alternatives that don't require upkeep of a whitelist of ips. Prometheus itself does not secure the metrics, any metrics in the Prometheus database can be queried without authentication. Prometheus scrape configs also support authentication methods such as basic auth or bearer tokens which could also be used to secure the Cloudstack metrics endpoint as an alternative to ip whitelisting. Maybe a better solution than what I proposed above is support in Cloudstack for one of those auth mechanisms.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
