It seems to me that these are two different directions – locking down the
admin endpoints more vs. not locking down the health endpoints at all.

In what scenario would one want to have /-/healthy and /-/ready protected?

/MR


On Thu, Sep 23, 2021 at 6:11 PM Julien Pivotto <roidelapl...@prometheus.io>
wrote:

> On 23 Sep 07:57, 'Robin Wittler' via Prometheus Developers wrote:
> > Hello,
> >
> > I want to start a discussion if Prometheus should have config options to
> > disable security on the "/-/healthy" and "/-/ready" endpoints.
> >
> > Thanks to Amrit Pal Singh to bring this to the github issue list at
> > first: https://github.com/prometheus/prometheus/issues/9166
> >
> > Running Prometheus with enabled basic Auth on K8S actually requires some
> > workarounds to be able to use the liveness and/or readiness checks. One
> > would be the mentioned "httpHeaders" option - which requires to put
> > somewhat plain credentials in the K8S definitions (which I really do not
> > want).
> >
> > Currently I've disabled Basic Auth in Prometheus and use an nginx in
> Front
> > that takes care about Auth on all endpoints, except for /-/ready and
> > /-/healthy. But I do not like this either. :)
> >
> > Julien Pivotto suggested to talk about this at the dev mailing list ...
> so
> > please add your thoughts about this. Thx.
>
> Yes, I'd like to discuss how we could work with other usecases:
>
> - Restricting prometheus admin endpoints to certain users.
> - Restricting certain pushgateway users to certain path (to force them
>   to only post on their metrics).
>
> I feel like we could either decide we do not want those usecases or find
> a solution that would fit them all.
>
>
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Prometheus Developers" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to prometheus-developers+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/prometheus-developers/fd2122fc-9aca-4b98-976a-6fa6e61c1eb3n%40googlegroups.com
> .
>
>
> --
> Julien Pivotto
> @roidelapluie
>
> --
> You received this message because you are subscribed to the Google Groups
> "Prometheus Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to prometheus-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/prometheus-developers/20210923181118.GA86116%40hydrogen
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_ga8Gw8BQ%3Df-kUHNMN4yZyWmP%3DXJD5md51ZuMaY8Kw7i7Q%40mail.gmail.com.

Reply via email to