If your kernel requires you to run node_exporter as root, and you have no way of configuring policy to allow access to /proc and /sys, then I guess you don't really have any option.
I use exporter_exporter in front for TLS termination and certificate authentication, and it works fine. I believe node_exporter 1.3.x can do its own TLS and auth via --web.config, but exposing a root-running process directly doesn't sound like a great idea. On Thursday, 27 January 2022 at 21:14:02 UTC [email protected] wrote: > Hi > > I have a server with with node exporter . Currently node exporter use a > specific user but it can't access on /proc and /sys because i have a kernel > with grsecurity . I Can t use an other kernel for any reason. I want excute > node exporter on Root and expose metrics on 127.0.0.1:9100 with auth. And > use exporter_exporter as proxy on public IP with TLS and auth. > > IS there a risk of sécurity? > Have you an other Idea ? > > Thanks > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/e93f66f2-26b1-49be-ab20-e7cc0d6e52dfn%40googlegroups.com.
