kubernetes-app icon indicating copy to clipboard operation
kubernetes-app copied to clipboard

Published 20 hours ago verified publisher icon grafana

App should support token auth

Open iMartyn opened this issue 6 years ago • 10 comments

It would be so much simpler to install if the app were to use token auth not just private key auth because then people could create service accounts and use the app with a proper RBAC setup.

As it stands, the way you create TLS certs you have to use openssl and have access to the CA private key, at least with token you can use kubectl.

iMartyn avatar May 23 '18 14:05 iMartyn

I'm not entirely sure, but a combination of the anonymous users change in 1.6 and the lack of access, afaik, to the root CA private key in GKE means this app is currently not usable out of the box in Google Kubernetes Engine since I can't generate a x509 cert there. I think I either have to grant more permissions to the system:anonymous user or make a proxy that uses tokens to use this app as-is.

aguilarm avatar May 29 '18 19:05 aguilarm

Same issue here. Adding a proxy in K8S that puts the token in the header was our workaround.

chicagozer avatar Jun 19 '18 03:06 chicagozer

I agree using a ServiceAccount would be much more sensible, but I'm also not sure why this app even needs cluster access for a manual install? All metrics are available in Prometheus and that is fully accessible as a data source.

jazoom avatar Sep 05 '18 06:09 jazoom

As I understand it, the app uses cluster access so you can have faster updates on the dropdowns than your scrape time. But the point is rather moot as this project is abandoned so I would recommend the prometheus-operator's kube-prometheus grafana stuff.

iMartyn avatar Sep 05 '18 07:09 iMartyn

Ah. I guess I did the right thing in creating my own dashboard after all. There are some pretty good ones in the community to use as a starting point.

This one is pretty nice: https://grafana.com/dashboards/7824

jazoom avatar Sep 05 '18 09:09 jazoom

Amazons EKS also does not let you have the TLS certs. Token auth would be very nice.

tehlers320 avatar Sep 26 '18 19:09 tehlers320

Same issue here. Adding a proxy in K8S that puts the token in the header was our workaround.

Could you please share your workaround ?

Kuzbekov avatar Oct 28 '18 06:10 Kuzbekov

Any update about if adding support for Token auth is planned?

cjmateos avatar Jun 25 '19 08:06 cjmateos

@cjmateos this project is abandoned. Look to prometheus-operator's kube-prometheus dashboards :(

iMartyn avatar Jun 25 '19 09:06 iMartyn

@iMartyn Our team used prometheus-operator about 1.5 year. we think it's not a good idea for production envrionment. it's simple, but use a centerlized grafana is better than detached deploy method.

kubernetes-app seems better, it should not be abandoned, it should be an good option for different architecture.

9nix00 avatar Sep 06 '19 09:09 9nix00