linkerd2
linkerd2 copied to clipboard
Add prometheus authentication (#7038)
Signed-off-by: Alexey Boyko [email protected]
Problem
Described in #7038
Solution
Added basic and bearer auth by using possibility to create prometheus client RoundTripper(example from official repo)
Validation
For bearer token:
Used kube-rbac-proxy
For basic auth:
Used official prometheus web-config feature
Fixes #7038
Hi @ketchoop! As discussed in #7038, I think we'd want these credentials to be loaded from a secret rather than being publicly visible.
@adleong Hi! What if I do that by using valueFrom kubernetes' feature and make this work by changing the chart?
Does it seem to be the right and secure way for you?
Yes, that sounds right to me.
Hi @ketchoop! I converted the PR to a draft. It sounds like the shape of the solution is going to have to change to read the credentials from a secret. Are you still willing to work on this? If yes, then feel free to mark the PR as ready to review after you've made the changes. Thanks for all of the work you've done on this thus far.
Seems this has gotten stale, so closing for now. Please reopen a new PR if you're still interested in moving this forward.