linkerd2 icon indicating copy to clipboard operation
linkerd2 copied to clipboard

Published 20 hours ago verified publisher icon linkerd

Add prometheus authentication (#7038)

Open ketchoop opened this issue 5 months ago • 3 comments

Signed-off-by: Alexey Boyko [email protected]

Problem

Described in #7038

Solution

Added basic and bearer auth by using possibility to create prometheus client RoundTripper(example from official repo)

Validation

For bearer token:

Used kube-rbac-proxy

For basic auth:

Used official prometheus web-config feature

Fixes #7038

ketchoop avatar Feb 03 '24 17:02 ketchoop

Hi @ketchoop! As discussed in #7038, I think we'd want these credentials to be loaded from a secret rather than being publicly visible.

adleong avatar Feb 05 '24 20:02 adleong

@adleong Hi! What if I do that by using valueFrom kubernetes' feature and make this work by changing the chart?

Does it seem to be the right and secure way for you?

ketchoop avatar Feb 05 '24 20:02 ketchoop

Yes, that sounds right to me.

adleong avatar Feb 06 '24 19:02 adleong

Hi @ketchoop! I converted the PR to a draft. It sounds like the shape of the solution is going to have to change to read the credentials from a secret. Are you still willing to work on this? If yes, then feel free to mark the PR as ready to review after you've made the changes. Thanks for all of the work you've done on this thus far.

mateiidavid avatar Mar 08 '24 14:03 mateiidavid

Seems this has gotten stale, so closing for now. Please reopen a new PR if you're still interested in moving this forward.

alpeb avatar Apr 25 '24 09:04 alpeb