prometheus
Update and clarify Security Model page
https://prometheus.io/docs/operating/security/#security-model is somewhat out of date WRT TLS and basic auth support.
I also think that the assumptions about how to handle /metrics endpoints should be clarified. It is by design that metrics are exposed, and that needs to pay attention about who has access to those endpoints and what information and DoS potential is exposed. Issues like https://github.com/prometheus/prometheus/issues/11290 create the impression that this exposure is surprising or a security flaw. See also https://kccnceu2022.sched.com/event/ytmB/how-attackers-use-exposed-prometheus-server-to-exploit-kubernetes-clusters-david-de-torres-huerta-miguel-hernandez-sysdig , which is less naive than the report above but also creates the impression that the design is flawed and that a "secure by default" setup is the expectation.
The Security Model page should not only make it very clear, even for a naive reader, that the /metrics endpoint of monitored targets and the query endpoints for the Prometheus server must not be accessible to the public internet in general, but it should also explain why this setup is a deliberate decision and a "secure by default" setup wouldn't really work.
We discussed this again at the dev summit today. An important outcome was that we have confirmed that we do not aim for a "secure by default" setup, not only because it is contrary to the operational model of Prometheus, but also because it would raise a claim that we cannot ever fulfill. It's therefore even more important to dispel any "secure by default" expectation.
As discussed, @jan--f volunteered as the assignee for this issue, but more to coordinate the effort, not so much to do all the work on his own. Any help is welcome.