Simon Pasquier
Simon Pasquier
I'm on the fence regarding the API: I wonder if the operator should be in charge of producing the brypt hashes or if it should pass the secret data as-is...
After more thinking, I realize that the simplest API might be for the user to provide a secret containing all the credentials where the username would be the key and...
> when i try to set a correct config of `thanos sidecar` to make sidecar can access to prometheus server normally, i find out that the sidecar currently set `--prometheus.http-client`...
For the config reloader, the idea should be to add CLI arguments to pass the basic-auth user/password in https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go and use something like https://pkg.go.dev/k8s.io/[email protected]/transport#NewBasicAuthRoundTripper to inject the header in the...
There's already an identity for the "pod user" which is the service account (SA) name. To make things simple, we could require that the secret contains a key equal to...
Right, we need both the hashed password and the password in clear text. Something like this? ```yaml spec: web: basicAuthUsers: secretName: web-users # secret serviceAccountPassword: name: credentials key: prometheus-web-password ````
> I finally used this desgin, coz it's more clearly for user to setup the podCredentials which is used for pod health check. and if we use the ServiceAccount as...
I would simplify the struct a bit: ```yaml apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: name: example spec: serviceAccountName: prometheus web: basicAuthUsers: secretName: web-users podCredentials: key: password name: example-webconfig ```` Indeed the...
> But there is a unwanted thing happend: the username:password will be bcrypted by operator automatically, and when the secret created (merged with web-user secret), it will cause trigger another...
> User need to createe a `Secret` to store all basic-auth-users info, included the name from `ServiceAccount` (in this example is `prometheus`), and create a `Secret` to store the password...