Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Secure the scraping of Envoys by Prometheus #1167

Closed
15 tasks
aanandr opened this issue Jul 21, 2020 · 2 comments
Closed
15 tasks

Secure the scraping of Envoys by Prometheus #1167

aanandr opened this issue Jul 21, 2020 · 2 comments
Labels
area/metrics Metrics related

Comments

@aanandr
Copy link
Contributor

aanandr commented Jul 21, 2020

Please describe the Improvement and/or Feature Request
There are two ways to use Prometheus to scrape metrics today

  1. Using Prometheus instance that is already present in the customer's cluster
  2. Customer deploys Prometheus just for the mesh

In both these cases communication between Prometheus and the Envoys is clear text. The purpose of this improvement request is to explore options to secure this communication.

Scope

  • New Functionality
  • Install
  • SMI Traffic Access Policy
  • SMI Traffic Specs Policy
  • SMI Traffic Split Policy
  • Permissive Traffic Policy
  • Ingress
  • Egress
  • Envoy Control Plane
  • CLI Tool
  • [x ] Metrics
  • Certificate Management
  • Sidecar Injection
  • Logging
  • Debugging
  • CI System

Possible use cases
@shashankram
Copy link
Member

/cc @snehachhabria, @eduser25

@SanyaKochhar SanyaKochhar added the area/metrics Metrics related label Sep 15, 2020
@draychev draychev mentioned this issue Jan 26, 2021
Closed
@draychev
Copy link
Contributor

We researched this, experimented with it, and determined that it is not something we are going to pursue.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/metrics Metrics related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shashankram @aanandr @SanyaKochhar @draychev