-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to disable security on Prometheus health endpoints, /-/healthy and /-/ready #9166
Option to disable security on Prometheus health endpoints, /-/healthy and /-/ready #9166
Comments
This could be a generic functionality to disable authentication on certain endpoints. Will need an additional option in web-config.yml and corresponding check in users.go. Should this issue be moved to exporter toolkit repo? |
Thank you, I think we could maybe have an excludeEndpoint configuration option in the web.yml, but I feel like we should discuss this more broadly on the developers mailing list, because e.g. the pushgateway might want to go one step further and even have per-path authentication. |
Would be very helpful if I can disable security for certain endpoints like "/-/ready" or "/-/healthy" - specially when running under K8S. Is there already an ongoing discussion on the dev mail list? I was not able to find it ... |
Not yet. |
yes, I think it's necessary |
Is there an ETA yet? |
Hello from the bug scrub: this is still waiting for the dev summit discussion. |
Proposal
I am using Prometheus in kubernates, and recently enabled basic Auth with version 2.28. But it turn out Prometheus also enables security on health endpoints. Their is no way to safely provide credentials for liveness and readiness probe. Following works but not really the safest option. I think we should have a option to disable security on these endpoints.
The text was updated successfully, but these errors were encountered: