Add additional endpoint link on /targets that proxy the request through Prometheus
197 views
Skip to first unread message
Nils Lagerkvist
Jan 24, 2017, 7:07:11 AM1/24/17
to Prometheus Developers
In our network setup it is only Prometheus that can reach the /metrics endpoint. However, the endpoint links on /target is practical.
To alleviate this I would like to add a link where the request is proxied through Prometheus, and not as today were it's a direct link to the endpoint.
Before I make the change I would like to discuss the change.
Best regards, Nils
Brian Brazil
Jan 24, 2017, 1:10:16 PM1/24/17
to Nils Lagerkvist, Prometheus Developers
This would make Prometheus a limited proxy server for end users, which mean those with access to the Prometheus can now not just take out the Prometheus via DoS but potentially also the targets it is monitoring.
I don't think this fits with our current security model where only the config file determines the load on monitored services from Prometheus.
Brian Brazil
Nils Lagerkvist
Jan 24, 2017, 1:26:15 PM1/24/17
to Prometheus Developers, nils.la...@gmail.com
Hi
Thanks for the fast feedback.
The problem is that there are at the moment information in the scrape page that is not available, to my knowledge, in Prometheus; for instance comments. But maybe that is being worked on elsewhere.
Another alternative, which actually would be much better is to be able to display the information that Prometheus knows about the endpoint. But I'm not sure what information is saved in Prometheus.
Brian Brazil
Jan 24, 2017, 1:29:57 PM1/24/17
to Nils Lagerkvist, Prometheus Developers
On 24 January 2017 at 18:26, Nils Lagerkvist <nils.la...@gmail.com> wrote:
HiThanks for the fast feedback.The problem is that there are at the moment information in the scrape page that is not available, to my knowledge, in Prometheus; for instance comments. But maybe that is being worked on elsewhere.Another alternative, which actually would be much better is to be able to display the information that Prometheus knows about the endpoint. But I'm not sure what information is saved in Prometheus.
Everything that is known is either on the /targets page or in a scrape_ metric.
Brian
On Tuesday, 24 January 2017 19:10:16 UTC+1, Brian Brazil wrote:On 24 January 2017 at 12:07, Nils Lagerkvist <nils.la...@gmail.com> wrote:--In our network setup it is only Prometheus that can reach the /metrics endpoint. However, the endpoint links on /target is practical.To alleviate this I would like to add a link where the request is proxied through Prometheus, and not as today were it's a direct link to the endpoint.Before I make the change I would like to discuss the change.This would make Prometheus a limited proxy server for end users, which mean those with access to the Prometheus can now not just take out the Prometheus via DoS but potentially also the targets it is monitoring.I don't think this fits with our current security model where only the config file determines the load on monitored services from Prometheus.Brian Brazil
--
You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-developers+unsub...@googlegroups.com.
To post to this group, send email to prometheus-developers@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/420e7047-ac3d-423a-9ed1-c5d59018535e%40googlegroups.com.
Brian Brazil
Reply all
Reply to author
Forward
0 new messages