The Prometheus Server HTTP serving endpoints currently do not support TLS. This means that access to the scraped and stored metrics via the endpoints can be gained by any user/application with access to the endpoints etc.
As per the August 2018 Prometheus Roadmap update, TLS and Authentication in HTTP serving endpoints is stated to be implemented in the near future and I feel like there is quite the appetite for it within the community.
Would these items (TLS/Auth related) be closed-doors developed by Prometheus, or is this open for contributions?
In addition, judging from the previous post on user forum (link above), there may be some further thought required into where in the Prometheus project these items would get implemented (suggestions in: client_golang or Prometheus/common).
Thanks, Russ
Moved to developer mailing list (here) following on from [https://groups.google.com/forum/#!topic/prometheus-users/3HMIv3O8ovI]
The Prometheus Server HTTP serving endpoints currently do not support TLS. This means that access to the scraped and stored metrics via the endpoints can be gained by any user/application with access to the endpoints etc.
As per the August 2018 Prometheus Roadmap update, TLS and Authentication in HTTP serving endpoints is stated to be implemented in the near future and I feel like there is quite the appetite for it within the community.
Would these items (TLS/Auth related) be closed-doors developed by Prometheus, or is this open for contributions?
In addition, judging from the previous post on user forum (link above), there may be some further thought required into where in the Prometheus project these items would get implemented (suggestions in: client_golang or Prometheus/common).
Thanks, Russ
--
You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
To post to this group, send email to prometheus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/c1b70f63-d0dc-4067-a0bc-257cc1f67b81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ah excellent good to hear :)
Have just been looking over the 2018 Dev Summit notes to try source some more requirements for this. Just to confirm for scrape security, going with TLS 1.2 for now?
And just to confirm, for Auth, going with: HTTP Basic Auth (TLS optional for BA) and then later on Client-authenticated TLS handshake (client certs)
and finally, cure53 are to review any implementations?
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/19be6436-fe77-4e33-8608-b3fe0e464e83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.