Question: Timeseries level access control

[Babak Ghadiri]

Hi.

We want to limit our grafana users to see and access to specific timeseries (some metric_name + some key/value labels).

for example user X must view/read timeseries with {username:"X"} timeseries in grafana. In other words we want to give grafana+prometheus as a service to users but we don't want to deploy separate instances for every user.

Is there any multi-tenant solution in prometheus+grafana? like reverse-proxy for enforcing this rules. I found that Cortex project describes himself as multi-tenant prometheus as a service but i don't know if it can handle our use-case and i am looking for another simpler way (maintenance and deployment wise) if exists.

thanks

[Brian Brazil]

You should look at something like https://github.com/openshift/prom-label-proxy

--

Brian Brazil

www.robustperception.io