-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add authorization for metrics endpoint #2073
Comments
cc @alvaroaleman @joelanford @vincepri What do you think about it? cc @fabriziopandini @killianmuldoon (given our recent discussions about metrics in Cluster API) |
@sbueringer in general doing that seems ok to me but I also do not have a super precise picture of how much complexity this actually entails. From a cursory look at kube-rbac-proxy, most of the logic here can be imported from upstream? |
Probably. I'll try to get back to this as soon as I have time and implement a prototype or something so we have more data to decide this. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
/assign |
It would be great if controller-runtime would be able to authorize requests to the /metrics endpoint.
Some background information:
get
, nonResourceURLs:/metrics
) (docs).It would be great to have this capability built into controller-runtime as it would make it possible to have this functionality without a dependency to an additional project and a sidecar container.
Is there interest in the controller-runtime community to support the nonResourceURL-based authorization (like core Kubernetes components)?
Notes:
The text was updated successfully, but these errors were encountered: