Proxy application metrics through envoy #3457
Assignees
Labels
area/kuma-dp
kind/design
Design doc or related
kind/feature
New feature
triage/accepted
The issue was reviewed and is complete enough to start working on it
Comments
lahabana
added
triage/pending
|
This is tricky to setup on a per service base as currently TrafficMetrics are only part of the Mesh configuration. |
lahabana
added
triage/accepted
github-actions
bot
added
the
triage/stale
|
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. |
lahabana
removed
the
triage/stale
github-actions
bot
added
the
triage/stale
|
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. |
This was referenced Apr 4, 2022
lahabana
removed
the
triage/stale
7 tasks
7 tasks
github-actions
bot
added
the
triage/stale
|
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. |
lahabana
removed
the
triage/stale
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently the application metrics are exposed as a regular service.
This is tricky if you want prometheus metrics scrape to not use mTLS.
See doc: https://kuma.io/docs/1.4.0/policies/traffic-metrics/#expose-metrics-from-applications
What could be done is for envoy to proxy metrics from the application as a service similar to the prometheus one.
This way we could easily use kuma-sd to also expose application metrics and not risk customers to accidentally expose more than necessary.
Once this is done it will probably make sense to disable mTLS on the listener exposing metrics by default (most of the time prometheus scrape is in plaintext).
It's currently unclear how this should be setup and requires some designing.
The text was updated successfully, but these errors were encountered: