feat(service-monitor): support bearer token authentication on metrics endpoint #637
No reviewers
Labels
No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-chart#637
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "hiteshnayak305/helm-chart:main"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description of the change
Benefits
Can protect metrics endpoint when monitoring using ServiceMonitor of prometheus-operator.
Possible drawbacks
No possible drawbacks
Applicable issues
Additional information
Using above configuration will not give 401 authentication after changes.
⚠ BREAKING
No breaking changes
Checklist
Parameters are documented in thevalues.yaml
and added to theREADME.md
using readme-generator-for-helmBreaking changes are documented in theREADME.md
Signed-off-by: Hitesh Nayak hiteshnayak305@gmail.com
@hiteshnayak305 You checked the "unittests are added" checkbox in the checklist. I cannot find them. Please add meaningful ones. Think of edge cases, if any.
Unittests are required to get this PR merged. 🙂
👍 will try this weekend
In current configuration
ServiceMonitor
is created even ifgitea.metrics.enabled = false
andgitea.metrics.serviceMonitor.enabled = true
. It will be in Prometheus targets but failing with 404. Is it alright ?@hiteshnayak305
Good catch. I guess that's a tricky one to fix, if possible right now. You can configure the metrics settings for app.ini within configmaps or secrets that are read when a release is already applied to the cluster. At that point you already had to make the decision to render the servicemonitor or not to render it.
I think the current situation is ok. If an admin intend to monitor Gitea, this will be noticed shortly after applying the release. 🙂
Maybe worth adding a note into the README?
@ -727,1 +728,4 @@
### Secure Metrics Endpoint
Metrics endpoint `/metrics` can be secured using `Bearer` token authentication. Providing non-empty `TOKEN` value will also add authentication parameters to `ServiceMonitor`.
Metrics endpoint
/metrics
can be secured by usingBearer
token authentication.Note: Providing a non-empty
TOKEN
value will also require authentication forServiceMonitor
.Checkout
From your project repository, check out a new branch and test the changes.