Grafana and prometheus are accessible over http
Bug #1720146 reported by
Spyros Trigazis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Magnum |
New
|
Undecided
|
Unassigned |
Bug Description
Make grafana and prometheus accessible only with kubectl proxy for enhanced security.
Right now, grafana is accessible with admin/<some password> over http which is very insecure.
We could use certificates which is an overkill to manage.
To post a comment you must log in.
We need to:
* make prometheus accessible only inside the cluster or with kubectl proxy
* make grafana accessible only inside the cluster or with kubectl proxy
* make node-exporter accessible only inside the cluster or with kubectl proxy
* we need to protect cadvisor