Grafana and prometheus are accessible over http
Bug #1720146 reported by
Spyros Trigazis
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Magnum |
New
|
Undecided
|
Unassigned | ||
Bug Description
Make grafana and prometheus accessible only with kubectl proxy for enhanced security.
Right now, grafana is accessible with admin/<some password> over http which is very insecure.
We could use certificates which is an overkill to manage.
Revision history for this message
| Spyros Trigazis (strigazi) wrote | #1 |
To post a comment you must log in.
We need to:
* make prometheus accessible only inside the cluster or with kubectl proxy
* make grafana accessible only inside the cluster or with kubectl proxy
* make node-exporter accessible only inside the cluster or with kubectl proxy
* we need to protect cadvisor