Open BigBallard opened 2 years ago
danielc103
commented
2 years ago There is a section on the README that has a brief explanation here
Is does not look to be available in the most recent release so you will need to build the .jar from main branch. You will also need a way to modify the headers on a proxy.
Another way would be to restrict access to the paths with a proxy returning a 403.
hberrayana
commented
1 year ago What I have done is to expect a query parameter called token and compared that to a value that is set in ENV. That was better than assuming that we are running behind a proxy.
private static final String METRICS_SECURITY_TOKEN = System.getenv("METRIC_SECURITY_TOKEN");
public Response get(@Context HttpHeaders headers, @Context UriInfo info) {
String token = info.getQueryParameters().getFirst("token");
if (DISABLE_EXTERNAL_ACCESS ) {
if(token == null || !token.equals(METRICS_SECURITY_TOKEN)){
return Response.status(Status.FORBIDDEN).build(); //(stream).build();
}
}
}Now in prometheus you scrape the metrics by adding a query parameter called token
metrics_path: '/auth/realms/employees/metrics'
params:
token: ['qbd8723230h923-23f238f']
We recently got the metrics SPI up and running with our development server. Immediately we were worried because there seems to be no way to secure the metrics endpoint from public access, or at least that we can find.
Is there a way to specify the port to expose the metrics from or at least some mechanism?