Closed feiniao0308 closed 4 years ago
Thanks for your interest.
Given that Prometheus has no auth, exposing it to the internet directly sounds like a bad idea.
You should be using Ingress so that you can also obtain a TLS certificate.
If you really want to view Prometheus, people usually use kubectl port-forward or Grafana.
Closing as this issue as it encourages unsafe practices.
Alex
@alexellis I think the user will take the risk to expose the URL. Here's the scenario why user need to access the prometheus URL. Some users may have another global Grafana not in same cluster with prometheus, or user may need to pull the prometheus metrics and use other monitoring tools(such as Wavefront) to monitor the health of openfaas.
OpenFaaS should provide flexible configuration for end user. I can see most helm charts has provided service as configurable.
@alexellis can we support it?
Just to reiterate what I said, because it doesn't seem to be clear: exposing Prometheus as a LoadBalancer on the Internet is insecure, I don't want to enable that use-case.
You can very easily add an Ingress definition and secure the endpoint, adding TLS and basic-auth using nginx-ingress
.
Alternatively, you can use kubectl port-forward svc/prometheus -n openfaas 9090:9090
.
If you need technical support with Kubernetes, try the Kubernetes Slack, it's a friendly community. https://slack.k8s.io
Expose prometheus service type to values.yaml
Expected Behaviour
User should be able to specify the service type of prometheus to LoadBalancer, so that all users can access the metrics via LoadBalancer http url
Current Behaviour
It's hardcode to ClusterIP
Possible Solution
Extract the service type to values.yaml
Steps to Reproduce (for bugs)
Context
Your Environment
FaaS-CLI version ( Full output from:
faas-cli version
): CLI: commit: 750add9e2a6d1d1f1bfb788a6a85341b4b4140e8 version: 0.8.22Docker version
docker version
(e.g. Docker 17.0.05 ): Engine: Version: 19.03.8 API version: 1.40 (minimum version 1.12) Go version: go1.12.17 Git commit: afacb8b Built: Wed Mar 11 01:29:16 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.2.13 GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc: Version: 1.0.0-rc10 GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd docker-init: Version: 0.18.0 GitCommit: fec3683What version and distriubtion of Kubernetes are you using?
kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.3", GitCommit:"5e53fd6bc17c0dec8434817e69b04a25d8ae0ff0", GitTreeState:"clean", BuildDate:"2019-06-06T01:44:30Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"darwin/amd64"}Operating System and version (e.g. Linux, Windows, MacOS): MacOS
Link to your project or a code example to reproduce issue:
What network driver are you using and what CIDR? i.e. Weave net / Flannel