Document how to provide certs for proxied /metrics endpoints

prometheus-operator / kube-prometheus

Use Prometheus to monitor Kubernetes and applications running on Kubernetes

https://prometheus-operator.dev/

Apache License 2.0

6.75k stars 1.93k forks source link

Document how to provide certs for proxied /metrics endpoints #469

Open paulfantom opened 4 years ago

paulfantom commented 4 years ago

What is missing? In cases where kube-prometheus adds kube-rbac-proxy in front of /metrics endpoints we set not to verify TLS certs. There should be a documented way on how to set insecureSkipVerify: true and provide certs.

Why do we need it? To provide a better way to secure cluster.

Environment

kube-prometheus version: latest

Anything else we need to know?: Initial discussion: https://github.com/coreos/kube-prometheus/pull/453#discussion_r394857132

paulfantom commented 3 years ago

A part of https://github.com/prometheus-operator/kube-prometheus/issues/179

brancz commented 3 years ago

Been wanting to do this with a cert-manager setup for years, but never got around to it, would be really awesome if someone took the time for this!