sassoftware / viya4-monitoring-kubernetes

Provides simple scripts and customization options to deploy monitoring, alerts, and log aggregation for Viya 4 running on Kubernetes
Apache License 2.0
56 stars 32 forks source link

authentication for prometheus and alertManager #221

Open seanankenbruck opened 3 years ago

seanankenbruck commented 3 years ago

I've recently deployed the monitoring dashboards and components in AWS using the example files available in samples/ingress. The Grafana dashboard includes an authentication layer by default, but Prometheus and alertManager are not protected by any sort of authentication. Is there a way to configure authentication with the Prometheus and alertManager applications? If not, what do you recommend doing to ensure that these applications are not available to unauthenticated users.

For this deployment, we are using the same URL as the Viya applications themselves and it would be great if there was a way to leverage SASLogon so users could login using their SAS credentials to use the monitoring tools.

BryanEllington commented 3 years ago

Hi there,

Updating our samples with more guidance on authentication is in our backlog. It's a bit too much to fully explain here, but what's needed is either to enable HTTP basic authentication in Prometheus or (more robustly) a sidecar authentication proxy container. We do this on OpenShift using their proxy (here).

It's fairly common to add an authentication sidecar proxy, so I'm sure a Google search can get you started. Making this easier either through enhancing our samples and documentation or even direct script support is under consideration, but we don't have a committed date yet.

I hope that helps, even if it isn't a simple flag you could set quite yet.