Closed ebuildy closed 8 months ago
Metadata API is often forbidden as this could be used to access VM identities. aad-pod-identity service used a iptables redirection and a proxy to filter it but still can be dangerous to open this endpoint for services.
not sure if there would be a better way to get some kind of auto configuration. some people are scraping multiple locations/subscriptions with one service.
defining defaults via env vars would be an option.
Metadata API is often forbidden as this could be used to access VM identities
Hoo didnt know about it, we use it a lot to get pod identity ^^
Thanks you
Running azure-metrics exporter in a kubernetes pod, in a AKS cluster.
The exporter should find
location
environment
subscriptionId
parameters automatically from metadata service ( http://169.254.169.254/metadata/instance?api-version=2021-02-01).As a workaround, I have added a nginx proxy sidecar in order to "inject" theses parameters, but will be much better if the exporter can do it.