Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decouple the metrics endpoint from debug #4085

Closed
ialidzhikov opened this issue Sep 29, 2023 · 2 comments
Closed

Decouple the metrics endpoint from debug #4085

ialidzhikov opened this issue Sep 29, 2023 · 2 comments

Comments

@ialidzhikov
Copy link
Contributor

ialidzhikov commented Sep 29, 2023
edited

Similar to #4084.

There is a /debug/metrics endpoint that gets available when the debug.addr is specified and debug.prometheus.enabled is enabled (ref https://docs.docker.com/registry/configuration/#prometheus).
Note that the docs suggest not enabling this in production env:

Sensitive information may be available via the debug endpoint. Please be certain that access to the debug endpoint is locked down in a production environment.

Having in mind the above, how is it supposed to collect metrics in production environments? The docs state that the debug feature has to be disabled in production environments. On the other side, it is a cloud native and observability principle to collect metrics in all environments.
I rather thing that the metrics endpoint has to be decoupled from debug and it needs to have its own configurable port and its own configuration option whether it is enabled or not.
@milosgajdos
Copy link
Member

milosgajdos commented Sep 30, 2023
edited

Note that the docs suggest not enabling this in the production env

No, the docs are suggesting to lock it down i.e. do not leave it open to public -- you know people on the internet can be kinda mean.

That doesnt mean that you can't keep this API endpoint private and scrape prometheus metrics as you do in our other applications

ialidzhikov added a commit to ialidzhikov/distribution that referenced this issue Oct 2, 2023
@ialidzhikov
Add few more sentences for the debug endpoint
dc404d0 
Initially I misunderstood that the debug endpoint has to be disabled in production environments. That's why I created distribution#4084 and distribution#4085.
But it turns out that the docs want to state the the debug endpoint should not be exposed publicly to the internet.
ialidzhikov added a commit to ialidzhikov/distribution that referenced this issue Oct 2, 2023
@ialidzhikov
Add few more sentences for the debug endpoint
b22f192 
Initially I misunderstood that the debug endpoint has to be disabled in production environments. That's why I created distribution#4084 and distribution#4085.
But it turns out that the docs want to state the the debug endpoint should not be exposed publicly to the internet.
@ialidzhikov ialidzhikov mentioned this issue Oct 2, 2023
Merged
@ialidzhikov
Copy link
Contributor Author

Thanks! It seems that we misunderstood the docs. I created #4089 to clarify further the docs.

ialidzhikov added a commit to ialidzhikov/distribution that referenced this issue Oct 2, 2023
@ialidzhikov
Add few more sentences for the debug endpoint
993af6f 
Initially I misunderstood that the debug endpoint has to be disabled in production environments. That's why I created distribution#4084 and distribution#4085.
But it turns out that the docs want to state the the debug endpoint should not be exposed publicly to the internet.

Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
@ialidzhikov ialidzhikov mentioned this issue Oct 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@milosgajdos @ialidzhikov