Security in Prometheus exporter #2400
Assignees
Labels
area:sdk
Related to the SDK
help wanted
Extra attention is needed
spec:metrics
Related to the specification/metrics directory
triage:deciding:community-feedback
Comments
reyang
added
area:sdk
|
Under which version is this feature released?... |
|
@sandeepsharat it is no released. This is a feature request |
mtwo
added
triage:deciding:community-feedback
and removed
release:allowed-for-ga
|
Chiming in during triage - this seems very useful. Tagging @open-telemetry/wg-prometheus for their comments. |
|
This is a good idea, but might only apply to auto-instrumentation. From looking at manual instrumentation in a few languages, it looks like most allow you to either replace the HTTP handler, serve the endpoint using the prometheus client library, or require you to serve the http endpoint yourself. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What are you trying to achieve?
In the current spec for the Prometheus exporter https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/prometheus.md, it doesn't mention anything about securing the metrics endpoint.
When using the automatic instrumentation opentelemetry-javaagent.jar and the Prometheus exporter is enabled, the metrics endpoint (e.g. http://localhost:9464/) is not protected.
What did you expect to see?
There should be an option to use https and have the metrics endpoint protected by
Additional context.
Add any other context about the problem here. If you followed an existing documentation, please share the link to it.
The text was updated successfully, but these errors were encountered: