Giters

prometheus-community / helm-charts

Prometheus community Helm charts

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[kube-prometheus-stack] Unable to set basic auth using secret for prometheus UI

dineshsaathe opened this issue · comments

commented

Describe the bug a clear and concise description of what the bug is.

I'm trying to set up basic authentication for the Prometheus UI using an existing secret named "prometheus-monitoring-kube-prometheus-prometheus-web-config" that's mounted in the Prometheus pod. However, I haven't found any documentation on how to achieve this directly.

`apiVersion: v1
data:
  web-config.yaml: ""
kind: Secret
metadata:
  creationTimestamp: "2023-10-25T14:18:32Z"
  labels:
    managed-by: prometheus-operator
  name: prometheus-monitoring-kube-prometheus-prometheus-web-config
  namespace: monitoring
  ownerReferences:
  - apiVersion: monitoring.coreos.com/v1
    blockOwnerDeletion: true
    controller: true
    kind: Prometheus
    name: monitoring-kube-prometheus-prometheus
    uid: a4c68185-ae51-45-29109c40cabd
  resourceVersion: "48339"
  uid: 65fd7020-108e-4d1-8ab250c7e4d3
type: Opaque`

What's your helm version?

version.BuildInfo{Version:"v3.14.2", GitCommit:"c309b6f0ff63856811846ce18f3bdc93d2b4d54b", GitTreeState:"clean", GoVersion:"go1.21.7"}

What's your kubectl version?

Client Version: v1.29.3 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.27.13-gke.1070002 WARNING: version difference between client (1.29) and server (1.27) exceeds the supported minor version skew of +/-1

Which chart?

kube-prometheus-stack

What's the chart version?

56.9.0

What happened?

No response

What you expected to happen?

No response

How to reproduce it?

No response

Enter the changed values of values.yaml?

No response

Enter the command that you execute and failing/misfunctioning.

terraform apply

Anything else we need to know?

No response

commented

However, I haven't found any documentation on how to achieve this directly.

Prometheus operator currently does not support basic authentication through a (custom) web config file as yet and the prometheus CR's field prometheus.spec.web does not support basicAuth [Ref.].

Having created a secret with a web config and entered it in prometheus.spec.secrets, one might think that overriding the prometheus' flag web.config.file would work by means of prometheus.spec.additionalArgs. Sadly, this does not work as the flag cannot be overriden being managed by the operator:

In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.

For the moment, configuring basic auth in an ingress (if supported by the ingress controller at hand) or adding a proxy sidecar in the pod may be the way forward.