You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a platform administrator, I want to allow Team A to access only the metrics and views for their own APIs/HTTPRoutes.
Enables secure App/API Developer dashboards and visualizations
Will likely be a component that encompasses/manages the kube-rbac-proxy and prom-label-proxy components. It would be configured with the location of metrics & permissions to read all metrics.
kube-rbac-proxy in front of Thanos Query to handle authentication and authorization
prom-label-proxy between kube-rbac-proxy and Thanos to enforce label-based access control
Add namespace labels to metrics emitted by shared components (Istio Gateway, Kuadrant) to identify the originating namespace.
In istio metrics, this would be the destination_service_namepsace label on istio_requests_total metric
Verify that we can expose a Prometheus data source that filters shared Istio metrics based on user permissions
The text was updated successfully, but these errors were encountered:
Use Case
As a platform administrator, I want to allow Team A to access only the metrics and views for their own APIs/HTTPRoutes.
Tools:
Approach:
prom-label-proxy between kube-rbac-proxy and Thanos to enforce label-based access control
The text was updated successfully, but these errors were encountered: