Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use podMonitor instead of serviceMonitor to prevent monitoring data leakage #108

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

paulfantom
Copy link

@paulfantom paulfantom commented Jun 22, 2023

This PR is a different (IMHO proper) fix to issue raised in #107. By using PodMonitor instead of ServiceMonitor we can simplify and fix a few things:

  1. Using SVC of type LB won't accidentally expoe /metrics endpoint outside of kubernetes.
  2. .Values.metrics.port is no longer needed as PodMonitor attaches to Pod instead of SVC.
  3. SVC object template is a bit less complicated.

The downside is that this is a breaking change. Alternative approach which is not breaking, but also not fixes all those issues is in

@paulfantom paulfantom changed the title podMonitor instead of serviceMonitor to prevent monitoring data leakage Use podMonitor instead of serviceMonitor to prevent monitoring data leakage Jun 22, 2023
@lucasfcnunes
Copy link

Why not split the service?

  1. *-docker-registry -> 5000 (http) (Now, can turn set type to LB)
  2. *-docker-registry-metrics -> 5001 (http-metrics)

@paulfantom
Copy link
Author

Why not split the service?

At that point, why add another Service?

@lucasfcnunes
Copy link

At that point, why add another Service?

  1. "(...) to prevent monitoring data leakage"
  2. TargetDown Alert (https://runbooks.prometheus-operator.dev/runbooks/general/targetdown/)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants