lunny/helm-chart
1
0
Fork 0
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

feat(service-monitor): support bearer token authentication on metrics endpoint #719

Merged
hiteshnayak305 merged 5 commits from feat/secure-metrics-endpoint into main 2024-11-30 13:59:29 +00:00
Conversation 1 Commits 5 Files Changed 10 +253
hiteshnayak305 commented 2024-10-23 21:30:04 +00:00 (Migrated from gitea.com)
Copy Link

Benefits

Can protect metrics endpoint with Bearer token authentication provided by gitea.
see PR #637 for previous discussion.

Possible drawbacks

No possible drawbacks

Applicable issues

Additional information

gitea:
  metrics:
    enabled: true
    token: "somepassword"
    serviceMonitor:
      enabled: true

Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor.

Checklist

  • Parameters are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Breaking changes are documented in the README.md Not applicable
  • Templating unittests are added

Signed-off-by: Hitesh Nayak hiteshnayak305@gmail.com

### Benefits Can protect metrics endpoint with `Bearer` token authentication provided by gitea. see PR #637 for previous discussion. ### Possible drawbacks No possible drawbacks ### Applicable issues - fixes #635 ### Additional information ``` gitea: metrics: enabled: true token: "somepassword" serviceMonitor: enabled: true ``` Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable - [x] Templating unittests are added Signed-off-by: Hitesh Nayak <hiteshnayak305@gmail.com>
pat-s (Migrated from gitea.com) reviewed 2024-10-23 21:30:05 +00:00
justusbunsi (Migrated from gitea.com) reviewed 2024-11-10 15:49:21 +00:00
templates/_helpers.tpl
justusbunsi (Migrated from gitea.com) commented 2024-11-10 15:53:14 +00:00
Copy Link

The tests in unittests/config/metrics-section_metrics-token.yaml are missing following case which currently fails as the token is configured even when metrics.enabled=false:

  - it: does not configures a token if metrics are disabled
    template: templates/gitea/config.yaml
    set:
      gitea:
        metrics:
          enabled: false
          token: "somepassword"
    asserts:
      - documentIndex: 0
        equal:
          path: stringData.metrics
          value: |-
            ENABLED=false
The tests in `unittests/config/metrics-section_metrics-token.yaml` are missing following case which currently fails as the token is configured even when `metrics.enabled=false`: ```yaml - it: does not configures a token if metrics are disabled template: templates/gitea/config.yaml set: gitea: metrics: enabled: false token: "somepassword" asserts: - documentIndex: 0 equal: path: stringData.metrics value: |- ENABLED=false ```
templates/gitea/servicemonitor.yaml
justusbunsi (Migrated from gitea.com) commented 2024-11-10 15:49:21 +00:00
Copy Link

Shouldn't it be not optional if the token is configured within Gitea?

Shouldn't it be not `optional` if the token is configured within Gitea?
hiteshnayak305 commented 2024-11-30 12:14:27 +00:00 (Migrated from gitea.com)
Copy Link
  1. fixed and added missing test case
  2. made optional false as secret is always created if enabled and token provided
1. fixed and added missing test case 2. made optional false as secret is always created if enabled and token provided
👍 1
justusbunsi (Migrated from gitea.com) approved these changes 2024-11-30 13:58:17 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
pat-s
justusbunsi
Labels
Clear labels
has/backport
in progress
invalid
kind/breaking
kind/bug
kind/build
kind/dependency
kind/deployment
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/proposal
kind/question
kind/refactor
kind/security
kind/testing
kind/translation
kind/ui
need/backport
priority/critical
priority/low
priority/maybe
priority/medium
reviewed/duplicate
reviewed/invalid
reviewed/wontfix
skip-changelog
status/blocked
status/needs-feedback
status/needs-reviews
status/wip
upstream/gitea
upstream/other
No Label
kind/feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lunny/helm-chart#719
No description provided.
Delete Branch "feat/secure-metrics-endpoint"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?