Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Host Binding feature to Prometheus Emitter #15856

Open
diosvo opened this issue Feb 7, 2024 · 0 comments
Open

Add Host Binding feature to Prometheus Emitter #15856

diosvo opened this issue Feb 7, 2024 · 0 comments
Labels
Feature/Change Description

Comments

@diosvo
Copy link

diosvo commented Feb 7, 2024

Proposal

Summary

The Prometheus emitter cannot currently bind to a specific host. This feature is crucial for environments where binding to all interfaces (default behaviour) is not desired or poses security concerns. This ticket aims to enhance the Prometheus emitter by introducing a configurable host binding option.

Details

Problem Statement:

Currently, the Prometheus emitter binds to all available network interfaces. This behaviour might not be ideal in certain deployment scenarios, especially in multi-homed environments or where strict network security policies are enforced.

Reference: https://github.com/apache/druid/blob/master/extensions-contrib/prometheus-emitter/src/main/java/org/apache/druid/emitter/prometheus/PrometheusEmitter.java#L88

Proposed Solution:

  • Implement a configuration option specifying a particular host/IP address to which the Prometheus emitter should bind. This option should be flexible enough to support different deployment needs (e.g., binding to localhost for local monitoring, binding to a specific interface in multi-homed setups).
  • Expected Outcome: Users can configure the Prometheus emitter to bind to a specific host/IP once implemented. This enhancement will provide better security and more control over network traffic management.

Use Cases:

Bind to localhost for scenarios where Prometheus metrics are only consumed locally.
Specify a particular network interface in environments with multiple network interfaces to control network exposure.

Implementation Notes:

A new configuration parameter (e.g., hostBindAddress) should be introduced.
The emitter's network binding logic should be updated to respect this new parameter. It should default to the current behaviour (binding to all interfaces) when not specified.

Security:

Reduced attack surface by preventing the Prometheus emitter from exposing metrics on all network interfaces.

Flexibility:

Users gain more control over their Prometheus emitter deployments, tailoring them to specific network requirements.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature/Change Description
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@diosvo