Session Name: Secure Your Prometheus Server From Indiscreet Eyes or Die by Metrics
Prometheus has become the standard for monitoring Kubernetes services. It comes with a set of helpful exporters, and Kubernetes offers several metrics endpoints directly through the API. These features enable monitoring and troubleshooting of most situations that SREs face on a daily basis. But, what if an attacker accesses your Prometheus server? How much information can they get for fingerprinting the cluster? Kernel versions, IP addresses, instance types, library versions…the list goes on and on.
In this session, you will learn the best practices on how to secure your Prometheus server from curious eyes and what could be the consequences of not implementing them.
David is a solutions engineer at Sysdig. Previously he worked as CTO in a company specialized in IoT for energy metering and Industry 4.0. He is a computer engineer and collaborates with open source projects, but also likes to study anthropology, play blues and make video games.