Support Web basic_auth_users config for Prometheus and Alertmanager

[heylongdacoder]

Description

Fixes: #4200

Type of change

• CHANGE (fix or feature that would cause existing functionality to not work as expected)
• FEATURE (non-breaking change which adds functionality)
• BUGFIX (non-breaking change which fixes an issue)
• ENHANCEMENT (non-breaking change which improves existing functionality)
• NONE (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)

Changelog entry

Added support for Web basic_auth_users config for Prometheus and Alertmanager CRD

[heylongdacoder]

Pending Works:

• config-reload with auth
• prometheus's thanos sidecar with auth
• health check probe with auth
• e2e test case
• documentation, function name, error message

[simonpasquier]

prometheus/exporter-toolkit#70 is of interest for health check probe with auth but I agree that config reloader and Thanos sidecar -> Prometheus authentication has to be sorted out :)

[heylongdacoder]

Opened prometheus/exporter-toolkit#106 to tackle the health check probe with auth

[heylongdacoder]

Hi @simonpasquier , I saw you suggested to create a user/password for config-reloader and thanos-sidecar. For different "Prometheus" CRD Object, I am thinking to use a fix username("prometheus-operator-managed-user"), generate a random password, and create username and password as "Secret" so that config-reloader and thanos-sidecar can refer this "Secret" as environment variables. Do you think this is ok?

And since we are generating the user/password, do we need to support the rotation of this auth? Thanks :)

[nourspace]

Pending Works:

• config-reload with auth
• prometheus's thanos sidecar with auth
• health check probe with auth
• e2e test case
• documentation, function name, error message

Don't you think you will also need to update the default Grafana data source so it includes the generated credentials?

[heylongdacoder]

@nourspace good point! But I think Grafana is out of scope for prometheus-operator. Probably got to do another PR at https://github.com/prometheus-operator/kube-prometheus or https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack. Maybe I can take a look as well after this PR.

[slashpai]

@heylongdacoder are you still working on this?

[heylongdacoder]

hi @slashpai , currently not, bit busy with my current job. FYI, I stucked in this issue(prometheus/exporter-toolkit#106) last time. 😄

[ArthurSens]

Hey @heylongdacoder, I'm closing this PR for now since you've communicated that you won't be able to continue.

Thanks a lot for the effort so far though! You made things clearer about what needs to be done :)

Feel free to re open if you wish to continue in the future