You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding jwt token auth in addition to basic auth would be a great benefit for in-cluster service authentication.
The kubernetes service account tokens are OIDC compliant and short-living which increases the security compared to static auth basic credentials. the common library could use a JWKS (JSON Web Key Set) to validate the signature of tokens.
Since the common web package is used in a lot of exporters, node_exporter could be secured by jwt auth. Prometheus already support bearer token auth at scrape jobs.
The text was updated successfully, but these errors were encountered:
Adding jwt token auth in addition to basic auth would be a great benefit for in-cluster service authentication.
The kubernetes service account tokens are OIDC compliant and short-living which increases the security compared to static auth basic credentials. the common library could use a JWKS (JSON Web Key Set) to validate the signature of tokens.
Since the common web package is used in a lot of exporters, node_exporter could be secured by jwt auth. Prometheus already support bearer token auth at scrape jobs.
The text was updated successfully, but these errors were encountered: