TPA-RFC: define policy on prometheus exporters
while we have some way for people to add exporters to our prometheus/grafana setup, it's not clear how they should actually export those metrics to us.
here are the questions that need answering in this proposal:
- how to expose metrics (port number? dedicated vhost? different subpath? we do all of those right now)
- (how) to encrypt the communication between the scraper and exporter (TLS? plain http? either? we do both right now)
- (how) to *restrict access to the exporters? (IP-based allow lists? HTTP user/pass auth? bearer tokens? TLS client certs? nothing? i believe we do everything but TLS client certs and, hopefully "nothing" here)
The question of the time series privacy is out of scope here and handled in #40755 (closed), where we are currently heading towards tor-internal level privacy, and merging Prometheus servers in a single cluster.
this came up in operations with anti-censorship (e.g. #41265 (closed)) but also the network-health folks, which are all stakeholders.
Edited by anarcat