[kube-prometheus-stack] Do not send the bearer token to every service #6427
+26
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
killerwhile
requested review from
GMartinez-Sisti,
QuentinBisson,
Xtigyro,
andrewgkew,
gianrubio,
gkarthiks,
jkroepke and
scottrigby
as code owners
Member
There was a problem hiding this comment.
Hi @killerwhile, thanks for the contribution.
What about using sendBearerToken instead and set it true by default that still keeps it backwards compatible? I think semantically is easier to understand than a possible double negative.
GMartinez-Sisti
changed the title
Author
|
Thanks for your comment. This would make more sense, indeed. I'll update shortly. Thanks |
…o some services Signed-off-by: Killerwhile <[email protected]>
killerwhile
force-pushed
the
fix/remove-unnecessary-bearertoken
branch
from
a05f904 to
076d5dd
Compare
Author
|
@GMartinez-Sisti I updated as you proposed and DCO signed the commit. |
jkroepke
reviewed
Jan 10, 2026
Comment on lines
+43
to
+45
| {{- if .Values.coreDns.serviceMonitor.sendBearerToken }} | ||
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
| {{- end }} |
Member
There was a problem hiding this comment.
for consistency reasons, i preffer the pattern that we used for other properties as well.
Move bearerTokenFile to values and you can empty the value on your own.
Suggested change
| {{- if .Values.coreDns.serviceMonitor.sendBearerToken }} | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| {{- end }} | |
| {{- if .Values.coreDns.serviceMonitor.bearerTokenFile }} | |
| bearerTokenFile: {{ .Values.coreDns.serviceMonitor.bearerTokenFile }} | |
| {{- end }} |
Author
There was a problem hiding this comment.
Thanks for the review. I'll adapt shortly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it
Some ServiceMonitors send bearer token where it's not needed, especially to http endpoints.
This PR do allow to configure when to set the bearer token. It keeps the actual behavior, configuration options should actively being set to change the behavior.
Which issue this PR fixes
(optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged)Special notes for your reviewer
Checklist
[prometheus-couchdb-exporter])