Restrict access to a Prometheus server in AKS can only be achieved with nginx-ingress?

Question

Prometheus server with its respective Loadbalancer in AKS.

I wanted to secure the access to /metrics through network rules...but it doesn't work. I can still acess to the endpoint with any device.

  az network nsg rule create \
    --resource-group $AKS_RESOURCE_GROUP \
    --nsg-name $AKS_NSG \
    --name DenyAcess \
    --access Deny \
    --protocol Tcp \
    --direction Inbound \
    --priority 521 \
    --source-address-prefix "*" \
    --source-port-range "*" \
    --destination-port-range 9090

  az network nsg rule create \
    --resource-group $AKS_RESOURCE_GROUP \
    --nsg-name $AKS_NSG \
    --name AllowSpecificIP \
    --access Allow \
    --protocol Tcp \
    --direction Inbound \
    --priority 522 \
    --source-address-prefix $MY_CERTAIN_IP \
    --source-port-range "*" \
    --destination-port-range 9090

I was trying to avoid installing any ingress like haproxy or nginx-ingress...it's the only way to restrict access to the Prometheus endpoint?

Extra: Basic authorization with Prometheus in Helm doesn't work either, it could be useful too :(

Just to clarify, this is running Prometheus as a container on AKS? Not the managed prometheus service? — Sam Cogan, Aug 08 '23 at 09:28

Restrict access to a Prometheus server in AKS can only be achieved with nginx-ingress?

0 Answers0