Access to the Prometheus, Alertmanager, and Grafana UIs is provided by using Ingress resources. By default, those UIs are not password-protected, except for Grafana, and are available to everyone. To restrict access to them, you can use any combination of the following methods:
-
Use an ingress controller whose LoadBalancer service has an internal load balancer IP address.
-
Grant access to the UIs only from specific IP addresses.
-
Use OAuth2 Proxy to allow access to the UIs only for users that are authenticated in Azure. You can see how this works in the diagram.
To specify which restriction methods must be used, you will need to prepare an appropriate infra.yaml file.