While working on and around monitoring Kubernetes clusters with Prometheus, I have noticed a reoccurring problem: metrics that are retrieved by Prometheus may potentially contain sensitive information (for example the Prometheus node-exporter exposes the Kernel version of the host), which a potential intruder may use in order to exploit their way through a respective Kubernetes cluster.

In this blog post, I will try to explain the relation between Prometheus, Heapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.

The kube-state-metrics project is a service you can deploy in your Kubernetes cluster.