Rip out basic auth

[timstclair]

cAdvisors authentication is not implemented correctly, and in it's current state is worse than no auth (can give a false sense of security). The obvious problem is that only some of the endpoints are actually authenticated, but the same information can be accessed from an unauthenticated endpoint. There are also issues with error handling, and possible non-enforcement issues (#1554).

I think we should just remove auth entirely for now. Users who require auth can set it up using an nginx proxy.

/cc @vishh @dashpole

[vishh]

sgtm. It would be useful if we can point to an example setup for nginx proxy.

…

On Fri, Mar 17, 2017 at 2:38 PM, Tim St. Clair ***@***.***> wrote: cAdvisors authentication is not implemented correctly, and in it's current state is worse than no auth (can give a false sense of security). The obvious problem is that only some of the endpoints are actually authenticated, but the same information can be accessed from an unauthenticated endpoint. There are also issues with error handling, and possible non-enforcement issues (#1554 <#1554>). I think we should just remove auth entirely for now. Users who require auth can set it up using an nginx proxy. /cc @vishh <https://github.com/vishh> @dashpole <https://github.com/dashpole> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1621>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AGvIKDkqKH00R2UxFXfIg_PPOM0oWVxjks5rmv1QgaJpZM4MhITQ> .

is this still current and correct information?

if so, this part should probably also be removed from the docs?

https://github.com/google/cadvisor/blob/master/docs/web.md#web-ui-authentication

[pikhovkin]

This issue is still actual. #3060, #2011