Implement SSO support for the Web UI #3725
Description
Summary
The cAdvisor Web UI currently doesn't support authentication. This means that anyone can access it, which can be a security risk.
Motivation
While cAdvisor is commonly used as an agent to collect container metrics for Grafana, the Web UI remains valuable for DevSecOps and infrastructure teams. It provides a simple, direct interface with a lot of important information about containers.
However, without authentication, the Web UI is exposed to unrestricted access. For environments where cAdvisor runs on VMs or servers that may be accessible to multiple users, this lack of access control poses a concern.
Proposal
Introduce support for SSO integration with providers such as Keycloak. This would allow administrators to protect the Web UI behind an authentication mechanism, ensuring that only authorized users can access the data.
Alternatives
- Keep the Web UI unprotected (current state), relying on network-level security (firewalls, VPNs, etc.).
- Deploy an SSO proxy in front of the Web UI to provide authentication for applications that don’t natively support SSO. Nonetheless, I’m not really keen on this solution because this introduces a single point of failure (SPOF) for Web UI access.