/metrics endpoint exposed without authentication on client ports, and can not fully disabling it​

[liukaifei]

What would you like to be added?

​​Allow complete disabling of metrics
2.
​​Or Support authenticated access

Why is this needed?

This feature is a blocker for deployment in environments with strict security and compliance requirements. The current behavior does not meet our customers' security compliance standards.

[serathius]

If you specify dedicated endpoint for metrics, the /metrics should disappear from client port.