Prometheus instances are proxied by apache on the machine it is running on. At the moment the way to access the native interface (e.g. for easier data/query exploration) is through an ssh tunnel (e.g. ssh prometheus1003.eqiad.wmnet -L8000:localhost:80 and then http://localhost:8000/ops/graph) but it'd be more convenient to expose the web interface behind web-misc and HTTP auth instead.
- Setup apache LDAP auth for SRE (or NDA) access
- Setup external DNS names
- Setup misc-web HTTP routing