Best practices with Prometheus and security

I am setting up a Gitlab installation for a small non-profit organization. The infrastructure is all running on Google Kubernetes Engine.

I see that Prometheus has no authentication for viewing/getting time series information. This seems like a serious opening for anyone concerned about security. What are the best practices for dealing with this? As we are completely cloud based, we do not have a core organization network to place the Prometheus service within. Any help is greatly appreciated!