mirror of
https://github.com/prometheus/prometheus.git
synced 2024-12-25 05:34:05 -08:00
Merge pull request #8512 from roidelapluie/update-common-for-credentials
Update common to support credential types
This commit is contained in:
commit
f4bf9df4ec
|
@ -618,7 +618,7 @@ func (c *RemoteWriteConfig) UnmarshalYAML(unmarshal func(interface{}) error) err
|
|||
}
|
||||
for header := range c.Headers {
|
||||
if strings.ToLower(header) == "authorization" {
|
||||
return errors.New("authorization header must be changed via the basic_auth, bearer_token, or bearer_token_file parameter")
|
||||
return errors.New("authorization header must be changed via the basic_auth or authorization parameter")
|
||||
}
|
||||
if _, ok := unchangeableHeaders[strings.ToLower(header)]; ok {
|
||||
return errors.Errorf("%s is an unchangeable header", header)
|
||||
|
|
|
@ -141,7 +141,10 @@ var expectedConf = &Config{
|
|||
Scheme: DefaultScrapeConfig.Scheme,
|
||||
|
||||
HTTPClientConfig: config.HTTPClientConfig{
|
||||
BearerTokenFile: filepath.FromSlash("testdata/valid_token_file"),
|
||||
Authorization: &config.Authorization{
|
||||
Type: "Bearer",
|
||||
CredentialsFile: filepath.FromSlash("testdata/valid_token_file"),
|
||||
},
|
||||
},
|
||||
|
||||
ServiceDiscoveryConfigs: discovery.Configs{
|
||||
|
@ -344,7 +347,10 @@ var expectedConf = &Config{
|
|||
KeyFile: filepath.FromSlash("testdata/valid_key_file"),
|
||||
},
|
||||
|
||||
BearerToken: "mysecret",
|
||||
Authorization: &config.Authorization{
|
||||
Type: "Bearer",
|
||||
Credentials: "mysecret",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -603,7 +609,10 @@ var expectedConf = &Config{
|
|||
ServiceDiscoveryConfigs: discovery.Configs{
|
||||
&digitalocean.SDConfig{
|
||||
HTTPClientConfig: config.HTTPClientConfig{
|
||||
BearerToken: "abcdef",
|
||||
Authorization: &config.Authorization{
|
||||
Type: "Bearer",
|
||||
Credentials: "abcdef",
|
||||
},
|
||||
},
|
||||
Port: 80,
|
||||
RefreshInterval: model.Duration(60 * time.Second),
|
||||
|
@ -665,7 +674,10 @@ var expectedConf = &Config{
|
|||
ServiceDiscoveryConfigs: discovery.Configs{
|
||||
&hetzner.SDConfig{
|
||||
HTTPClientConfig: config.HTTPClientConfig{
|
||||
BearerToken: "abcdef",
|
||||
Authorization: &config.Authorization{
|
||||
Type: "Bearer",
|
||||
Credentials: "abcdef",
|
||||
},
|
||||
},
|
||||
Port: 80,
|
||||
RefreshInterval: model.Duration(60 * time.Second),
|
||||
|
@ -919,6 +931,9 @@ var expectedErrors = []struct {
|
|||
}, {
|
||||
filename: "kubernetes_bearertoken_basicauth.bad.yml",
|
||||
errMsg: "at most one of basic_auth, bearer_token & bearer_token_file must be configured",
|
||||
}, {
|
||||
filename: "kubernetes_authorization_basicauth.bad.yml",
|
||||
errMsg: "at most one of basic_auth & authorization must be configured",
|
||||
}, {
|
||||
filename: "marathon_no_servers.bad.yml",
|
||||
errMsg: "marathon_sd: must contain at least one Marathon server",
|
||||
|
@ -931,6 +946,9 @@ var expectedErrors = []struct {
|
|||
}, {
|
||||
filename: "marathon_authtoken_bearertoken.bad.yml",
|
||||
errMsg: "marathon_sd: at most one of bearer_token, bearer_token_file, auth_token & auth_token_file must be configured",
|
||||
}, {
|
||||
filename: "marathon_authtoken_authorization.bad.yml",
|
||||
errMsg: "marathon_sd: at most one of auth_token, auth_token_file & authorization must be configured",
|
||||
}, {
|
||||
filename: "openstack_role.bad.yml",
|
||||
errMsg: "unknown OpenStack SD role",
|
||||
|
@ -957,7 +975,7 @@ var expectedErrors = []struct {
|
|||
errMsg: `x-prometheus-remote-write-version is an unchangeable header`,
|
||||
}, {
|
||||
filename: "remote_write_authorization_header.bad.yml",
|
||||
errMsg: `authorization header must be changed via the basic_auth, bearer_token, or bearer_token_file parameter`,
|
||||
errMsg: `authorization header must be changed via the basic_auth or authorization parameter`,
|
||||
}, {
|
||||
filename: "remote_write_url_missing.bad.yml",
|
||||
errMsg: `url for remote_write is empty`,
|
||||
|
|
12
config/testdata/conf.good.yml
vendored
12
config/testdata/conf.good.yml
vendored
|
@ -79,7 +79,8 @@ scrape_configs:
|
|||
replacement: static
|
||||
target_label: abc
|
||||
|
||||
bearer_token_file: valid_token_file
|
||||
authorization:
|
||||
credentials_file: valid_token_file
|
||||
|
||||
|
||||
- job_name: service-x
|
||||
|
@ -158,7 +159,8 @@ scrape_configs:
|
|||
cert_file: valid_cert_file
|
||||
key_file: valid_key_file
|
||||
|
||||
bearer_token: mysecret
|
||||
authorization:
|
||||
credentials: mysecret
|
||||
|
||||
- job_name: service-kubernetes
|
||||
|
||||
|
@ -263,7 +265,8 @@ scrape_configs:
|
|||
|
||||
- job_name: digitalocean-droplets
|
||||
digitalocean_sd_configs:
|
||||
- bearer_token: abcdef
|
||||
- authorization:
|
||||
credentials: abcdef
|
||||
|
||||
- job_name: dockerswarm
|
||||
dockerswarm_sd_configs:
|
||||
|
@ -284,7 +287,8 @@ scrape_configs:
|
|||
- job_name: hetzner
|
||||
hetzner_sd_configs:
|
||||
- role: hcloud
|
||||
bearer_token: abcdef
|
||||
authorization:
|
||||
credentials: abcdef
|
||||
- role: robot
|
||||
basic_auth:
|
||||
username: abcdef
|
||||
|
|
13
config/testdata/kubernetes_authorization_basicauth.bad.yml
vendored
Normal file
13
config/testdata/kubernetes_authorization_basicauth.bad.yml
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
scrape_configs:
|
||||
- job_name: prometheus
|
||||
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
api_server: 'https://localhost:1234'
|
||||
|
||||
authorization:
|
||||
credentials: 1234
|
||||
basic_auth:
|
||||
username: user
|
||||
password: password
|
||||
|
|
@ -2,4 +2,5 @@ scrape_configs:
|
|||
- job_name: prometheus
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
bearer_token: 1234
|
||||
authorization:
|
||||
credentials: 1234
|
||||
|
|
10
config/testdata/marathon_authtoken_authorization.bad.yml
vendored
Normal file
10
config/testdata/marathon_authtoken_authorization.bad.yml
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
scrape_configs:
|
||||
- job_name: prometheus
|
||||
|
||||
marathon_sd_configs:
|
||||
- servers:
|
||||
- 'https://localhost:1234'
|
||||
|
||||
auth_token: 1234
|
||||
authorization:
|
||||
credentials: 4567
|
3
config/testdata/roundtrip.good.yml
vendored
3
config/testdata/roundtrip.good.yml
vendored
|
@ -53,7 +53,8 @@ scrape_configs:
|
|||
key_file: valid_key_file
|
||||
|
||||
digitalocean_sd_configs:
|
||||
- bearer_token: <secret>
|
||||
- authorization:
|
||||
credentials: <secret>
|
||||
|
||||
dockerswarm_sd_configs:
|
||||
- host: http://127.0.0.1:2375
|
||||
|
|
|
@ -89,7 +89,7 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
return c.HTTPClientConfig.Validate()
|
||||
}
|
||||
|
||||
// Discovery periodically performs DigitalOcean requests. It implements
|
||||
|
|
|
@ -102,7 +102,7 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|||
default:
|
||||
return fmt.Errorf("invalid role %s, expected tasks, services, or nodes", c.Role)
|
||||
}
|
||||
return nil
|
||||
return c.HTTPClientConfig.Validate()
|
||||
}
|
||||
|
||||
// Discovery periodically performs Docker Swarm requests. It implements
|
||||
|
|
|
@ -110,7 +110,7 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|||
if c.Role == "" {
|
||||
return errors.New("role missing (one of: robot, hcloud)")
|
||||
}
|
||||
return nil
|
||||
return c.HTTPClientConfig.Validate()
|
||||
}
|
||||
|
||||
// Discovery periodically performs Hetzner requests. It implements
|
||||
|
|
|
@ -111,6 +111,9 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|||
if (len(c.HTTPClientConfig.BearerToken) > 0 || len(c.HTTPClientConfig.BearerTokenFile) > 0) && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
|
||||
return errors.New("marathon_sd: at most one of bearer_token, bearer_token_file, auth_token & auth_token_file must be configured")
|
||||
}
|
||||
if c.HTTPClientConfig.Authorization != nil && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
|
||||
return errors.New("marathon_sd: at most one of auth_token, auth_token_file & authorization must be configured")
|
||||
}
|
||||
return c.HTTPClientConfig.Validate()
|
||||
}
|
||||
|
||||
|
|
|
@ -169,12 +169,16 @@ basic_auth:
|
|||
[ password_file: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every scrape request with
|
||||
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
|
||||
[ bearer_token: <secret> ]
|
||||
|
||||
# Sets the `Authorization` header on every scrape request with the bearer token
|
||||
# read from the configured file. It is mutually exclusive with `bearer_token`.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# the configured credentials.
|
||||
authorization:
|
||||
# Sets the authentication type of the request.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials of the request. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials of the request with the credentials read from the
|
||||
# configured file. It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Configures the scrape request's TLS settings.
|
||||
tls_config:
|
||||
|
@ -436,7 +440,7 @@ The following meta labels are available on targets during [relabeling](#relabel_
|
|||
|
||||
```yaml
|
||||
# Authentication information used to authenticate to the API server.
|
||||
# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
|
||||
# Note that `basic_auth` and `authorization` options are
|
||||
# mutually exclusive.
|
||||
# password and password_file are mutually exclusive.
|
||||
|
||||
|
@ -446,11 +450,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Optional bearer token authentication information.
|
||||
[ bearer_token: <secret> ]
|
||||
|
||||
# Optional bearer token file authentication information.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Optional proxy URL.
|
||||
[ proxy_url: <string> ]
|
||||
|
@ -592,7 +601,7 @@ role: <string>
|
|||
[ refresh_interval: <duration> | default = 60s ]
|
||||
|
||||
# Authentication information used to authenticate to the Docker daemon.
|
||||
# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
|
||||
# Note that `basic_auth` and `authorization` options are
|
||||
# mutually exclusive.
|
||||
# password and password_file are mutually exclusive.
|
||||
|
||||
|
@ -602,11 +611,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Optional bearer token authentication information.
|
||||
[ bearer_token: <secret> ]
|
||||
|
||||
# Optional bearer token file authentication information.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
```
|
||||
|
||||
The [relabeling phase](#relabel_config) is the preferred and more powerful
|
||||
|
@ -989,7 +1003,7 @@ The labels below are only available for targets with `role` set to `robot`:
|
|||
role: <string>
|
||||
|
||||
# Authentication information used to authenticate to the API server.
|
||||
# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
|
||||
# Note that `basic_auth` and `authorization` options are
|
||||
# mutually exclusive.
|
||||
# password and password_file are mutually exclusive.
|
||||
|
||||
|
@ -1000,12 +1014,17 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Optional bearer token authentication information, required when role is hcloud
|
||||
# Role robot does not support bearer token authentication.
|
||||
[ bearer_token: <secret> ]
|
||||
|
||||
# Optional bearer token file authentication information.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration. required when role is
|
||||
# hcloud. Role robot does not support bearer token authentication.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Optional proxy URL.
|
||||
[ proxy_url: <string> ]
|
||||
|
@ -1154,7 +1173,7 @@ See below for the configuration options for Kubernetes discovery:
|
|||
role: <string>
|
||||
|
||||
# Optional authentication information used to authenticate to the API server.
|
||||
# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
|
||||
# Note that `basic_auth` and `authorization` options are
|
||||
# mutually exclusive.
|
||||
# password and password_file are mutually exclusive.
|
||||
|
||||
|
@ -1164,11 +1183,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Optional bearer token authentication information.
|
||||
[ bearer_token: <secret> ]
|
||||
|
||||
# Optional bearer token file authentication information.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Optional proxy URL.
|
||||
[ proxy_url: <string> ]
|
||||
|
@ -1253,15 +1277,19 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every request with
|
||||
# the configured bearer token. It is mutually exclusive with `bearer_token_file` and other authentication mechanisms.
|
||||
# NOTE: The current version of DC/OS marathon (v1.11.0) does not support standard Bearer token authentication. Use `auth_token` instead.
|
||||
[ bearer_token: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every request with the bearer token
|
||||
# read from the configured file. It is mutually exclusive with `bearer_token` and other authentication mechanisms.
|
||||
# NOTE: The current version of DC/OS marathon (v1.11.0) does not support standard Bearer token authentication. Use `auth_token_file` instead.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
# NOTE: The current version of DC/OS marathon (v1.11.0) does not support
|
||||
# standard `Authentication` header, use `auth_token` or `auth_token_file`
|
||||
# instead.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# TLS configuration for connecting to marathon servers
|
||||
tls_config:
|
||||
|
@ -1447,13 +1475,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every request with
|
||||
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
|
||||
[ bearer_token: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every request with the bearer token
|
||||
# read from the configured file. It is mutually exclusive with `bearer_token`.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Configures the scrape request's TLS settings.
|
||||
tls_config:
|
||||
|
@ -1616,13 +1647,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every request with
|
||||
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
|
||||
[ bearer_token: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every request with the bearer token
|
||||
# read from the configured file. It is mutually exclusive with `bearer_token`.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Configures the scrape request's TLS settings.
|
||||
tls_config:
|
||||
|
@ -1742,13 +1776,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every remote write request with
|
||||
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
|
||||
[ bearer_token: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every remote write request with the bearer token
|
||||
# read from the configured file. It is mutually exclusive with `bearer_token`.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Configures the remote write request's TLS settings.
|
||||
tls_config:
|
||||
|
@ -1825,13 +1862,16 @@ basic_auth:
|
|||
[ password: <secret> ]
|
||||
[ password_file: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every remote read request with
|
||||
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
|
||||
[ bearer_token: <string> ]
|
||||
|
||||
# Sets the `Authorization` header on every remote read request with the bearer token
|
||||
# read from the configured file. It is mutually exclusive with `bearer_token`.
|
||||
[ bearer_token_file: <filename> ]
|
||||
# Optional the `Authorization` header configuration.
|
||||
authorization:
|
||||
# Sets the authentication type.
|
||||
[ type: <string> | default: Bearer ]
|
||||
# Sets the credentials. It is mutually exclusive with
|
||||
# `credentials_file`.
|
||||
[ credentials: <secret> ]
|
||||
# Sets the credentials with the credentials read from the configured file.
|
||||
# It is mutually exclusive with `credentials`.
|
||||
[ credentials_file: <filename> ]
|
||||
|
||||
# Configures the remote read request's TLS settings.
|
||||
tls_config:
|
||||
|
|
|
@ -12,7 +12,8 @@ scrape_configs:
|
|||
- job_name: 'node'
|
||||
|
||||
digitalocean_sd_configs:
|
||||
- bearer_token: "<replace with a Personal Access Token>"
|
||||
- authorization:
|
||||
credentials: "<replace with a Personal Access Token>"
|
||||
relabel_configs:
|
||||
# Only scrape targets that have a tag 'monitoring'.
|
||||
- source_labels: [__meta_digitalocean_tags]
|
||||
|
|
|
@ -12,7 +12,8 @@ scrape_configs:
|
|||
- job_name: 'node'
|
||||
|
||||
hetzner_sd_configs:
|
||||
- bearer_token: "<replace with a Hetzner Cloud API Token>"
|
||||
- authorization:
|
||||
credentials: "<replace with a Hetzner Cloud API Token>"
|
||||
platform: "hcloud"
|
||||
relabel_configs:
|
||||
# Use the public IPv4 and port 9100 to scrape the target.
|
||||
|
@ -24,7 +25,8 @@ scrape_configs:
|
|||
- job_name: 'node_private'
|
||||
|
||||
hetzner_sd_configs:
|
||||
- bearer_token: "<replace with a Hetzner Cloud API Token>"
|
||||
- authorization:
|
||||
credentials: "<replace with a Hetzner Cloud API Token>"
|
||||
platform: "hcloud"
|
||||
relabel_configs:
|
||||
# Use the private IPv4 within the Hetzner Cloud Network and port 9100 to scrape the target.
|
||||
|
|
|
@ -25,7 +25,7 @@ scrape_configs:
|
|||
# `http`.
|
||||
scheme: https
|
||||
|
||||
# This TLS & bearer token file config is used to connect to the actual scrape
|
||||
# This TLS & authorization config is used to connect to the actual scrape
|
||||
# endpoints for cluster components. This is separate to discovery auth
|
||||
# configuration because discovery & scraping are two separate concerns in
|
||||
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
|
||||
|
@ -40,7 +40,8 @@ scrape_configs:
|
|||
# disable certificate verification by uncommenting the line below.
|
||||
#
|
||||
# insecure_skip_verify: true
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
authorization:
|
||||
credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
|
||||
# Keep only the default/kubernetes service endpoints for the https port. This
|
||||
# will add targets for each API server which Kubernetes adds an endpoint to
|
||||
|
@ -62,7 +63,7 @@ scrape_configs:
|
|||
# `http`.
|
||||
scheme: https
|
||||
|
||||
# This TLS & bearer token file config is used to connect to the actual scrape
|
||||
# This TLS & authorization config is used to connect to the actual scrape
|
||||
# endpoints for cluster components. This is separate to discovery auth
|
||||
# configuration because discovery & scraping are two separate concerns in
|
||||
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
|
||||
|
@ -77,7 +78,8 @@ scrape_configs:
|
|||
# disable certificate verification by uncommenting the line below.
|
||||
#
|
||||
# insecure_skip_verify: true
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
authorization:
|
||||
credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
|
@ -112,7 +114,7 @@ scrape_configs:
|
|||
# are used.
|
||||
metrics_path: /metrics/cadvisor
|
||||
|
||||
# This TLS & bearer token file config is used to connect to the actual scrape
|
||||
# This TLS & authorization config is used to connect to the actual scrape
|
||||
# endpoints for cluster components. This is separate to discovery auth
|
||||
# configuration because discovery & scraping are two separate concerns in
|
||||
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
|
||||
|
@ -127,7 +129,8 @@ scrape_configs:
|
|||
# disable certificate verification by uncommenting the line below.
|
||||
#
|
||||
# insecure_skip_verify: true
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
authorization:
|
||||
credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
|
|
2
go.mod
2
go.mod
|
@ -48,7 +48,7 @@ require (
|
|||
github.com/prometheus/alertmanager v0.21.0
|
||||
github.com/prometheus/client_golang v1.9.0
|
||||
github.com/prometheus/client_model v0.2.0
|
||||
github.com/prometheus/common v0.15.0
|
||||
github.com/prometheus/common v0.17.0
|
||||
github.com/prometheus/exporter-toolkit v0.5.1
|
||||
github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749
|
||||
github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546
|
||||
|
|
2
go.sum
2
go.sum
|
@ -715,6 +715,8 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b
|
|||
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
|
||||
github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM=
|
||||
github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
|
||||
github.com/prometheus/common v0.17.0 h1:kDIZLI74SS+3tedSvEkykgBkD7txMxaJAPj8DtJUKYA=
|
||||
github.com/prometheus/common v0.17.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
|
||||
github.com/prometheus/exporter-toolkit v0.5.1 h1:9eqgis5er9xN613ZSADjypCJaDGj9ZlcWBvsIHa8/3c=
|
||||
github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
|
|
Loading…
Reference in a new issue