Comments (5)
@luxas @DirectXMan12 hi, is this issue make sense? I will create a PR to fix it, what do you think?
from prometheus-adapter.
The issue makes sense. I think we should have something like a kubeconfig
(maybe just use the kubeconfig code?), so that we can support other auth mechanisms too, like tokens (because in OpenShift, we deploy with kind-of Kube-native proxy that can use SA tokens, for instance)
from prometheus-adapter.
@DirectXMan12 kubeconfig
supports below authN refer to here for details (same like curl
as well) :
case 1: ssl/tls based
-certificate-authority
--client-certificate
--client-key
--insecure-skip-tls-verify
case 2 : simple based
--username
--password
case 3: based
--token
my patch only cover case 1 now, did you mean we should support all above and leverage kubeconfig codes and implementation?
from prometheus-adapter.
Yeah, I'm saying it might not be a bad idea to just have a separate argument for prom-kubeconfig
, use-prom-auth
. By default, if use-prom-auth
is set to true
, prom-kubeconfig
it just uses InClusterConfig
, so if you have your Prometheus set up behind an auth proxy that auths against Kubernetes, everything should just work.
from prometheus-adapter.
@DirectXMan12 I am ok for your postal, append some code snippet for you check in advance. (will make it more modularization later)
var prometheusClientConfig *rest.Config
if o.PrometheusUseAuth && len(o.PrometheusKubeConfig) > 0 {
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: o.RemoteKubeConfigFile}
configOverrides := &clientcmd.ConfigOverrides{ClusterInfo: api.Cluster{Server: baseURL.String()}}
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, configOverrides)
prometheusClientConfig, err = loader.ClientConfig()
} else {
prometheusClientConfig, err = rest.InClusterConfig()
prometheusClientConfig.Host = baseURL.String()
}
transport, err := rest.TransportFor(prometheusClientConfig)
if err != nil {
return fmt.Errorf("failed to create Prometheus client transport %v", err)
}
var httpClient *http.Client
if transport != http.DefaultTransport {
httpClient = &http.Client{Transport: transport}
if prometheusClientConfig.Timeout > 0 {
httpClient.Timeout = prometheusClientConfig.Timeout
}
}
genericPromClient := prom.NewGenericAPIClient(httpClient, baseURL)
-
if user doesn't specified
prom-kubeconfig
, useInClusterConfig
conf to access to prometheus, but need to overwrite api server address to prometheus url in conf -
if user specified
prom-kubeconfig
, load it and create client by k8s/client-go
for example, access to an enabled ssl/tls prometheus
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://monitoring-prometheus:9090
name: mycluster.icp
contexts: []
current-context: ""
kind: Config
preferences: {}
users:
- name: test
user:
client-certificate: /tmp/client.crt
client-key: /tmp/client.key
any comments is welcome, thanks.
from prometheus-adapter.
Related Issues (20)
- Query about minimum permission required by -server-resources cluster role HOT 2
- Security fixes for version v0.11.2 HOT 5
- point prometheus adapter to a custom aggregator service? HOT 2
- [bug] erroneous timeout HOT 4
- apiservice Error reporting:failing or missing response from https://10.244.2.96:6443/apis/custom.metrics.k8s.io/v1beta1: bad status from https://10.244.2.96:6443/apis/custom.metrics.k8s.io/v1beta1: 404 HOT 2
- install prometheus adapter in k8s, but failed, and the logs showing "exec /adapter: exec format error" HOT 1
- how to aggregate query with multiple metrics ? HOT 4
- how to ignore parameters from hpa request ? HOT 3
- is it possible to use external prometheus server on ec2 server? HOT 1
- Scaling model for prometheus-adapter after disabling metrics-server HOT 1
- How do i get the v0.11.2 docker image? HOT 2
- Documentation on how to directly query the adapter HOT 2
- Panic slice out of bands when querying namespace metric HOT 1
- Monitoring of prometheus-adapter metrics HOT 3
- Error while disabling TLS in server, setting secure-port = 0 throws error HOT 3
- Improve security hygiene and documentation HOT 3
- Unable to see Node Metrics - Error Metrics Missing CPU for node "XXX", skipping HOT 3
- Kubectl --raw reporting an unknown metric even though it shows up in the list of known metrics HOT 1
- Issue fetching external metric HOT 1
- Failed to get pods metric value: unable to get metric DCGM_FI_DEV_FB_USED_AVG: no metrics returned from custom metrics API HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prometheus-adapter.