Comments (5)
Hey @brianbao,
Thanks for your ticket!
Right now we don't offer that functionality, but I do agree that it's a useful feature to add.
I will discuss your feature request with the team and we'll get back to you.
from nri-prometheus.
Hey @jorikvdwerf,
I did some digging and it looks like this was already basically implemented. The config.yaml
file can specify a bearer_token_file
, which will read the file and append the Authorization: Bearer {TOKEN}
header to the request, which the Vault Prometheus endpoint accepts.
In my digging it looks like there are actually a lot of parameters that went undocumented, such as metrics_api_url
or insecure_skip_verify
on the targets
config just to give two examples. It would be great if we could get these documented.
from nri-prometheus.
Hey @brianbao! Replying to your finding and feedback:
-
We intentionally don't want to document
insecure_skip_verify
as it completely defeats the purpose of mutual TLS. -
The metrics api url shouldn't need to be changed. Our code is smart enough to guess the region based on your license key. See here: https://github.com/newrelic/nri-prometheus/blob/a022884ea187367015dbe90edd48707d3dbddb0f/cmd/nri-prometheus/config_test.go. Is it somehow not working well for you?
-
The
bearer_token_file
configuration was created to allow the metric fetching process to work on RBAC-protected Kubernetes clusters without changing a lot of the code. "Accidentally" it also works for your use case. This one I believe we can maybe transform into a feature, allowing you to configure bearer tokens per scraped URL maybe. WDYT?
from nri-prometheus.
Thanks for your response @douglascamata. Everything you wrote makes sense.
Regarding the bearer_token_file
, our only requirement is that there is some way to dynamically read a location for a token instead of having it hard-coded as a passed parameter, since these tokens can expire and will need to be refreshed. The code is already implemented to read the token file before every scrape request, so having the scraper configure a file per scraped URL as you described would be nice to have.
As it stands we are also perfectly fine using the bearer_token_file
as is, so the feature may not be fully necessary.
from nri-prometheus.
Hey @brianbao! Replying to your finding and feedback:
- We intentionally don't want to document
insecure_skip_verify
as it completely defeats the purpose of mutual TLS.- The metrics api url shouldn't need to be changed. Our code is smart enough to guess the region based on your license key. See here: https://github.com/newrelic/nri-prometheus/blob/a022884ea187367015dbe90edd48707d3dbddb0f/cmd/nri-prometheus/config_test.go. Is it somehow not working well for you?
- The
bearer_token_file
configuration was created to allow the metric fetching process to work on RBAC-protected Kubernetes clusters without changing a lot of the code. "Accidentally" it also works for your use case. This one I believe we can maybe transform into a feature, allowing you to configure bearer tokens per scraped URL maybe. WDYT?
Hello NR team, it will be great to have the possibility to configure bearer tokens per scraped URL. Can we reopen that issue or transform it into a feature request? Thanks
from nri-prometheus.
Related Issues (20)
- NRI-Prometheus not compatible with Open Metrics 1.0.0 / Spring-Boot HOT 4
- errors fetching Prometheus metric - text format parsing error HOT 5
- Prometheus Config using values from Parent Chart HOT 3
- Adding support for custom label value in addition to scrape_enabled_label HOT 1
- Nri-prometheus scraping and parsing issue HOT 7
- rename_attributes transformation is not renaming attribute HOT 1
- Prometheus still scraping services after setting scrape_services = false HOT 3
- Ignore all metrics except set of metrics HOT 3
- ignore_metrics not always working HOT 6
- Transformations.add_attributes.attributes does not maintain case HOT 2
- [Repolinter] Open Source Policy Issues HOT 1
- Add support for targets over DNS, like dns_sd_config in Prometheus HOT 5
- Pod metrics don't get correlated properly to infrastructure entities HOT 3
- [Repolinter] Open Source Policy Issues HOT 1
- Dependency Dashboard
- [Repolinter] Open Source Policy Issues HOT 1
- Dropping metrics HOT 2
- Ignore metrics partially works HOT 1
- Support regex in ignore_metrics HOT 1
- NRI Prometheus using enormous amounts of resources HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nri-prometheus.