---
$ htpasswd -c auth prometheus
$ kubectl create secret generic basic-auth --from-file=auth
apiVersion: v1
data:
auth: XXXXXXXXXXXXX==
kind: Secret
metadata:
name: basic-auth
namespace: monitoring
type: Opaque
----
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
agentprom side:
remoteWrite:
- url: https://endpoint.com
basicAuth:
username:
name: basic-auth
key: auth
now when i enter the endpoint using browser it asks for the username and
password, but i see this in prometheus-agent logs:
url=https://endpoint.com msg="non-recoverable error" count=417
exemplarCount=0 err="server returned HTTP status 401 Unauthorized: <html>"
Le lun. 29 janv. 2024 à 15:10, 'Brian Candler' via Prometheus Users <
[email protected]> a écrit :
> See
> https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
>
> There are settings for "authorization", "basic_auth" and "tls_config
> <https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config>"
> that can be used to enable authentication to the remote_write endpoint.
>
> On Monday 29 January 2024 at 12:35:00 UTC Siradj Eddine Fisli wrote:
>
>> Actually i am using ingress-nginx to expose prometheus endpoint , shall i
>> use nginx controller auth ? but what should i pass as argument to
>> remote_write ?
>>
>>
>> Le lundi 29 janvier 2024 à 12:24:32 UTC+1, Brian Candler a écrit :
>>
>>> Using --web.config-file you can make Prometheus require HTTP Basic
>>> Authentication (basic_auth_users) or TLS client certificate
>>> authentication (client_auth_type, client_ca_file, client_allowed_sans).
>>>
>>> See:
>>> https://prometheus.io/docs/prometheus/latest/configuration/https/#https-and-authentication
>>>
>>> If you want this to happen only for certain endpoints like remote_write,
>>> then you'll need to bind prometheus to 127.0.0.1 and run a reverse proxy in
>>> front of it with whatever authorization policy you want.
>>>
>>> On Monday 29 January 2024 at 10:45:12 UTC Siradj Eddine Fisli wrote:
>>>
>>>> I have two prometheus instances , one is in agent mode remote writing
>>>> metrics to the second one, i want to add authentication mechanism, also i
>>>> am using kube-prometheus-stack. is there any solution ?
>>>> also prometheus is accessible via https, i configured that using
>>>> cert-manager and letsencrypt.
>>>
>>> --
> You received this message because you are subscribed to the Google Groups
> "Prometheus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/prometheus-users/49b22ab5-97ba-4fcb-9229-837d15c3f80en%40googlegroups.com
> <https://groups.google.com/d/msgid/prometheus-users/49b22ab5-97ba-4fcb-9229-837d15c3f80en%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/CAD%2BLN5ciMe5NJzVJfcMkcDiPpBqRY506E1gnn3ozjp3yy3zbVw%40mail.gmail.com.
