now i'am getting this : failed to get basic auth password: unable to get secret \"\": resource name may not be empty"
Le lun. 29 janv. 2024 à 15:13, Siradj Eddine Fisli < [email protected]> a écrit : > --- > $ htpasswd -c auth prometheus > > $ kubectl create secret generic basic-auth --from-file=auth > > apiVersion: v1 > data: > auth: XXXXXXXXXXXXX== > kind: Secret > metadata: > name: basic-auth > namespace: monitoring > type: Opaque > > ---- > ingress: > enabled: true > annotations: > nginx.ingress.kubernetes.io/auth-type: basic > nginx.ingress.kubernetes.io/auth-secret: basic-auth > > agentprom side: > > remoteWrite: > - url: https://endpoint.com > basicAuth: > username: > name: basic-auth > key: auth > > now when i enter the endpoint using browser it asks for the username and > password, but i see this in prometheus-agent logs: > > url=https://endpoint.com msg="non-recoverable error" count=417 > exemplarCount=0 err="server returned HTTP status 401 Unauthorized: <html>" > > Le lun. 29 janv. 2024 à 15:10, 'Brian Candler' via Prometheus Users < > [email protected]> a écrit : > >> See >> https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write >> >> There are settings for "authorization", "basic_auth" and "tls_config >> <https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config>" >> that can be used to enable authentication to the remote_write endpoint. >> >> On Monday 29 January 2024 at 12:35:00 UTC Siradj Eddine Fisli wrote: >> >>> Actually i am using ingress-nginx to expose prometheus endpoint , shall >>> i use nginx controller auth ? but what should i pass as argument to >>> remote_write ? >>> >>> >>> Le lundi 29 janvier 2024 à 12:24:32 UTC+1, Brian Candler a écrit : >>> >>>> Using --web.config-file you can make Prometheus require HTTP Basic >>>> Authentication (basic_auth_users) or TLS client certificate >>>> authentication (client_auth_type, client_ca_file, client_allowed_sans). >>>> >>>> See: >>>> https://prometheus.io/docs/prometheus/latest/configuration/https/#https-and-authentication >>>> >>>> If you want this to happen only for certain endpoints like >>>> remote_write, then you'll need to bind prometheus to 127.0.0.1 and run a >>>> reverse proxy in front of it with whatever authorization policy you want. >>>> >>>> On Monday 29 January 2024 at 10:45:12 UTC Siradj Eddine Fisli wrote: >>>> >>>>> I have two prometheus instances , one is in agent mode remote writing >>>>> metrics to the second one, i want to add authentication mechanism, also i >>>>> am using kube-prometheus-stack. is there any solution ? >>>>> also prometheus is accessible via https, i configured that using >>>>> cert-manager and letsencrypt. >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "Prometheus Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/prometheus-users/49b22ab5-97ba-4fcb-9229-837d15c3f80en%40googlegroups.com >> <https://groups.google.com/d/msgid/prometheus-users/49b22ab5-97ba-4fcb-9229-837d15c3f80en%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/CAD%2BLN5dpDg%3D6iXHq91Kb%2BNggvwd061_Mz9HNjAN0gCtWqbnKbg%40mail.gmail.com.
