Scraping in endpoint with auth basic prometheus GKE | C2C Community
Solved

Scraping in endpoint with auth basic prometheus GKE

  • 5 October 2022
  • 9 replies
  • 187 views

Userlevel 3

Hello.

I'm trying to capture a prometheus endpoint but the site needs basic authentication with username and password for the collection to be done at /metrics/prometheus.

I found some information at this link: https://github.com/GoogleCloudPlatform/prometheus-engine/blob/v0.4.3-gke.0/doc/api.md#scrapeendpoint

The information above was still not enough for a successful collection.

Below is the podmonitoring configuration I performed to test:

apiVersion: monitoring.googleapis.com/v1
kind: PodMonitoring
metadata:
name: demo-prometheus
labels:
app.kubernetes.io/name: demo-prometheus
spec:
selector:
matchLabels:
app: demo-prometheus
endpoints:
- port: metrics-demo
path: /actuator/prometheus/
params:
headers:
authorization:
type: 'Basic'
credentials: 'bqwWFdsanaXM1Om00ZzFfsaSAWzNSo='
interval: 5s

I believe there are two errors, one is the bad formatting of yaml and the other error is possibly the parameters passed are not correct, the file that explains how the collection should be mounted does not make it clear how to pass the parameters.

By postman passing the authorization the data is returned correctly.
 

 

I appreciate the help.

icon

Best answer by Julio_Costa 6 October 2022, 17:36

View original

9 replies

Userlevel 7
Badge +65

Hi @Julio_Costa

thanks for your post.

@Vick, @seijimanoan can you help us here? 🤔

Userlevel 7
Badge +29

Olá Júlio, tudo bem? 😎

 

Let me also tag @yuval in case he can help. Yuval, do you think you could shed some light here?

 

Also, @Julio_Costa , I can see you have been around but I noticed you haven’t posted an introduction of yourself. It would be really nice to see your introduction in the C2C Lounge using this template, so that we and the members of this community could get to know you a bit better! :)


Good afternoon from Greece! 😎

Userlevel 6
Badge +11

Hey there 😃

Well, I took a look at documentation and I have found no reference for HTTP Header from v0.4.3-gke.0 and v0.5.0 versions.

@Julio_Costa The params works for HTTP GET parameters as said

HTTP GET params to use when scraping.

i.e. It should be like ?page=1&items=10 (for map).

 

Ps. I noticed it doesn’t have all the options as shown in Prometheus Operator doc. So I think it has some differences between monitoring.coreos.com/v1 and monitoring.googleapis.com/v1 sources.

Userlevel 3

Hi @seijimanoan,

Thanks for the answer,I also didn't find anything in the API documentation that refers to headers in podmonitoring.
Userlevel 7
Badge +12

Thanks @seijimanoan for providing solutions 

Userlevel 6
Badge +11

@Vick thanks

@Julio_Costa By the way, why would you need that authorization layer in a private network? Is not a private network?

Userlevel 3

@seijimanoan 

Because it's a public endpoint.
Userlevel 3
As I didn't find a way to do it via podmonitoring, I'll configure 2 ports in the container, one for application and another for monitoring, I just expose the application port to the internet, the management port via only accessible within the VCP so I can disable authentication at the /metrics/prometheus endpoint
Where did I get the idea to solve my problem.https://docs.spring.io/spring-boot/docs/1.3.5.RELEASE/reference/html/production-ready-monitoring.html
I thank the help of all you.
 
Userlevel 7
Badge +12
As I didn't find a way to do it via podmonitoring, I'll configure 2 ports in the container, one for application and another for monitoring, I just expose the application port to the internet, the management port via only accessible within the VCP so I can disable authentication at the /metrics/prometheus endpoint
Where did I get the idea to solve my problem.https://docs.spring.io/spring-boot/docs/1.3.5.RELEASE/reference/html/production-ready-monitoring.html
I thank the help of all you.
 

@Julio_Costa excellent 👏👏👏

Reply