Reputation: 3367
Secure grafana with prometheus datasource all over LDAP
I have a problem securing the prometheus datasource for grafana.
When I started I thought that the datasource plugin for grafana has a backend component that forwards requests to the prometheus server.
What I actually see is that the client (browser) directly contacts the prometheus resource. This is a big problem in my configuration because
- I have to serve a public interface to the prometheus datasource.
- I only have the chance to use basic auth with a technical user.
So my questions are:
- Is there a way to hide the prometheus datasource from public (via grafana backend?)?
- Is there a way to use the grafana LDAP-user with the prometheus datasource (the datasource could be protected by nginx or whatever)?
This could be a main reason to use a completely other monitoring stack.
Upvotes: 0
Views: 936
Answers (1)
Reputation: 34142
Is there a way to hide the prometheus datasource from public (via grafana backend?)?
Select Proxy mode rather than Direct when configuring the data source.
Is there a way to use the grafana LDAP-user with the prometheus datasource
Grafana only supports basic auth for this. I would imagine that monitoring systems that support LDAP for authorization are rare, so would advise working with this.
Upvotes: 1
Related Questions
- Grafana: Datasource (Prometheus ) query 403
- how to get outside cluster Grafana authentication to get metrics from Prometheus/Thanos
- How to export Grafana datasource with basic auth details and import it again?
- How to create grafana configmap for datasources?
- Issues with adding Prometheus as a datasource to Grafana
- Grafana is not able to get Prometheus metrics although Prometheus Datasource is validated successfully
- Grafana add Prometheus datasource, no access option
- grafana use ldap on windows grafana server
- Datasource Authentication via Routes for Grafana Datasource Plugin
- Securing Prometheus with user id and password