Reputation: 1
How to add bearer token for prometheus job
I have started working on the Prometheus for my microservices. I was able to achieve it initially. Now, it's time to push the actuator endpoint under the spring security. After adding the security actuator is expecting the bearer token from the Prometheus. So, how to configure the username and password in the Prometheus job so that Prometheus will get the bearer token from the login and add it as the 'Authorization' in the header for all the requests.
I'm running the Prometheus in the docker container using the commands below
1. $ docker run --name prometheus -p 9090:9090 -v prometheus.yml:/etc/prometheus/prometheus.yml -d prom/prometheus
2. $ docker run --name grafana -d -p 3000:3000 grafana/grafana
Following is the prometheus.yml file
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any time series scraped from this config.
- job_name: 'prometheus'
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ['127.0.0.1:9090']
- job_name: 'NL-APPLICATION'
metrics_path: '/actuator/prometheus'
scrape_interval: 5s
scheme: http
static_configs:
- targets: ['172.17.0.1:8085']
- job_name: 'NL-ADMIN-API'
metrics_path: '/actuator/prometheus'
scrape_interval: 5s
static_configs:
- targets: ['172.17.0.1:8083']
How to Instruct Prometheus to do as follow
- API call to '/login' get the Bearer token using username and password
- Add the Bearer token as the 'Authorization' as a header in all actuator API call
Upvotes: 0
Views: 18670
Answers (2)
Reputation: 982
Quite late to respond but based on the document, you need to add the bearer token [using the http_config][1]
- job_name: 'test'
metrics_path: "/metrics"
scheme: "http"
authorization:
type: Bearer
credentials: <your-secret>
credentials_file: <file-location-of-your-secret>
static_configs:
- targets: ['host.com']
Either credentials or credentials_file should be provided.
[1]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_config
Upvotes: 0
Reputation: 39
You can either specify the path to a file containing the bearer_token or add the token directly to the config
- job_name: 'test'
metrics_path: "/metrics"
scheme: "http"
bearer_token_file: /var/run/secrets/secret OR bearer_token: token_here
static_configs:
- targets: ['host.com']
Upvotes: 3
Related Questions
- prometheus config file. Each target has diffrent bearer_token
- Use Bearer Access Token in Spring 6 Server
- How to call an api that needs a bearer token in java?
- How to add the OAuth 2.0 bearer token to WebClient
- How to push docker image in artifactory with token authentication via Jenkins?
- "INVALID" is not a valid start token
- Spring Boot Keycloak - How to verify Bearer token?
- How to solve "INVALID" is not a valid start token in Prometheus
- Securing Spring Boot 2 Actuator Prometheus End Points
- INVALID is not a valid start token