我正在kube-prometheus-stack使用 Helm 進行安裝,并且正在向 Prometheus 添加一些需要身份驗證的客戶抓取配置。我需要在檔案中傳遞和basic_auth傳遞。usernamepasswordvalues.yaml
問題是我需要將values.yaml檔案提交到 repo,所以我想知道如何在值檔案上設定用戶名和密碼,可能來自 Kubernetes 中的秘密或其他方式?
prometheus:
prometheusSpec:
additionalScrapeConfigs:
- job_name: myjob
scrape_interval: 20s
metrics_path: /metrics
static_configs:
- targets:
- myservice.default.svc.cluster.local:80
basic_auth:
username: prometheus
password: prom123456
uj5u.com熱心網友回復:
Scrape config支持指定password_file引數,因此您可以將自己的 secret 掛載到 volumes 和 volumemMounts 中:
免責宣告,我自己沒有測驗過,沒有使用 kube-prometheus-stack,但我想這樣的東西應該可以作業:
prometheus:
prometheusSpec:
additionalScrapeConfigs:
- job_name: myjob
scrape_interval: 20s
metrics_path: /metrics
static_configs:
- targets:
- myservice.default.svc.cluster.local:80
basic_auth:
password_file: /etc/scrape_passwordfile
# Additional volumes on the output StatefulSet definition.
volumes:
- name: scrape_passwordfile
secret:
secretName: scrape_passwordfile
optional: false
# Additional VolumeMounts on the output StatefulSet definition.
volumeMounts:
- name: scrape_passwordfile
mountPath: "/etc/scrape_passwordfile"
另一種選擇是放棄additionalScrapeConfigs并使用additionalScrapeConfigsSecret將整個配置存盤在秘密中
## If additional scrape configurations are already deployed in a single secret file you can use this section.
## Expected values are the secret name and key
## Cannot be used with additionalScrapeConfigs
additionalScrapeConfigsSecret: {}
# enabled: false
# name:
# key:
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/466444.html
標籤:Kubernetes 普罗米修斯 kubernetes-helm
