Promtool の HTTP 設定
Promtool は、Prometheus の検証、デバッグ、クエリ、単体テスト、tsdb 管理、データプッシュ、および実験的な PromQL 編集をサポートする多機能な CLI ツールです。
Prometheus は基本的な認証と TLS をサポートしています。promtool は Prometheus に接続する必要があるため、認証情報を提供する必要があります。これらの認証情報を指定するには、Prometheus と通信する必要のあるすべてのリクエストに対して --http.config.file を使用します。たとえば、ローカルの Prometheus サーバーが正常かどうかを確認したい場合は、次のように使用します。
promtool check healthy --url=https://:9090 --http.config.file=http-config-file.ymlファイルは YAML 形式 で記述されており、以下に説明するスキーマで定義されています。角括弧は、パラメータがオプションであることを示します。リストではないパラメータについては、指定されたデフォルト値が使用されます。
ファイルは、HTTP リクエストごとに読み込まれるため、設定や証明書の変更はすぐに反映されます。
一般的なプレースホルダは次のように定義されます
<bool>:trueまたはfalseの値をとるブール値<filename>: 有効なファイルパス<secret>: パスワードなどの秘密の通常の文字列<string>: 通常の文字列
有効なサンプルファイルは こちら で見つけることができます。
# Note that `basic_auth` and `authorization` options are mutually exclusive.
# Sets the `Authorization` header with the configured username and password.
# `username_ref` and `password_ref`refer to the name of the secret within the secret manager.
# `password`, `password_file` and `password_ref` are mutually exclusive.
basic_auth:
[ username: <string> ]
[ username_file: <filename> ]
[ username_ref: <string> ]
[ password: <secret> ]
[ password_file: <string> ]
[ password_ref: <string> ]
# Optional the `Authorization` header configuration.
authorization:
# Sets the authentication type.
[ type: <string> | default: Bearer ]
# Sets the credentials. It is mutually exclusive with
# `credentials_file`.
[ credentials: <secret> ]
# Sets the credentials with the credentials read from the configured file.
# It is mutually exclusive with `credentials`.
[ credentials_file: <filename> ]
[ credentials_ref: <string> ]
# Optional OAuth 2.0 configuration.
# Cannot be used at the same time as basic_auth or authorization.
oauth2:
[ <oauth2> ]
tls_config:
[ <tls_config> ]
[ follow_redirects: <bool> | default: true ]
# Whether to enable HTTP2.
[ enable_http2: <bool> | default: true ]
# Optional proxy URL.
[ proxy_url: <string> ]
# Comma-separated string that can contain IPs, CIDR notation, domain names
# that should be excluded from proxying. IP and domain names can
# contain port numbers.
[ no_proxy: <string> ]
[ proxy_from_environment: <bool> ]
[ proxy_connect_header:
[ <string>: [ <secret>, ... ] ] ]
# `http_headers` specifies a set of headers that will be injected into each request.
http_headers:
[ <string>: <header> ]<oauth2>
クライアント資格情報グラントタイプを使用した OAuth 2.0 認証。
# `client_id` and `client_secret` are used to authenticate your
# application with the authorization server in order to get
# an access token.
# `client_secret`, `client_secret_file` and `client_secret_ref` are mutually exclusive.
client_id: <string>
[ client_secret: <secret> ]
[ client_secret_file: <filename> ]
[ client_secret_ref: <string> ]
# `scopes` specify the reason for the resource access.
scopes:
[ - <string> ...]
# The URL to fetch the token from.
token_url: <string>
# Optional parameters to append to the token URL.
[ endpoint_params:
<string>: <string> ... ]
# Configures the token request's TLS settings.
tls_config:
[ <tls_config> ]
# Optional proxy URL.
[ proxy_url: <string> ]
# Comma-separated string that can contain IPs, CIDR notation, domain names
# that should be excluded from proxying. IP and domain names can
# contain port numbers.
[ no_proxy: <string> ]
[ proxy_from_environment: <bool> ]
[ proxy_connect_header:
[ <string>: [ <secret>, ... ] ] ]<tls_config>
# For the following configurations, use either `ca`, `cert` and `key` or `ca_file`, `cert_file` and `key_file` or use `ca_ref`, `cert_ref` or `key_ref`.
# Text of the CA certificate to use for the server.
[ ca: <string> ]
# CA certificate to validate the server certificate with.
[ ca_file: <filename> ]
# `ca_ref` is the name of the secret within the secret manager to use as the CA cert.
[ ca_ref: <string> ]
# Text of the client cert file for the server.
[ cert: <string> ]
# Certificate file for client certificate authentication.
[ cert_file: <filename> ]
# `cert_ref` is the name of the secret within the secret manager to use as the client certificate.
[ cert_ref: <string> ]
# Text of the client key file for the server.
[ key: <secret> ]
# Key file for client certificate authentication.
[ key_file: <filename> ]
# `key_ref` is the name of the secret within the secret manager to use as the client key.
[ key_ref: <string> ]
# ServerName extension to indicate the name of the server.
# http://tools.ietf.org/html/rfc4366#section-3.1
[ server_name: <string> ]
# Disable validation of the server certificate.
[ insecure_skip_verify: <bool> ]
# Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS
# 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3).
# If unset, promtool will use Go default minimum version, which is TLS 1.2.
# See MinVersion in https://pkg.go.dev/crypto/tls#Config.
[ min_version: <string> ]
# Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS
# 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3).
# If unset, promtool will use Go default maximum version, which is TLS 1.3.
# See MaxVersion in https://pkg.go.dev/crypto/tls#Config.
[ max_version: <string> ]<header>
header は、単一の HTTP ヘッダーの設定を表します。
[ values:
[ - <string> ... ] ]
[ secrets:
[ - <secret> ... ] ]
[ files:
[ - <filename> ... ] ]