Prometheus logo

Prometheus

文档下载社区支持与培训博客

Ctrl + K

GitHub Logo

promtool 的 HTTP 配置

Promtool 是一个功能丰富的 Prometheus 命令行工具,支持验证、调试、查询、单元测试、tsdb 管理、推送数据以及实验性的 PromQL 编辑。

Prometheus 支持基本身份验证和 TLS。由于 promtool 需要连接到 Prometheus,我们需要提供身份验证详细信息。要指定这些身份验证详细信息,请对所有需要与 Prometheus 通信的请求使用 --http.config.file。例如,如果您想检查本地 Prometheus 服务器是否健康,您可以使用:

promtool check healthy --url=https://:9090 --http.config.file=http-config-file.yml

该文件以 YAML 格式 编写,其结构由下面描述的模式定义。括号表示参数是可选的。对于非列表参数,其值将设置为指定的默认值。

该文件在每次 HTTP 请求时都会被读取,因此对配置和证书的任何更改都会立即生效。

通用占位符定义如下

  • <bool>: 一个布尔值,可以是 truefalse
  • <filename>: 一个有效的文件路径
  • <secret>: 一个普通字符串,是秘密信息,如密码
  • <string>: 一个普通字符串

可以在此处找到一个有效的文件示例。

# Note that `basic_auth` and `authorization` options are mutually exclusive.

# Sets the `Authorization` header with the configured username and password.
# `username_ref` and `password_ref`refer to the name of the secret within the secret manager.
# `password`, `password_file` and `password_ref` are mutually exclusive.
basic_auth:
  [ username: <string> ]
  [ username_file: <filename> ]
  [ username_ref: <string> ]
  [ password: <secret> ]
  [ password_file: <string> ]
  [ password_ref: <string> ]

# Optional the `Authorization` header configuration.
authorization:
  # Sets the authentication type.
  [ type: <string> | default: Bearer ]
  # Sets the credentials. It is mutually exclusive with
  # `credentials_file`.
  [ credentials: <secret> ]
  # Sets the credentials with the credentials read from the configured file.
  # It is mutually exclusive with `credentials`.
  [ credentials_file: <filename> ]
  [ credentials_ref: <string> ]

# Optional OAuth 2.0 configuration.
# Cannot be used at the same time as basic_auth or authorization.
oauth2:
  [ <oauth2> ]

tls_config:
  [ <tls_config> ]

[ follow_redirects: <bool> | default: true ]

# Whether to enable HTTP2.
[ enable_http2: <bool> | default: true ]

# Optional proxy URL.
[ proxy_url: <string> ]
# Comma-separated string that can contain IPs, CIDR notation, domain names
# that should be excluded from proxying. IP and domain names can
# contain port numbers.
[ no_proxy: <string> ]
[ proxy_from_environment: <bool> ]
[ proxy_connect_header:
  [ <string>: [ <secret>, ... ] ] ]

# `http_headers` specifies a set of headers that will be injected into each request.
http_headers:
  [ <string>: <header> ]

<oauth2>

使用客户端凭据授权类型的 OAuth 2.0 身份验证。

# `client_id` and `client_secret` are used to authenticate your
# application with the authorization server in order to get
# an access token.
# `client_secret`, `client_secret_file` and `client_secret_ref` are mutually exclusive.
client_id: <string>
[ client_secret: <secret> ]
[ client_secret_file: <filename> ]
[ client_secret_ref: <string> ]

# `scopes` specify the reason for the resource access.
scopes:
  [ - <string> ...]

# The URL to fetch the token from.
token_url: <string>

# Optional parameters to append to the token URL.
[ endpoint_params:
    <string>: <string> ... ]

# Configures the token request's TLS settings.
tls_config:
  [ <tls_config> ]

# Optional proxy URL.
[ proxy_url: <string> ]
# Comma-separated string that can contain IPs, CIDR notation, domain names
# that should be excluded from proxying. IP and domain names can
# contain port numbers.
[ no_proxy: <string> ]
[ proxy_from_environment: <bool> ]
[ proxy_connect_header:
  [ <string>: [ <secret>, ... ] ] ]

<tls_config>

# For the following configurations, use either `ca`, `cert` and `key` or `ca_file`, `cert_file` and `key_file` or use `ca_ref`, `cert_ref` or `key_ref`.
# Text of the CA certificate to use for the server.
[ ca: <string> ]
# CA certificate to validate the server certificate with.
[ ca_file: <filename> ]
# `ca_ref` is the name of the secret within the secret manager to use as the CA cert.
[ ca_ref: <string> ]

# Text of the client cert file for the server.
[ cert: <string> ]
# Certificate file for client certificate authentication.
[ cert_file: <filename> ]
# `cert_ref` is the name of the secret within the secret manager to use as the client certificate.
[ cert_ref: <string> ]

# Text of the client key file for the server.
[ key: <secret> ]
# Key file for client certificate authentication.
[ key_file: <filename> ]
# `key_ref` is the name of the secret within the secret manager to use as the client key.
[ key_ref: <string> ]

# ServerName extension to indicate the name of the server.
# http://tools.ietf.org/html/rfc4366#section-3.1
[ server_name: <string> ]

# Disable validation of the server certificate.
[ insecure_skip_verify: <bool> ]

# Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS
# 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3).
# If unset, promtool will use Go default minimum version, which is TLS 1.2.
# See MinVersion in https://pkg.go.dev/crypto/tls#Config.
[ min_version: <string> ]
# Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS
# 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3).
# If unset, promtool will use Go default maximum version, which is TLS 1.3.
# See MaxVersion in https://pkg.go.dev/crypto/tls#Config.
[ max_version: <string> ]

header 代表单个 HTTP 头的配置。

[ values:
  [ - <string> ... ] ]

[ secrets:
  [ - <secret> ... ] ]

[ files:
  [ - <filename> ... ] ]

本页内容