Skip to content

Commit 37da3fe

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #273331 from rashmichandrashekar/rashmi/basic-auth
Update instructions for basic auth
2 parents 543ac9f + f108bf7 commit 37da3fe

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

articles/azure-monitor/containers/prometheus-metrics-scrape-configuration.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -506,6 +506,44 @@ To read more on TLS authentication, the following documents might be helpful.
506506
- Generating TLS certificates -> https://o11y.eu/blog/prometheus-server-tls/
507507
- Configurations -> https://prometheus.io/docs/alerting/latest/configuration/#tls_config
508508

509+
### Basic Authentication
510+
If you are using `basic_auth` setting in your prometheus configuration, please follow the steps -
511+
1. Create a secret in the **kube-system** namespace named **ama-metrics-mtls-secret**
512+
513+
514+
The value for password1 is **base64encoded**
515+
The key *password1* can be anything, but just needs to match your scrapeconfig *password_file* filepath.
516+
517+
```yaml
518+
apiVersion: v1
519+
kind: Secret
520+
metadata:
521+
name: ama-metrics-mtls-secret
522+
namespace: kube-system
523+
type: Opaque
524+
data:
525+
password1: <base64-encoded-string>
526+
```
527+
528+
2. In the configmap for the custom scrape configuration use the following setting -
529+
```yaml
530+
basic_auth:
531+
username: admin
532+
password_file: /etc/prometheus/certs/password1
533+
534+
```
535+
536+
> [!NOTE]
537+
>
538+
> Make sure the name is **ama-metrics-mtls-secret** and it is in **kube-system** namespace.
539+
>
540+
> The **/etc/prometheus/certs/** path is mandatory, but *password1* can be any string and needs to match the key for the data in the secret created above.
541+
This is because the secret **ama-metrics-mtls-secret** is mounted in the path **/etc/prometheus/certs/** within the container.
542+
>
543+
> The base64 encoded value is automatically decoded by the agent pods when the secret is mounted as file.
544+
>
545+
> Any other configuration setting for authorization that is considered as a secret in the [prometheus configuration](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) needs to use the file setting alternative instead as described above.
546+
509547
## Next steps
510548

511549
[Setup Alerts on Prometheus metrics](./container-insights-metric-alerts.md)<br>

0 commit comments

Comments
 (0)