Prometheus Authentication in File

zespri · November 8, 2019, 9:44am

I did not get around looking into this, but my gut feeling that this should be fairly straightforward. Is there anything in particualr you are having troubles with?

I will repeat, rephrase what I said earlier and what you read in the documentation. You put both static and dynamic configuration in the same file, this is not going to work. Dynamic configuration comes from a provider and you need to use file provider since you do not use docker kubernetes.

Examine your config. Establish which part is static and which is dynamic using the documnetation. Put each in it's own file as per documentation. Make sure that you reference your dynamic condifuration from the provider line in your static one. Provide static one to the traefik in one of the four ways descirbed on one of the pages I linked above.

That should do.

ldez · November 12, 2019, 11:45pm

FYI, in the next release (v2.1), we will add prometheus@internal, take a look to this PR https://github.com/containous/traefik/pull/5815

I hope you will enjoy.

Rob · November 13, 2019, 7:45am

Oh wow! This is exactly what I was looking for. Thanks a lot for making this happen. I already gave up the hope to get this fixed with Traefik!

Thanks again!

Rob · November 20, 2019, 8:46am

Today i've tried the v2.1 RC2 release. The prometheus@internal part does work now, but it still does not allow me to add any authentication. For clarity: i'm trying to enable basic auth on the prometheus@internal service just like I have on the api@internal service (this DOES work). Please see my config attached:

global:
  checkNewVersion: true

serversTransport:
  insecureSkipVerify: true

entryPoints:
  traefik:
    address: :8082
  https:
    address: :443
  metrics:
    address: :8083

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /certs/servercert.pem
        keyFile: /certs/serverkey.pem

providers:
  providersThrottleDuration: 2s
  file:
    filename: "/etc/traefik/traefik.yml"

api:
  dashboard: true

metrics:
  prometheus:
    entryPoint: metrics
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

log:
  level: WARN
  format: json
  filePath: "/logs/traefik.log.json"
accessLog:
  format: json
  filePath: "/logs/accessLogs.log.json"

http:
  routers:
    api:
      rule: PathPrefix(`/`)
      service: api@internal
      entryPoints:
      - traefik
      middlewares:
      - apiAuth
      - compress
    metrics:
      rule: PathPrefix(`/metrics`)
      service: prometheus@internal
      entryPoints:
      - metrics
      middlewares:
      - metricsAuth

  middlewares:
    apiAuth:
      basicAuth:
        users:
          - "admin:ENCRYPTEDPASSWORD"
    metricsAuth:
      basicAuth:
        users:
          - "prometheus:ENCRYPTEDPASSWORD"
    compress:
      compress: {}

Do you have any idea what i'm doing wrong?

ldez · November 20, 2019, 8:56am

You have to replace metrics.prometheus.entryPoint by metrics.prometheus.manualRouting

https://docs.traefik.io/v2.1/observability/metrics/prometheus/#manualrouting

# static configuration

global:
  checkNewVersion: true

serversTransport:
  insecureSkipVerify: true

entryPoints:
  traefik:
    address: :8082
  https:
    address: :443
  metrics:
    address: :8083

providers:
  providersThrottleDuration: 2s
  file:
    filename: "/etc/traefik/traefik.yml"

api:
  dashboard: true

metrics:
  prometheus:
    manualRouting: true
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

log:
  level: WARN
  format: json
  filePath: "/logs/traefik.log.json"

accessLog:
  format: json
  filePath: "/logs/accessLogs.log.json"

---

## dynaminc configuration
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /certs/servercert.pem
        keyFile: /certs/serverkey.pem

http:
  routers:
    api:
      rule: PathPrefix(`/`)
      service: api@internal
      entryPoints:
      - traefik
      middlewares:
      - apiAuth
      - compress
    metrics:
      rule: PathPrefix(`/metrics`)
      service: prometheus@internal
      entryPoints:
      - metrics
      middlewares:
      - metricsAuth

  middlewares:
    apiAuth:
      basicAuth:
        users:
          - "admin:ENCRYPTEDPASSWORD"
    metricsAuth:
      basicAuth:
        users:
          - "prometheus:ENCRYPTEDPASSWORD"
    compress:
      compress: {}

Rob · November 20, 2019, 10:42pm

Perfect! That did the trick!

Thank you!

Topic		Replies	Views
Prometheus not showing metrics of the services in the file provider Traefik v2 metrics	0	1024	July 17, 2020
Metrics with prometheus is not working Traefik v2 docker , file , metrics	3	2547	October 2, 2020
Metrics in Traefik V2 with Prometheus Traefik v2 docker , docker-swarm , metrics	1	3673	November 5, 2019
Missing backend metrics Traefik v2 metrics	6	3290	April 28, 2020
Prometheus metrics routing issue Traefik v2 docker , metrics	0	1406	July 28, 2020

Prometheus Authentication in File

Related topics