如何将Prometheus consul_sd_configs配置为使用https进行服务 [英] How to configure Prometheus consul_sd_configs to use https for service

问题描述

我们使用Consul Registrator将Consul作为服务注册Docker容器.

We use Consul Registrator to register Docker containers with Consul as services.

我们的prometheus是使用consul_sd_configs配置的，以抓取通过Consul解决的服务列表.

Our prometheus is configured using consul_sd_configs to scrape a list of services resolved via Consul.

最近，部署了一个新的Docker容器，该容器使用带有内部证书的https，而不是纯http.Prometheus仍尝试通过http来访问该服务，但失败，然后将该服务标记为已关闭.

Recently a new Docker container was deployed which uses https with an internal certificate, rather than plain http. Prometheus is still trying to reach the service over http, which fails, and the service is then marked as down.

是否可以将Prometheus配置为将https用于此服务?我们在领事馆或注册处遗漏了什么吗?

Is there any way to config Prometheus to use https for this service? Are we missing something in Consul or Registrator?

我们不能为该服务使用静态配置，因为再次部署时主机和端口可能会更改-该服务分布在多个Docker服务器上.

We cannot use a static config for the service, since the hosts and ports might change when it is deployed again - the service is spread over multiple Docker servers.

推荐答案

您可以借助 relabel_configs &Prometheus配置中的 consul_sd_configs 设置的 tls_config 部分.

You can resolve this with help of relabel_configs & tls_config sections for consul_sd_configs settings in Prometheus configuration.

在以下设置中，如果服务名称是SERVICE_NAME1或SERVICE_NAME2，则使用relabel_configs设置https方案，对于任何其他服务，方案的默认值为http.您还可以使用其他标签来标识需要使用https的服务/实例的列表.

Below settings are using relabel_configs to set https scheme if service name is either SERVICE_NAME1 or SERVICE_NAME2, for any other service, scheme will have default value of http. You can use other labels also to identify list of services/instances where https is required.

  - job_name: 'consul_adapter_1'
    metrics_path: '/actuator/prometheus'

    #This handles Self Signed SSL Issue
    tls_config:
      insecure_skip_verify: true

    consul_sd_configs:
      - server: '<consul host>:<port>'
    relabel_configs:
      - source_labels: [__meta_consul_service]
        regex: (SERVICE_NAME1|SERVICE_NAME2)
        target_label: __scheme__
        replacement: https

这篇关于如何将Prometheus consul_sd_configs配置为使用https进行服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！