Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add environment variables to all cli flags #63

Merged
merged 2 commits into from
Jun 23, 2023
Merged

Add environment variables to all cli flags #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
efc6c62
Add environment variables to all cli flags
derlin Jun 23, 2023
ad03089
Rename prometheus endpoint envVar
derlin Jun 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,27 @@ instance, configure the auth proxy configuration and run it.
### Run it

```bash
$ prometheus-multi-tenant-proxy run --prometheus-endpoint http://localhost:9090 --port 9091 --auth-config ./my-auth-config.yaml --reload-interval=5 --unprotected-endpoints /-/healthy,/-/ready
$ prometheus-multi-tenant-proxy run \
--prometheus-endpoint http://localhost:9090 \
--port 9091 \
--auth-config ./my-auth-config.yaml \
--reload-interval=5 \
--unprotected-endpoints /-/healthy,/-/ready
```

Where:
Available arguments // environment variables to the `run` command:

- `--port`: Port used to expose this proxy.
- `--prometheus-endpoint`: URL of your Prometheus instance.
- `--reload-interval`: Interval in minutes to reload the auth config file.
- `--unprotected-endpoints`: Comma separated list of endpoints that do not require authentication.
- `--auth-type`: Type of authentication to use, one of `basic`, `jwt`
- `--auth-config`: Authentication configuration.
- `--port` // `PROM_PROXY_PORT`: Port used to expose this proxy.
- `--prometheus-endpoint` // `PROM_PROXY_PROMETHEUS_ENDPOINT`: URL of your Prometheus instance.
- `--reload-interval` // `PROM_PROXY_RELOAD_INTERVAL`: Interval in minutes to reload the auth config file.
- `--unprotected-endpoints` // `PROM_PROXY_UNPROTECTED_ENDPOINTS`: Comma separated list of endpoints that do not require authentication.
- `--auth-type` // `PROM_PROXY_AUTH_TYPE`: Type of authentication to use, one of `basic`, `jwt`
- `--auth-config` // `PROM_PROXY_AUTH_CONFIG`: Authentication configuration.
* for `basic` authentication: path to a configuration file following the *Authn structure*
* for `jwt` authentication: either a path or an URL to a json containing a *Json Web Keys Set (JWKS)*
- `--aws` // `PROM_PROXY_USE_AWS`: See below.

Use `prometheus-multi-tenant-proxy run --help` for more information.

#### Configure the proxy for basic authentication

Expand Down
45 changes: 26 additions & 19 deletions cmd/prometheus-multi-tenant-proxy/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ var (
)

func main() {
envPrefix := "PROM_PROXY_"
app := cli.NewApp()
app.Name = "Prometheus multi-tenant proxy"
app.Usage = "Makes your Prometheus server multi tenant"
Expand All @@ -29,34 +30,40 @@ func main() {
Action: proxy.Serve,
Flags: []cli.Flag{
&cli.IntFlag{
Name: "port",
Usage: "Port to expose this prometheus proxy",
Value: 9092,
Name: "port",
Usage: "Port to expose this prometheus proxy",
Value: 9092,
EnvVars: []string{envPrefix + "PORT"},
}, &cli.StringFlag{
Name: "prometheus-endpoint",
Usage: "Prometheus server endpoint",
Value: "http://localhost:9091",
Name: "prometheus-endpoint",
Usage: "Prometheus server endpoint",
Value: "http://localhost:9091",
EnvVars: []string{envPrefix + "PROMETHEUS_ENDPOINT"},
}, &cli.StringSliceFlag{
Name: "unprotected-endpoints",
Usage: "Unprotected endpoints (mostly for live/readiness probes)",
Value: cli.NewStringSlice("/-/healthy", "/-/ready"),
Name: "unprotected-endpoints",
Usage: "Unprotected endpoints (mostly for live/readiness probes)",
Value: cli.NewStringSlice("/-/healthy", "/-/ready"),
EnvVars: []string{envPrefix + "UNPROTECTED_ENDPOINTS"},
}, &cli.StringFlag{
Name: "auth-type",
Usage: "Auth mechanism: one of 'basic' or 'jwt'",
Value: "basic",
Name: "auth-type",
Usage: "Auth mechanism: one of 'basic' or 'jwt'",
Value: "basic",
EnvVars: []string{envPrefix + "AUTH_TYPE"},
}, &cli.StringFlag{
Name: "auth-config",
Usage: "AuthN yaml configuration file path (basic auth) or jwks file path/url (jwt auth)",
Value: "authn.yaml",
Name: "auth-config",
Usage: "AuthN yaml configuration file path (basic auth) or jwks file path/url (jwt auth)",
Value: "authn.yaml",
EnvVars: []string{envPrefix + "AUTH_CONFIG"},
}, &cli.IntFlag{
Name: "reload-interval",
Usage: "Interval time to reload the configuration (minutes)",
Value: 5,
Name: "reload-interval",
Usage: "Interval time to reload the configuration (minutes)",
Value: 5,
EnvVars: []string{envPrefix + "RELOAD_INTERVAL"},
}, &cli.BoolFlag{
Name: "aws",
Value: false,
Usage: "If true, sign the request using AWS credentials",
EnvVars: []string{"PROM_PROXY_USE_AWS"},
EnvVars: []string{envPrefix + "USE_AWS"},
},
},
},
Expand Down