# 可选的“授权”头配置,目前Azure不支持。 authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# 可以的 `Authorization` 请求头配置. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
请注意,用于抓取目标的 IP 号和端口组合为 <__meta_consul_address>:<__meta_consul_service_port>. 但是,在某些 Consul 设置中,相关地址位于__meta_consul_service_address. 在这些情况下,您可以使用重新标记 功能来替换特殊__address__标签。
重新标记阶段是基于任意标签过滤服务或服务节点的首选且更强大的方法。对于拥有数千个服务的用户,直接使用 Consul API 会更有效,它对过滤节点有基本的支持(目前通过节点元数据和单个标签)。
authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The port to scrape metrics from, when `role` is nodes, and for discovered # tasks and services that don't have published ports. [ port: <int> | default = 80 ]
# The host to use if the container is in host networking mode. [ host_networking_host: <string> | default = "localhost" ]
# Optional filters to limit the discovery process to a subset of available # resources. # The available filters are listed in the upstream documentation: # https://docs.docker.com/engine/api/v1.40/#operation/ContainerList [ filters: [ - name: <string> values: <string>, [...] ]
# The time after which the containers are refreshed. [ refresh_interval: <duration> | default = 60s ]
# Authentication information used to authenticate to the Docker daemon. # Note that `basic_auth` and `authorization` options are # mutually exclusive. # password and password_file are mutually exclusive.
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`. role: <string>
# The port to scrape metrics from, when `role` is nodes, and for discovered # tasks and services that don't have published ports. [ port: <int> | default = 80 ]
# Optional filters to limit the discovery process to a subset of available # resources. # The available filters are listed in the upstream documentation: # Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList # Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList # Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList [ filters: [ - name: <string> values: <string>, [...] ]
# The time after which the service discovery data is refreshed. [ refresh_interval: <duration> | default = 60s ]
# Authentication information used to authenticate to the Docker daemon. # Note that `basic_auth` and `authorization` options are # mutually exclusive. # password and password_file are mutually exclusive.
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The AWS region. If blank, the region from the instance metadata is used. [ region: <string> ]
# Custom endpoint to be used. [ endpoint: <string> ]
# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID` # and `AWS_SECRET_ACCESS_KEY` are used. [ access_key: <string> ] [ secret_key: <secret> ] # Named AWS profile used to connect to the API. [ profile: <string> ]
# AWS Role ARN, an alternative to using AWS API keys. [ role_arn: <string> ]
# Refresh interval to re-read the instance list. [ refresh_interval: <duration> | default = 60s ]
# The port to scrape metrics from. If using the public IP address, this must # instead be specified in the relabeling rule. [ port: <int> | default = 80 ]
# Filters can be used optionally to filter the instance list by other criteria. # Available filter criteria can be found here: # https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html # Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html filters: [ - name: <string> values: <string>, [...] ]
重新标记阶段是基于任意标签过滤目标的首选且更强大的方法。对于拥有数千个实例的用户,直接使用支持过滤实例的 EC2 API 会更有效。
openstack_sd_config
OpenStack SD 配置允许从 OpenStack Nova 实例中检索抓取目标。
可以配置以下类型之一来发现目标:
hypervisor
该hypervisor角色为每个 Nova 管理程序节点发现一个目标。目标地址默认为host_ip管理程序的属性。
# The OpenStack role of entities that should be discovered. role: <openstack_role>
# The OpenStack Region. region: <string>
# identity_endpoint specifies the HTTP endpoint that is required to work with # the Identity API of the appropriate version. While it's ultimately needed by # all of the identity services, it will often be populated by a provider-level # function. [ identity_endpoint: <string> ]
# username is required if using Identity V2 API. Consult with your provider's # control panel to discover your account's username. In Identity V3, either # userid or a combination of username and domain_id or domain_name are needed. [ username: <string> ] [ userid: <string> ]
# password for the Identity V2 and V3 APIs. Consult with your provider's # control panel to discover your account's preferred method of authentication. [ password: <secret> ]
# At most one of domain_id and domain_name must be provided if using username # with Identity V3. Otherwise, either are optional. [ domain_name: <string> ] [ domain_id: <string> ]
# The project_id and project_name fields are optional for the Identity V2 API. # Some providers allow you to specify a project_name instead of the project_id. # Some require both. Your provider's authentication policies will determine # how these fields influence authentication. [ project_name: <string> ] [ project_id: <string> ]
# The application_credential_id or application_credential_name fields are # required if using an application credential to authenticate. Some providers # allow you to create an application credential to authenticate rather than a # password. [ application_credential_name: <string> ] [ application_credential_id: <string> ]
# The application_credential_secret field is required if using an application # credential to authenticate. [ application_credential_secret: <secret> ]
# Whether the service discovery should list all instances for all projects. # It is only relevant for the 'instance' role and usually requires admin permissions. [ all_tenants: <boolean> | default: false ]
# Refresh interval to re-read the instance list. [ refresh_interval: <duration> | default = 60s ]
# The port to scrape metrics from. If using the public IP address, this must # instead be specified in the relabeling rule. [ port: <int> | default = 80 ]
# The availability of the endpoint to connect to. Must be one of public, admin or internal. [ availability: <string> | default = "public" ]
# The URL of the PuppetDB root query endpoint. url: <string>
# Puppet Query Language (PQL) query. Only resources are supported. # https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html query: <string>
# Whether to include the parameters as meta labels. # Due to the differences between parameter types and Prometheus labels, # some parameters might not be rendered. The format of the parameters might # also change in future releases. # # Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure # that you don't have secrets exposed as parameters if you enable this. [ include_parameters: <boolean> | default = false ]
# Refresh interval to re-read the resources list. [ refresh_interval: <duration> | default = 60s ]
# The port to scrape metrics from. [ port: <int> | default = 80 ]
# TLS configuration to connect to the PuppetDB. tls_config: [ <tls_config> ]
# basic_auth, authorization, and oauth2, are mutually exclusive.
# `Authorization` HTTP header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials with the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The zone of the scrape targets. If you need multiple zones use multiple # gce_sd_configs. zone: <string>
# Filter can be used optionally to filter the instance list by other criteria # Syntax of this filter string is described here in the filter query parameter section: # https://cloud.google.com/compute/docs/reference/latest/instances/list [ filter: <string> ]
# Refresh interval to re-read the instance list [ refresh_interval: <duration> | default = 60s ]
# The port to scrape metrics from. If using the public IP address, this must # instead be specified in the relabeling rule. [ port: <int> | default = 80 ]
# The tag separator is used to separate the tags on concatenation [ tag_separator: <string> | default = , ]
# The Hetzner role of entities that should be discovered. # One of robot or hcloud. role: <string>
# Authentication information used to authenticate to the API server. # Note that `basic_auth` and `authorization` options are # mutually exclusive. # password and password_file are mutually exclusive.
# Optional HTTP basic authentication information, required when role is robot # Role hcloud does not support basic auth. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration, required when role is # hcloud. Role robot does not support bearer token authentication. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# URL from which the targets are fetched. url: <string>
# Refresh interval to re-query the endpoint. [ refresh_interval: <duration> | default = 60s ]
# Authentication information used to authenticate to the API server. # Note that `basic_auth`, `authorization` and `oauth2` options are # mutually exclusive. # `password` and `password_file` are mutually exclusive.
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# The API server addresses. If left empty, Prometheus is assumed to run inside # of the cluster and will discover API servers automatically and use the pod's # CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. [ api_server: <host> ]
# The Kubernetes role of entities that should be discovered. # One of endpoints, endpointslice, service, pod, node, or ingress. role: <string>
# Optional path to a kubeconfig file. # Note that api_server and kube_config are mutually exclusive. [ kubeconfig_file: <filename> ]
# Optional authentication information used to authenticate to the API server. # Note that `basic_auth` and `authorization` options are mutually exclusive. # password and password_file are mutually exclusive.
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# Optional namespace discovery. If omitted, all namespaces are used. namespaces: own_namespace: <boolean> names: [ - <string> ]
# Optional label and field selectors to limit the discovery process to a subset of available resources. # See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/ # and https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ to learn more about the possible # filters that can be used. Endpoints role supports pod, service and endpoints selectors, other roles # only support selectors matching the role itself (e.g. node role can only contain node selectors).
# Note: When making decision about using field/label selector make sure that this # is the best approach - it will prevent Prometheus from reusing single list/watch # for all scrape configs. This might result in a bigger load on the Kubernetes API, # because per each selector combination there will be additional LIST/WATCH. On the other hand, # if you just want to monitor small subset of pods in large cluster it's recommended to use selectors. # Decision, if selectors should be used or not depends on the particular situation. [ selectors: [ - role: <string> [ label: <string> ] [ field: <string> ] ]]
# Address of the Kuma Control Plane's MADS xDS server. server: <string>
# The time to wait between polling update requests. [ refresh_interval: <duration> | default = 30s ]
# The time after which the monitoring assignments are refreshed. [ fetch_timeout: <duration> | default = 2m ]
# Optional proxy URL. [ proxy_url: <string> ]
# TLS configuration. tls_config: [ <tls_config> ]
# Authentication information used to authenticate to the Docker daemon. # Note that `basic_auth` and `authorization` options are # mutually exclusive. # password and password_file are mutually exclusive.
# Optional the `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials with the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The AWS region. If blank, the region from the instance metadata is used. [ region: <string> ]
# Custom endpoint to be used. [ endpoint: <string> ]
# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID` # and `AWS_SECRET_ACCESS_KEY` are used. [ access_key: <string> ] [ secret_key: <secret> ] # Named AWS profile used to connect to the API. [ profile: <string> ]
# AWS Role ARN, an alternative to using AWS API keys. [ role_arn: <string> ]
# Refresh interval to re-read the instance list. [ refresh_interval: <duration> | default = 60s ]
# The port to scrape metrics from. If using the public IP address, this must # instead be specified in the relabeling rule. [ port: <int> | default = 80 ]
# Authentication information used to authenticate to the API server. # Note that `basic_auth` and `authorization` options are # mutually exclusive. # password and password_file are mutually exclusive. # Note: Linode APIv4 Token must be created with scopes: 'linodes:read_only', 'ips:read_only', and 'events:read_only'
# Optional HTTP basic authentication information, not currently supported by Linode APIv4. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional the `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials with the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# Optional authentication information for token-based authentication # https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token # It is mutually exclusive with `auth_token_file` and other authentication mechanisms. [ auth_token: <secret> ]
# Optional authentication information for token-based authentication # https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token # It is mutually exclusive with `auth_token` and other authentication mechanisms. [ auth_token_file: <filename> ]
# Sets the `Authorization` header on every request with the # configured username and password. # This is mutually exclusive with other authentication mechanisms. # password and password_file are mutually exclusive. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration. # NOTE: The current version of DC/OS marathon (v1.11.0) does not support # standard `Authentication` header, use `auth_token` or `auth_token_file` # instead. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The Zookeeper servers. servers: - <host> # Paths can point to a single service, or the root of a tree of services. paths: - <string> [ timeout: <duration> | default = 10s ]
# The Zookeeper servers. servers: - <host> # Paths can point to a single serverset, or the root of a tree of serversets. paths: - <string> [ timeout: <duration> | default = 10s ]
# The information to access the Triton discovery API.
# The account to use for discovering new targets. account: <string>
# The type of targets to discover, can be set to: # * "container" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton # * "cn" to discover compute nodes (servers/global zones) making up the Triton infrastructure [ role : <string> | default = "container" ]
# The DNS suffix which should be applied to target. dns_suffix: <string>
# The Triton discovery endpoint (e.g. 'cmon.us-east-3b.triton.zone'). This is # often the same value as dns_suffix. endpoint: <string>
# A list of groups for which targets are retrieved, only supported when `role` == `container`. # If omitted all containers owned by the requesting account are scraped. groups: [ - <string> ... ]
# The port to use for discovery and metric scraping. [ port: <int> | default = 9163 ]
# The interval which should be used for refreshing targets. [ refresh_interval: <duration> | default = 60s ]
# The Triton discovery API version. [ version: <int> | default = 1 ]
# The URL to connect to the Eureka server. server: <string>
# Sets the `Authorization` header on every request with the # configured username and password. # password and password_file are mutually exclusive. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# Access key to use. https://console.scaleway.com/project/credentials access_key: <string>
# Secret key to use when listing targets. https://console.scaleway.com/project/credentials # It is mutually exclusive with `secret_key_file`. [ secret_key: <secret> ]
# Sets the secret key with the credentials read from the configured file. # It is mutually exclusive with `secret_key`. [ secret_key_file: <filename> ]
# Project ID of the targets. project_id: <string>
# Role of the targets to retrieve. Must be `instance` or `baremetal`. role: <string>
# The port to scrape metrics from. [ port: <int> | default = 80 ]
# API URL to use when doing the server listing requests. [ api_url: <string> | default = "https://api.scaleway.com" ]
# Zone is the availability zone of your targets (e.g. fr-par-1). [ zone: <string> | default = fr-par-1 ]
# NameFilter specify a name filter (works as a LIKE) to apply on the server listing request. [ name_filter: <string> ]
# TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request. tags_filter: [ - <string> ]
# Refresh interval to re-read the targets list. [ refresh_interval: <duration> | default = 60s ]
# The URL to connect to the Uyuni server. server: <string>
# Credentials are used to authenticate the requests to Uyuni API. username: <string> password: <secret>
# The entitlement string to filter eligible systems. [ entitlement: <string> | default = monitoring_entitled ]
# The string by which Uyuni group names are joined into the groups label. [ separator: <string> | default = , ]
# Refresh interval to re-read the managed targets list. [ refresh_interval: <duration> | default = 60s ]
# Optional HTTP basic authentication information, currently not supported by Uyuni. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration, currently not supported by Uyuni. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration, currently not supported by Uyuni. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The source labels select values from existing labels. Their content is concatenated # using the configured separator and matched against the configured regular expression # for the replace, keep, and drop actions. [ source_labels: '[' <labelname> [, ...] ']' ]
# Label to which the resulting value is written in a replace action. # It is mandatory for replace actions. Regex capture groups are available. [ target_label: <labelname> ]
# Regular expression against which the extracted value is matched. [ regex: <regex> | default = (.*) ]
# Modulus to take of the hash of the source label values. [ modulus: <int> ]
# Replacement value against which a regex replace is performed if the # regular expression matches. Regex capture groups are available. [ replacement: <string> | default = $1 ]
# Action to perform based on regex matching. [ action: <relabel_action> | default = replace ]
# The api version of Alertmanager. [ api_version: <string> | default = v2 ]
# Prefix for the HTTP path alerts are pushed to. [ path_prefix: <path> | default = / ]
# Configures the protocol scheme used for requests. [ scheme: <scheme> | default = http ]
# Sets the `Authorization` header on every request with the # configured username and password. # password and password_file are mutually exclusive. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# The URL of the endpoint to send samples to. url: <string>
# Timeout for requests to the remote write endpoint. [ remote_timeout: <duration> | default = 30s ]
# Custom HTTP headers to be sent along with each remote write request. # Be aware that headers that are set by Prometheus itself can't be overwritten. headers: [ <string>: <string> ... ]
# List of remote write relabel configurations. write_relabel_configs: [ - <relabel_config> ... ]
# Name of the remote write config, which if specified must be unique among remote write configs. # The name will be used in metrics and logging in place of a generated value to help users distinguish between # remote write configs. [ name: <string> ]
# Enables sending of exemplars over remote write. Note that exemplar storage itself must be enabled for exemplars to be scraped in the first place. [ send_exemplars: <boolean> | default = false ]
# Sets the `Authorization` header on every remote write request with the # configured username and password. # password and password_file are mutually exclusive. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optionally configures AWS's Signature Verification 4 signing process to # sign requests. Cannot be set at the same time as basic_auth, authorization, or oauth2. # To use the default credentials from the AWS SDK, use `sigv4: {}`. sigv4: # The AWS region. If blank, the region from the default credentials chain # is used. [ region: <string> ]
# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID` # and `AWS_SECRET_ACCESS_KEY` are used. [ access_key: <string> ] [ secret_key: <secret> ]
# Named AWS profile used to authenticate. [ profile: <string> ]
# AWS Role ARN, an alternative to using AWS API keys. [ role_arn: <string> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth, authorization, or sigv4. oauth2: [ <oauth2> ]
# Configures the queue used to write to remote storage. queue_config: # Number of samples to buffer per shard before we block reading of more # samples from the WAL. It is recommended to have enough capacity in each # shard to buffer several requests to keep throughput up while processing # occasional slow remote requests. [ capacity: <int> | default = 2500 ] # Maximum number of shards, i.e. amount of concurrency. [ max_shards: <int> | default = 200 ] # Minimum number of shards, i.e. amount of concurrency. [ min_shards: <int> | default = 1 ] # Maximum number of samples per send. [ max_samples_per_send: <int> | default = 500] # Maximum time a sample will wait in buffer. [ batch_send_deadline: <duration> | default = 5s ] # Initial retry delay. Gets doubled for every retry. [ min_backoff: <duration> | default = 30ms ] # Maximum retry delay. [ max_backoff: <duration> | default = 5s ] # Retry upon receiving a 429 status code from the remote-write storage. # This is experimental and might change in the future. [ retry_on_http_429: <boolean> | default = false ]
# Configures the sending of series metadata to remote storage. # Metadata configuration is subject to change at any point # or be removed in future releases. metadata_config: # Whether metric metadata is sent to remote storage or not. [ send: <boolean> | default = true ] # How frequently metric metadata is sent to remote storage. [ send_interval: <duration> | default = 1m ] # Maximum number of samples per send. [ max_samples_per_send: <int> | default = 500]
# The URL of the endpoint to query from. url: <string>
# Name of the remote read config, which if specified must be unique among remote read configs. # The name will be used in metrics and logging in place of a generated value to help users distinguish between # remote read configs. [ name: <string> ]
# An optional list of equality matchers which have to be # present in a selector to query the remote read endpoint. required_matchers: [ <labelname>: <labelvalue> ... ]
# Timeout for requests to the remote read endpoint. [ remote_timeout: <duration> | default = 1m ]
# Custom HTTP headers to be sent along with each remote read request. # Be aware that headers that are set by Prometheus itself can't be overwritten. headers: [ <string>: <string> ... ]
# Whether reads should be made for queries for time ranges that # the local storage should have complete data for. [ read_recent: <boolean> | default = false ]
# Sets the `Authorization` header on every remote read request with the # configured username and password. # password and password_file are mutually exclusive. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ]
# Optional `Authorization` header configuration. authorization: # Sets the authentication type. [ type: <string> | default: Bearer ] # Sets the credentials. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials to the credentials read from the configured file. # It is mutually exclusive with `credentials`. [ credentials_file: <filename> ]
# Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ]
# Configures the maximum size of the circular buffer used to store exemplars for all series. Resizable during runtime. [ max_exemplars: <int> | default = 100000 ]