Prometheus client configuration
Command line tools that connect to a Prometheus server can take a file path in
--client.config parameter. This is useful to connect to a Prometheus server
with authentication or self-signed certificates.
The file is written in YAML format, defined by the scheme described below. Brackets indicate that a parameter is optional. For non-list parameters the value is set to the specified default.
Generic placeholders are defined as follows:
<bool>: a boolean that can take the values
<filename>: a valid path in the current working directory
<secret>: a regular string that is a secret, such as a password
<string>: a regular string
The other placeholders are specified separately.
# Sets the `Authorization` header on every request with the # configured username an. # password and password_file are mutually exclusive. basic_auth: [ username: <string> ] [ password: <secret> ] [ password_file: <string> ] # Sets the `Authorization` header on every request with # the configured credentials. authorization: # Sets the authentication type of the request. [ type: <string> | default: Bearer ] # Sets the credentials of the request. It is mutually exclusive with # `credentials_file`. [ credentials: <secret> ] # Sets the credentials of the request with the credentials read from the # configured file. It is mutually exclusive with `credentials`. [ credentials_file: <filename> ] # Optional OAuth 2.0 configuration. # Cannot be used at the same time as basic_auth or authorization. oauth2: [ <oauth2> ] # Configure whether requests follow HTTP 3xx redirects. [ follow_redirects: <boolean> | default = true ] # Whether to enable HTTP2. [ enable_http2: <bool> | default: true ] # Configures the request's TLS settings. tls_config: [ <tls_config> ] # Optional proxy URL. [ proxy_url: <string> ]
tls_config allows configuring TLS connections.
# CA certificate to validate API server certificate with. [ ca_file: <filename> ] # Certificate and key files for client cert authentication to the server. [ cert_file: <filename> ] [ key_file: <filename> ] # ServerName extension to indicate the name of the server. # https://tools.ietf.org/html/rfc4366#section-3.1 [ server_name: <string> ] # Disable validation of the server certificate. [ insecure_skip_verify: <boolean> ] # Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS # 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). # If unset, Prometheus will use Go default minimum version, which is TLS 1.2. # See MinVersion in https://pkg.go.dev/crypto/tls#Config. [ min_version: <string> ]
OAuth 2.0 authentication using the client credentials grant type. Prometheus fetches an access token from the specified endpoint with the given client access and secret keys.
client_id: <string> [ client_secret: <secret> ] # Read the client secret from a file. # It is mutually exclusive with `client_secret`. [ client_secret_file: <filename> ] # Scopes for the token request. scopes: [ - <string> ... ] # The URL to fetch the token from. token_url: <string> # Optional parameters to append to the token URL. endpoint_params: [ <string>: <string> ... ] # Configures the token request's TLS settings. tls_config: [ <tls_config> ] # Optional proxy URL. [ proxy_url: <string> ]