topic Re: Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus) in OpenTelemetry/Skyline

Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Alexander_Wilke — Sun, 24 Mar 2024 11:44:32 GMT

Hello,

I deployed Grafana Mimir which is a scalable Prometheus solution with multi Tenancy Support .

To send metrics via Skyline to Mimir in Prometheus Format I have 2 Features I need.

1. TLS encrypted Connection but without any authentication. No Basic auth, No Client cert. Only unautheticated but TLS encrypted Traffic.

2. I need to add at least one Custom Header named "X-Scope-OrgId" which is the Indikator for Grafana Mimir to Route These metrics to the correct tenant.

https://grafana.com/docs/mimir/latest/manage/secure/authentication-and-authorization/

At the moment I send all Skyline metrics to a Prometheus Server and then do remote_write to Grafana Mimir encrypted, without authentication and I add my Custom X-Scope-OrgId http Header.

Is it possible with the latest Version to add a http Header and If yes how to do it?

Same for TLS without any authentication.

Regards

Re: Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Elad_Chomsky — Sun, 24 Mar 2024 18:14:03 GMT

Hi @Alexander_Wilke ,

You can use the following payload template to use a custom header instead of basic authentication.

{
  "enabled": true,
  "export-targets": {
    "add/remove": [
      {
        "client-auth": {
          "token": {
            "custom-header": {
              "key": "Header",
              "value": "Value"
            }
          }
        },
        "enabled": false,
        "server-auth": {
          "ca-public-key": {
            "type": "PEM-X509",
            "value": "-----BEGIN CERTIFICATE-----BASE64TEXTHERE-----END CERTIFICATE-----"
          }
        },
        "type": "prometheus-remote-write",
        "url": "https://example.com/api/v1/write"
      }
    ]
  }
}

Re: Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Alexander_Wilke — Mon, 25 Mar 2024 06:53:49 GMT

Hello @Elad_Chomsky ,

thanks you for your reply. I will give this a try. As an additional question, can this payload be extended bei Basic_Auth username and password? So Username/Password (BasicAuth), TLS and Custom-Header?

Re: Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Elad_Chomsky — Mon, 25 Mar 2024 09:24:59 GMT

Hi @Alexander_Wilke ,

For now it is an exclusive list - so it is only possible to use one, you can open an official RFE request for CheckPoint, and we will try to see how we include it as part of our roadmap.

Re: Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

ww1m6 — Mon, 05 Aug 2024 09:29:35 GMT

Did it work ?

Re: Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Alexander_Wilke — Mon, 16 Sep 2024 06:41:56 GMT

No, it did not work for me.

I need "Basic Auth" + "TLS" + "Custom Headers" (for Grafana Mimir as Prometheus replacement.). Or best option would be to do a variation of these options. Basic Auth (on/off), TLS (on/off/verify/skip_tls_verify), "Custom Header(s) / Custom values" e.g. (X-Scope-OrgID:"tenant01|tenant02"

And as @Elad_Chomsky said it is exclusive - basic auth OR custom header - however it does not seem to work in the needed combination.

I asked my Presales to open an RfE for that but not sure if he did already and which progress the RfE has.