Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alexander_Wilke
Advisor

Custom http Header for Export and HTTPS without authentication (Grafana Mimir Prometheus)

Hello,

I deployed Grafana Mimir which is a scalable Prometheus solution with multi Tenancy Support .

 

To send metrics via Skyline to Mimir in Prometheus Format I have 2 Features I need.

 

1. TLS encrypted Connection but without any authentication. No Basic auth, No Client cert. Only unautheticated but TLS encrypted Traffic.

2. I need to add at least one Custom Header named "X-Scope-OrgId" which is the Indikator for Grafana Mimir to Route These metrics to the correct tenant.

 

https://grafana.com/docs/mimir/latest/manage/secure/authentication-and-authorization/

 

At the moment I send all Skyline metrics to a Prometheus Server and then do remote_write to Grafana Mimir encrypted, without authentication and I add my Custom X-Scope-OrgId http Header.

 

 

Is it possible with the latest Version to add a http Header and If yes how to do it?

 

Same for TLS without any authentication.

 

Regards

 

 

 

 

0 Kudos
5 Replies
Elad_Chomsky
Employee
Employee

Hi @Alexander_Wilke ,

You can use the following payload template to use a custom header instead of basic authentication. 

{
  "enabled": true,
  "export-targets": {
    "add/remove": [
      {
        "client-auth": {
          "token": {
            "custom-header": {
              "key": "Header",
              "value": "Value"
            }
          }
        },
        "enabled": false,
        "server-auth": {
          "ca-public-key": {
            "type": "PEM-X509",
            "value": "-----BEGIN CERTIFICATE-----BASE64TEXTHERE-----END CERTIFICATE-----"
          }
        },
        "type": "prometheus-remote-write",
        "url": "https://example.com/api/v1/write"
      }
    ]
  }
}

 

0 Kudos
Alexander_Wilke
Advisor

Hello @Elad_Chomsky ,

thanks you for your reply. I will give this a try. As an additional question, can this payload be extended bei Basic_Auth username and password? So Username/Password (BasicAuth), TLS and Custom-Header?

0 Kudos
Elad_Chomsky
Employee
Employee

Hi @Alexander_Wilke , 

For now it is an exclusive list - so it is only possible to use one, you can open an official RFE request for CheckPoint, and we will try to see how we include it as part of our roadmap. 

0 Kudos
ww1m6
Explorer

Did it work ? 

0 Kudos
Alexander_Wilke
Advisor

No, it did not work for me.

 

I need "Basic Auth" + "TLS" + "Custom Headers" (for Grafana Mimir as Prometheus replacement.). Or best option would be to do a variation of these options. Basic Auth (on/off), TLS (on/off/verify/skip_tls_verify), "Custom Header(s) / Custom values" e.g. (X-Scope-OrgID:"tenant01|tenant02"

 

And as @Elad_Chomsky said it is exclusive - basic auth OR custom header - however it does not seem to work in the needed combination.

 

I asked my Presales to open an RfE for that but not sure if he did already and which progress the RfE has.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events