Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
D
docs
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
docs
Commits
400708df
Commit
400708df
authored
Sep 23, 2015
by
Matt Jibson
Committed by
Julius Volz
Oct 09, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Correct TLS configuration
parent
1d8daeac
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
26 additions
and
18 deletions
+26
-18
configuration.md
content/docs/operating/configuration.md
+26
-18
No files found.
content/docs/operating/configuration.md
View file @
400708df
...
...
@@ -88,13 +88,11 @@ If the targets require authentication, the following options are available:
*
`basic_auth`
- sets the
`Authorization`
header on every scrape request with the
configured username and password.
*
`client_cert`
- configures the scrape request to use
[
mutual TLS
](
https://en.wikipedia.org/wiki/Mutual_authentication
)
with the
configured certificate and key.
*
`bearer_token`
- sets the
`Authorization`
header on every scrape request with
the configured bearer token.
*
`bearer_token_file`
- sets the
`Authorization`
header on every scrape request
with the bearer token read from the configured file.
*
`tls_config`
- configures the scrape request's TLS settings.
See below for the configuration of these authentication options.
...
...
@@ -141,17 +139,16 @@ basic_auth:
[ username: <string> ]
[ password: <string> ]
# Optional client certificate authentication information.
client_cert:
[ cert: /path/to/cert/file ]
[ key: /path/to/key/file ]
# Optional bearer token authentication information.
[ bearer_token: <string> ]
# Optional bearer token file authentication information.
[ bearer_token_file: /path/to/bearer/token/file ]
# Optional TLS configuration.
tls_config:
[ <tls_config> ]
# List of DNS service discovery configurations.
dns_sd_configs:
[ - <dns_sd_config> ... ]
...
...
@@ -190,6 +187,23 @@ Where `<scheme>` may be `http` or `https` and `<path>` is a valid URL path.
regex
`[a-zA-Z_][a-zA-Z0-9_-]`
.
### TLS configuration `<tls_config>`
A
`tls_config`
allows configuring TLS connections.
```
# CA certificate to validate API server certificate with.
[ ca_file: <filename> ]
# Certificate and key files for client cert authentication to the server.
[ cert_file: <filename> ]
[ key_file: <filename> ]
# Disable validation of the server certificate.
[ insecure_skip_verify: <boolean> ]
```
### Target groups `<target_group>`
A
`target_group`
allows specifying a list of targets and a common label set for them.
...
...
@@ -319,13 +333,6 @@ masters:
# token file at /var/run/secrets/kubernetes.io/serviceaccount/ in the pod.
[ in_cluster: <boolean> ]
# CA certificate to validate API server certificate with. If running in a pod,
# then it is best to use a service account and set in_cluster to true.
[ ca_file: <filename> ]
# Disable validation of the API server certificate. If running in a pod, then it
# is best to use a service account and set in_cluster to true.
[ insecure: <boolean> ]
# The kubelet port to scrape metrics from. This will normally be the read-only
# port of 10255 (default).
[ kubelet_port: <int> ]
...
...
@@ -339,9 +346,10 @@ masters:
[ username: <string> ]
[ password: <string> ]
# Certificate and key files for client cert authentication to the API server.
[ cert_file: <string> ]
[ key_file: <filename> ]
# TLS configuration. If running in a pod, then it is best to use a service
# account and set in_cluster to true.
tls_config:
[ <tls_config> ]
# Retry interval between watches if they disconnect.
[ retry_interval: <duration> | default = 1s ]
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment