Merge pull request #235 from prometheus/next-release

Merge next-release into master

content/docs/introduction/getting_started.md

@@ -250,7 +250,7 @@ global:
   # scrape_timeout is set to the global default (10s).
 
   # Attach these extra labels to all timeseries collected by this Prometheus instance.
-  labels:
+  external_labels:
     monitor: 'codelab-monitor'
 
 rule_files:

content/docs/operating/configuration.md

@@ -88,13 +88,11 @@ If the targets require authentication, the following options are available:
 
 * `basic_auth` - sets the `Authorization` header on every scrape request with the
 configured username and password.
-* `client_cert` - configures the scrape request to use
-[mutual TLS](https://en.wikipedia.org/wiki/Mutual_authentication) with the
-configured certificate and key.
 * `bearer_token` - sets the `Authorization` header on every scrape request with
 the configured bearer token.
 * `bearer_token_file` - sets the `Authorization` header on every scrape request
 with the bearer token read from the configured file.
+* `tls_config` - configures the scrape request's TLS settings.
 
 See below for the configuration of these authentication options.
 
@@ -141,17 +139,16 @@ basic_auth:
   [ username: <string> ]
   [ password: <string> ]
 
-# Optional client certificate authentication information.
-client_cert:
-  [ cert: /path/to/cert/file ]
-  [ key: /path/to/key/file ]
-
 # Optional bearer token authentication information.
 [ bearer_token: <string> ]
 
 # Optional bearer token file authentication information.
 [ bearer_token_file: /path/to/bearer/token/file ]
 
+# Optional TLS configuration.
+tls_config:
+  [ <tls_config> ]
+
 # List of DNS service discovery configurations.
 dns_sd_configs:
   [ - <dns_sd_config> ... ]
@@ -168,6 +165,10 @@ kubernetes_sd_configs:
 serverset_sd_configs:
   [ - <serverset_sd_config> ... ]
 
+# List of EC2 service discovery configurations.
+ec2_sd_configs:
+  [ - <ec2_sd_config> ... ]
+
 # List of file service discovery configurations.
 file_sd_configs:
   [ - <file_sd_config> ... ]
@@ -190,6 +191,23 @@ Where `<scheme>` may be `http` or `https` and `<path>` is a valid URL path.
 regex `[a-zA-Z_][a-zA-Z0-9_-]`.
 
 
+### TLS configuration `<tls_config>`
+
+A `tls_config` allows configuring TLS connections.
+
+```
+# CA certificate to validate API server certificate with.
+[ ca_file: <filename> ]
+
+# Certificate and key files for client cert authentication to the server.
+[ cert_file: <filename> ]
+[ key_file: <filename> ]
+
+# Disable validation of the server certificate.
+[ insecure_skip_verify: <boolean> ]
+```
+
+
 ### Target groups `<target_group>`
 
 A `target_group` allows specifying a list of targets and a common label set for them.
@@ -244,12 +262,13 @@ Catalog API.
 
 The following meta labels are available on targets during relabeling:
 
-* `__meta_consul_address`: the address of the target 
+* `__meta_consul_address`: the address of the target
 * `__meta_consul_node`: the node name defined for the target
 * `__meta_consul_tags`: the list of tags of the target joined by the tag separator
 * `__meta_consul_service`: the name of the service the target belongs to
-* `__meta_consul_service_address`: the service address of the target 
-* `__meta_consul_service_port`: the service port of the target 
+* `__meta_consul_service_address`: the service address of the target
+* `__meta_consul_service_port`: the service port of the target
+* `__meta_consul_service_id`: the service ID of the target
 * `__meta_consul_dc`: the datacenter name for the target
 
 ```
@@ -318,13 +337,6 @@ masters:
 # token file at /var/run/secrets/kubernetes.io/serviceaccount/ in the pod.
 [ in_cluster: <boolean> ]
 
-# CA certificate to validate API server certificate with. If running in a pod,
-# then it is best to use a service account and set in_cluster to true.
-[ ca_file: <filename> ]
-# Disable validation of the API server certificate. If running in a pod, then it
-# is best to use a service account and set in_cluster to true.
-[ insecure: <boolean> ]
-
 # The kubelet port to scrape metrics from. This will normally be the read-only
 # port of 10255 (default).
 [ kubelet_port: <int> ]
@@ -338,9 +350,10 @@ masters:
 [ username: <string> ]
 [ password: <string> ]
 
-# Certificate and key files for client cert authentication to the API server.
-[ cert_file: <string> ]
-[ key_file: <filename> ]
+# TLS configuration. If running in a pod, then it is best to use a service
+# account and set in_cluster to true.
+tls_config:
+  [ <tls_config> ]
 
 # Retry interval between watches if they disconnect.
 [ retry_interval: <duration> | default = 1s ]
@@ -412,6 +425,43 @@ paths:
 
 Serverset data must be in the JSON format, the Thrift format is not currently supported.
 
+### EC2 SD configurations `<ec2_sd_config>`
+
+CAUTION: EC2 SD is in beta: breaking changes to configuration are still
+likely in future releases.
+
+EC2 SD configurations allow retrieving scrape targets from AWS EC2
+instances. The private IP address is used by default, but my be changed to
+the public IP address with relabeling.
+
+The following meta labels are available on targets during relabeling:
+
+* `__meta_ec2_instance_id`: the EC2 instance ID
+* `__meta_ec2_public_ip`: the public IP address of the instance
+* `__meta_ec2_private_ip`: the private IP address of the instance, if present
+* `__meta_ec2_tag_<tagkey>`: each tag value of the instance
+
+See below for the configuration options for EC2 discovery:
+
+```
+# The information to access the EC2 API.
+
+# The AWS Region.
+region: <string>
+
+# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID`
+# and `AWS_SECRET_ACCESS_KEY` are used.
+[ access_key: <string> ]
+[ secret_key: <string> ]
+
+# Refresh interval to re-read the instance list.
+[ refresh_interval: <duration> | default = 60s ]
+
+# The port to scrape metrics from. If using the public IP address, this must
+# instead be specified in the relabeling rule.
+[ port: <int> | default = 80 ]
+```
+
 ### File-based SD configurations `<file_sd_config>`
 
 File-based service discovery provides a more generic way to configure static targets
@@ -506,7 +556,7 @@ prefix is guaranteed to never be used by Prometheus itself.
 
 `<regex>` is any valid [RE2 regular
 expression](https://github.com/google/re2/wiki/Syntax). It is required for
-the `replace`, `keep`, `drop` and `labelmap` actions.
+the `replace`, `keep`, `drop` and `labelmap` actions. The regex is fully anchored.
 
 `<relabel_action>` determines the relabeling action to take:
 

content/docs/querying/basics.md

@@ -85,7 +85,7 @@ For example, this selects all `http_requests_total` time series for `staging`,
     http_requests_total{environment=~"staging|testing|development",method!="GET"}
 
 Label matchers that match empty label values also select all time series that do
-not have the specific label set at all.
+not have the specific label set at all. Regex-matches are fully anchored.
 
 Vector selectors must either specify a name or at least one label matcher
 that does not match the empty string. The following expression is illegal:

content/docs/querying/functions.md

@@ -269,6 +269,10 @@ expression is to be evaluated.
 `topk(k integer, v instant-vector)` returns the `k` largest elements of `v` by
 sample value.
 
+## `vector()`
+
+`vector(s scalar)` returns the scalar `s` as a vector with no labels.
+
 ## `<aggregation>_over_time()`: Aggregating values over time:
 
 The following functions allow aggregating each series of a given range vector

content/docs/visualization/template_reference.md

@@ -65,8 +65,8 @@ versions.
 | Name          | Arguments     | Returns |    Notes    |
 | ------------- | ------------- | ------- | ----------- |
 | title         | string        | string  | [strings.Title](http://golang.org/pkg/strings/#Title), capitalises first character of each word.|
-| match         | pattern, text | boolean | [regexp.MatchString](http://golang.org/pkg/regexp/#MatchString) Tests for a regexp match. |
-| reReplaceAll  | pattern, replacement, text | string | [Regexp.ReplaceAllString](http://golang.org/pkg/regexp/#Regexp.ReplaceAllString) Regexp substitution. |
+| match         | pattern, text | boolean | [regexp.MatchString](http://golang.org/pkg/regexp/#MatchString) Tests for a unanchored regexp match. |
+| reReplaceAll  | pattern, replacement, text | string | [Regexp.ReplaceAllString](http://golang.org/pkg/regexp/#Regexp.ReplaceAllString) Regexp substitution, unanchored. |
 | graphLink  | expr | string | Returns path to graph view in the [expression browser](/docs/visualization/browser/) for the expression. |
 | tableLink  | expr | string | Returns path to tabular ("Console") view in the [expression browser](/docs/visualization/browser/) for the expression. |