使用 LDAP 上的普罗米修斯数据源保护 grafana
[英]Secure grafana with prometheus datasource all over LDAP
问题描述
I have a problem securing the prometheus datasource for grafana .
我在保护 grafana 的 prometheus 数据源时遇到问题。
When I started I thought that the datasource plugin for grafana has a backend component that forwards requests to the prometheus server.当我开始时,我认为 grafana 的数据源插件有一个后端组件,可以将请求转发到 prometheus 服务器。
What I actually see is that the client (browser) directly contacts the prometheus resource.我实际看到的是客户端(浏览器)直接联系prometheus资源。 This is a big problem in my configuration because这是我的配置中的一个大问题,因为
- I have to serve a public interface to the prometheus datasource.我必须为 prometheus 数据源提供一个公共接口。
- I only have the chance to use basic auth with a technical user.我只有机会与技术用户一起使用基本身份验证。
So my questions are:所以我的问题是:
- Is there a way to hide the prometheus datasource from public (via grafana backend?)?有没有办法向公众隐藏普罗米修斯数据源(通过 grafana 后端?)?
- Is there a way to use the grafana LDAP-user with the prometheus datasource (the datasource could be protected by nginx or whatever)?有没有办法将 grafana LDAP-user 与 prometheus 数据源一起使用(数据源可以由 nginx 或其他什么保护)?
This could be a main reason to use a completely other monitoring stack.这可能是使用完全不同的监控堆栈的主要原因。
1 个解决方案
解决方案1
1 已采纳 2017-12-01 09:04:37
Is there a way to hide the prometheus datasource from public (via grafana backend?)?
Select Proxy mode rather than Direct when configuring the data source.配置数据源时选择代理模式而不是直接模式。
Is there a way to use the grafana LDAP-user with the prometheus datasource
Grafana only supports basic auth for this. Grafana 为此仅支持基本身份验证。 I would imagine that monitoring systems that support LDAP for authorization are rare, so would advise working with this.我想支持 LDAP 授权的监控系统很少见,所以建议使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.