Prometheus

BindPlane Prometheus Helm Configuration

When operating BindPlane in a distributed architecture, a shared Prometheus instance is required.

important

🚧 Your Prometheus server must have remote write enabled.

Basic Example

This example will configure BindPlane to connect to the host prometheus.mycorp.net on port 9090.

yaml
1prometheus:
2  enable: true
3  enableSideCar: false
4  host: 'prometheus.mycorp.net'
5  port: 9090

Auth + TLS

This example builds upon the previous example. It adds basic auth and TLS configuration.

This configuration expects that a secret named prometheus-tls exists and has a key, ca.crt, containing the certificate authority that should be used to validate the Prometheus server's certificate.

yaml
1prometheus:
2  enable: true
3  enableSideCar: false
4  host: 'prometheus.mycorp.net'
5  port: 9090
6  auth:
7    type: basic
8    username: admin
9    password: password
10  tls:
11    enable: true
12    insecure: false
13    secret:
14      name: prometheus-tls
15      caSubPath: ca.crt

Mutual TLS

This example builds upon the previous TLS example. It adds the required configuration for client certificate authentication (mutual TLS).

yaml
1prometheus:
2  enable: true
3  enableSideCar: false
4  host: 'prometheus.mycorp.net'
5  port: 9090
6  auth:
7    type: basic
8    username: admin
9    password: password
10  tls:
11    enable: true
12    insecure: false
13    secret:
14      name: prometheus-tls
15      caSubPath: ca.crt
16      crtSubPath: prometheus-client.crt
17      keySubPath: prometheus-client.key