๐Ÿ“—
smiley book
  • Smiley Books
  • AI
    • Readme
    • openai-whisper
      • ์ƒ˜ํ”Œ ์‹คํ–‰ํ•ด๋ณด๊ธฐ
      • GPU ์„œ๋ฒ„ ์ค€๋น„ํ•˜๊ธฐ
      • API๋กœ whisper๋ฅผ ์™ธ๋ถ€์— ์˜คํ”ˆํ•˜๊ธฐ
      • ํ”„๋กฌํ”„ํŠธ ์ง€์›
      • ์‹ค์‹œ๊ฐ„ message chat
      • ํ™”๋ฉด ์ด์˜๊ฒŒ ๋งŒ๋“ค๊ธฐ์™€ ๋กœ๊ทธ์ธ
      • ํŒŒ์ด์ฌ ๊ฐ€์ƒํ™˜๊ฒฝ
      • ์‹ค์‹œ๊ฐ„ voice chat
      • fine tunning(๋ฏธ์„ธ ์กฐ์ •) ์œผ๋กœ ์„ฑ๋Šฅ ์˜ฌ๋ฆฌ๊ธฐ
      • app์—์„œ api๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ์‹ค์‹œ๊ฐ„์œผ๋กœ ํ…์ŠคํŠธ๋กœ ๋ฐ”๊ฟ”๋ณด๊ธฐ
    • ollama - llm์„ ์‰ฝ๊ฒŒ ๋‚ด์ปด์—์„œ ์‹คํ–‰
      • ollama webui
      • ollama docker
    • stable diffusion
      • SDXL - text to image
      • SD-webui
    • ChatGPT
      • ๋‹ต๋ณ€์ด ๋Š๊ธธ๋•Œ
      • ์—ญํ• ์„ ์ •ํ•˜์ž
      • ๊ตฌ์ฒด์ ์ธ ์งˆ๋ฌธ
      • ๊ฒฐ๊ณผํ˜•ํƒœ๋ฅผ ์ง€์ •
      • ํ”„๋กฌํ”„ํŠธ๋ฅผ ์—ฌ๋Ÿฌ์ค„๋กœ ์‚ฌ์šฉํ•˜์ž.
      • ๋งˆํ‹ด ํŒŒ์šธ๋Ÿฌ ๊ธ€ ๋ฒˆ์—ญ๋ณธ
    • Prompt Engineering
    • Auto-GPT
    • Gemini
      • google ai studio
      • gemini-api
      • embedding guide
    • Huggingface
      • huggingface ์‚ฌ์šฉ๋ฒ•
      • huggingface nlp ๊ณต๋ถ€์ค‘
    • kaggle
      • download dataset
    • langchain
      • langchain์„ ๊ณต๋ถ€ํ•˜๋ฉฐ ์ •๋ฆฌ
      • basic
      • slackbot
      • rag
      • document-loader
      • website-loader
      • confluence
      • memory
      • function-call
      • langsmith
      • agent-toolkit
  • Ansible
    • templates vs files and jinja2
    • dynamic inventory
    • limit ์˜ต์…˜ ๊ฐ•์ œํ•˜๊ธฐ
    • limit ์‚ฌ์šฉํ›„ gather_fact ๋ฌธ์ œ
  • AWS
    • AWS CLI
    • EKS
      • cluster manage
      • ALB Controller
      • external-dns
      • fargate
    • ECR
    • S3
    • Certificate Manager
  • Azure
    • Azure AD OAuth Client Flow
  • Container
    • Registry
    • ๋นŒ๋“œ์‹œ์— env๊ฐ’ ์„ค์ •ํ•˜๊ธฐ
  • DB
    • PXC
      • Operator
      • PMM
      • ์‚ญ์ œ
      • GTID
      • Cross Site Replication
    • Mssql
    • Mysql
  • dotnet
    • Thread Pool
    • Connection Pool
    • Thread Pool2
  • Devops
    • Recommendation
  • GIT
    • Basic
    • Submodule
  • GitHub
    • Repository
    • GitHub Action
    • GitHub PR
    • Self Hosted Runner
    • GitHub Webhook
  • GitLab
    • CI/CD
    • CI/CD Advance
    • Ssl renew
    • CI/CD Pass env to other job
  • Go Lang
    • ๊ฐœ๋ฐœ ํ™˜๊ฒฝ ๊ตฌ์ถ•
    • multi os binary build
    • kubectl๊ฐ™์€ cli๋งŒ๋“ค๊ธฐ
    • azure ad cli
    • embed static file
    • go study
      • pointer
      • module and package
      • string
      • struct
      • goroutine
  • Kubernetes
    • Kubernetes๋Š” ๋ฌด์—‡์ธ๊ฐ€
    • Tools
    • Install with kubespray
    • Kubernetes hardening guidance
    • 11 ways not to get hacked
    • ArgoCD
      • Install
      • CLI
      • Repository
      • Apps
      • AWS ALB ์‚ฌ์šฉ
      • Notification slack
      • Backup / DR
      • Ingress
      • 2021-11-16 Github error
      • Server Config
      • auth0 ์ธ์ฆ ์ถ”๊ฐ€(oauth,OIDC)
    • Extension
      • Longhorn pvc
      • External dns
      • Ingress nginx
      • Cert Manager
      • Kube prometheus
    • Helm
      • Subchart
      • Tip
    • Loki
    • Persistent Volume
    • TIP
      • Job
      • Pod
      • Log
  • KAFKA
    • raft
  • KVM
    • kvm cpu model
  • Linux
    • DNS Bind9
      • Cert-Manager
      • Certbot
      • Dynamic Update
      • Log
    • Export and variable
    • Grep ์‚ฌ์šฉ๋ฒ•
  • Modeling
    • C4 model introduce
    • Mermaid
    • reference
  • Monitoring
    • Readme
    • 0. What is Monitoring
    • 1. install prometheus and grafana
    • 2. grafana provisioning
    • 3. grafana dashboard
    • 4. grafana portable dashboard
    • 5. prometheus ui
    • 6. prometheus oauth2
    • Prometheus
      • Metric type
      • basic
      • rate vs irate
      • k8s-prometheus
    • Grafana
      • Expolorer
    • Node Exporter
      • advance
      • textfile collector
  • Motivation
    • 3 Simple Rule
  • OPENNEBULA
    • Install(ansible)
    • Install
    • Tip
    • Windows vm
  • Reading
    • comfort zone
    • ๋ฐฐ๋ ค
    • elon musk 6 rule for insane productivity
    • Feynman Technique
    • how to interview - elon musk
    • ๊ฒฝ์ฒญ
    • Readme
  • Redis
    • Install
    • Master-slave Architecture
    • Sentinel
    • Redis Cluster
    • Client programming c#
  • SEO
    • Readme
  • Security
    • criminalip.io
      • criminalip.io
  • Stock
    • robinhood-python
  • Terraform
    • moved block
    • output
  • vault
    • Readme
  • VS Code
    • dev container
    • dev container on remote server
  • Old fashione trend
    • curity
    • MAAS
      • Install maas
      • Manage maas
      • Tip
Powered by GitBook
On this page
  • flow diagram
  • auth0.com
  • oauth2_proxy
  • create OAUTH2_PROXY_COOKIE_SECRET
  • docker-compose
  • nginx config
  • ํ™•์ธ
  • error

Was this helpful?

  1. Monitoring

6. prometheus oauth2

Previous5. prometheus uiNextPrometheus

Last updated 1 year ago

Was this helpful?

prometheus๊ฐ€ ์ธ์ฆ์—†์ด ์ ‘๊ทผ์ด ๊ฐ€๋Šฅํ•˜๋‹ค. ์™ธ๋ถ€์— ์˜คํ”ˆํ•˜๋ฉด ์•ˆ๋˜๊ธฐ๋•Œ๋ฌธ์— ์ธ์ฆ์„ ๋„ฃ์–ด์•ผํ•œ๋‹ค.

basic์œผ๋กœ ์ฒ˜๋ฆฌ๋„ ๊ฐ€๋Šฅํ•˜๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ๋‚œ oauth2๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ๋กœ ๊ฒฐ์ •

oauth2๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” oauth2_proxy๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ prometheus์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋„๋ก ํ•ด์•ผ ํ•œ๋‹ค.

flow diagram

nginx proxy๊ฐ€ ํŠธ๋ž˜ํ”ฝ์„ oauth2-proxy ๋กœ ๋ณด๋‚ธ๋‹ค. ๋กœ๊ทธ์ธ์ •๋ณด๊ฐ€ ์—†์œผ๋ฉด ๋กœ๊ทธ์ธ ํ™”๋ฉด์„ ๋ณด์—ฌ์ค€๋‹ค. ๋กœ๊ทธ์ธ ๋ฒ„ํŠผ์„ ๋ˆ„๋ฅด๋ฉด auth0.com์œผ๋กœ ๊ฐ€์„œ ๋กœ๊ทธ์ธ์„ ํ•œํ›„ ๋‹ค์‹œ oauth2-proxy๋กœ ๋Œ์•„์˜จ๋‹ค. ์ด์ œ ๋กœ๊ทธ์ธ์ด ์„ฑ๊ณตํ•˜์˜€์œผ๋ฏ€๋กœ oauth2-proxy๋Š” ํŠธ๋ž˜ํ”ฝ์„ prometheus๋กœ ๋ณด๋‚ธ๋‹ค.

nginx์—์„œ๋Š” ssl์„ ์ถ”๊ฐ€ํ•ด๋‘๊ธฐ ๋ฐ”๋ž€๋‹ค.

auth0.com

์•ฑ์„๋งŒ๋“ค๊ณ  callback url์„ ์„ค์ •ํ•œ๋‹ค.

secret/clientid๋ฅผ ์ ์–ด๋‘”๋‹ค.

oauth2_proxy

create OAUTH2_PROXY_COOKIE_SECRET

dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_'; echo

์ด๊ฑธ ์•„๋ž˜ ํŒŒ์ผ์— ๋„ฃ๋Š”๋‹ค.

docker-compose

version: '3'

services:
  nginx:
    image: nginx:1.23.3-alpine
    container_name: nginx
    depends_on:
      - prometheus
      - grafana
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./nginx:/etc/nginx/conf.d
      - /etc/letsencrypt:/etc/letsencrypt
    restart: always

  oauth2-proxy:
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
    container_name: oauth2-proxy
    environment:
      OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
      OAUTH2_PROXY_UPSTREAMS: http://prometheus:9090
      OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: Auth0
      OAUTH2_PROXY_PROVIDER: oidc
      OAUTH2_PROXY_OIDC_ISSUER_URL: https://yourdomain.us.auth0.com/
      OAUTH2_PROXY_CLIENT_ID: xxxxxxxxxxxx
      OAUTH2_PROXY_CLIENT_SECRET: xxxxxxxxxxxx
      OAUTH2_PROXY_CODE_CHALLENGE_METHOD: S256
      OAUTH2_PROXY_EMAIL_DOMAINS: '*'
      OAUTH2_PROXY_REDIRECT_URL: https://prom.your-domain.com/oauth2/callback
      OAUTH2_PROXY_COOKIE_SECRET: 'xxxxxxxxxx'
    ports:
      - 4180:4180

  prometheus:
    image: prom/prometheus:v2.40.7
    container_name: prometheus
    ports:
      - '9090:9090'
    volumes:
      - ./prometheus/prometheus.yaml:/etc/prometheus/prometheus.yaml
      - ./prometheus/k8s:/etc/prometheus/k8s
      - ./prometheus/alerts:/etc/prometheus/alerts
      - ./prometheus/file-sd:/etc/prometheus/file-sd
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yaml'
    depends_on:
      - alertmanager
    restart: always
volumes:
  prometheus_data:

nginx config

server {
  server_name prom.your-domain.com;
  listen 443 ssl;
  ssl_certificate     /etc/letsencrypt/live/your-domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

  location / {
    proxy_pass http://oauth2-proxy:4180;
  }
}

ํ™•์ธ

docker-compose up -d

signin์„ ๋ˆ„๋ฅด๋ฉด auth0์—์„œ ๋กœ๊ทธ์ธ์„ ํ•˜๊ณ  ๋‹ค์‹œ prometheus๋กœ ๋Œ์•„์˜จ๋‹ค.

์ด์ œ prometheusํ™”๋ฉด์ด ๋ณด์ธ๋‹ค.

error

๋งŒ์•ฝ ๋‹ค์Œ ํ™”๋ฉด์„ ๋ณด๊ฒŒ ๋œ๋‹ค๋ฉด oauth0-proxy์™€ prometheus๊ฐ€ ์„œ๋กœ ํ†ต์‹ ์ด ์•ˆ๋˜๋Š”๊ฒƒ์ด๋‹ค.

์„ค์ •์„ ํ™•์ธํ•ด์„œ ์ˆ˜์ •ํ•˜์ž.

๋„์ปค๊ฐ€ ์‹คํ–‰๋˜๊ณ  ๋‚˜๋ฉด ์— ์ ‘์†ํ•˜๋ฉด ๋กœ๊ทธ์ธ ํ™”๋ฉด์ด ๋‚˜์˜จ๋‹ค.

https://oauth2-proxy.github.io/oauth2-proxy/docs/
https://github.com/teamsmiley/devops-public/blob/main/monitoring/6.prometheus-oauth/docker-compose.yaml
https://prom.your-domain.com