Menu

This is documentation for the next version of Alloy. For the latest stable release, go to the latest version.

Open source

discovery.consulagent

discovery.consulagent allows you to retrieve scrape targets from Consul’s Agent API. Only the services registered with the local agent running on the same host will be watched. This is suitable for very large Consul clusters for which using the Catalog API would be too slow or resource intensive.

Usage

alloy
discovery.consulagent "LABEL" {
  server = CONSUL_SERVER
}

Arguments

The following arguments are supported:

NameTypeDescriptionDefaultRequired
serverstringHost and port of the Consul Agent API.localhost:8500no
tokensecretSecret token used to access the Consul Agent API.no
datacenterstringDatacenter in which the Consul Agent is configured to run. If not provided, the datacenter is retrieved from the local Consul Agent.no
tag_separatorstringThe string by which Consul tags are joined into the tag label.,no
schemestringThe scheme to use when talking to the Consul Agent.httpno
usernamestringThe username to use.no
passwordsecretThe password to use.no
serviceslist(string)A list of services for which targets are retrieved. If omitted, all services are scraped.no
tagslist(string)An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.no
refresh_intervaldurationFrequency to refresh list of containers."30s"no

Blocks

The following blocks are supported inside the definition of discovery.consulagent:

HierarchyBlockDescriptionRequired
tls_configtls_configConfigure TLS settings for connecting to the endpoint.no

tls_config block

NameTypeDescriptionDefaultRequired
ca_pemstringCA PEM-encoded text to validate the server with.no
ca_filestringCA certificate to validate the server with.no
cert_pemstringCertificate PEM-encoded text for client authentication.no
cert_filestringCertificate file for client authentication.no
insecure_skip_verifyboolDisables validation of the server certificate.no
key_filestringKey file for client authentication.no
key_pemsecretKey PEM-encoded text for client authentication.no
min_versionstringMinimum acceptable TLS version.no
server_namestringServerName extension to indicate the name of the server.no

The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:

  • ca_pem and ca_file
  • cert_pem and cert_file
  • key_pem and key_file

When configuring client authentication, both the client certificate (using cert_pem or cert_file) and the client key (using key_pem or key_file) must be provided.

When min_version isn’t provided, the minimum acceptable TLS version is inherited from Go’s default minimum version, TLS 1.2. If min_version is provided, it must be set to one of the following strings:

  • "TLS10" (TLS 1.0)
  • "TLS11" (TLS 1.1)
  • "TLS12" (TLS 1.2)
  • "TLS13" (TLS 1.3)

Exported fields

The following fields are exported and can be referenced by other components:

NameTypeDescription
targetslist(map(string))The set of targets discovered from the Consul Agent API.

Each target includes the following labels:

  • __meta_consulagent_address: The address of the target.
  • __meta_consulagent_dc: The datacenter name for the target.
  • __meta_consulagent_health: The health status of the service.
  • __meta_consulagent_metadata_<key>: Each node metadata key value of the target.
  • __meta_consulagent_node: The node name defined for the target.
  • __meta_consulagent_service: The name of the service the target belongs to.
  • __meta_consulagent_service_address: The service address of the target.
  • __meta_consulagent_service_id: The service ID of the target.
  • __meta_consulagent_service_metadata_<key>: Each service metadata key value of the target.
  • __meta_consulagent_service_port: The service port of the target.
  • __meta_consulagent_tagged_address_<key>: Each node tagged address key value of the target.
  • __meta_consulagent_tags: The list of tags of the target joined by the tag separator.

Component health

discovery.consulagent is only reported as unhealthy when given an invalid configuration. In those cases, exported fields retain their last healthy values.

Debug information

discovery.consulagent doesn’t expose any component-specific debug information.

Debug metrics

  • discovery_consulagent_rpc_failures_total (Counter): The number of Consul Agent RPC call failures.
  • discovery_consulagent_rpc_duration_seconds (SummaryVec): The duration of a Consul Agent RPC call in seconds.

Example

This example discovers targets from a Consul Agent for the specified list of services:

alloy
discovery.consulagent "example" {
  server = "localhost:8500"
  services = [
    "service1",
    "service2",
  ]
}

prometheus.scrape "demo" {
  targets    = discovery.consul.example.targets
  forward_to = [prometheus.remote_write.demo.receiver]
}

prometheus.remote_write "demo" {
  endpoint {
    url = <PROMETHEUS_REMOTE_WRITE_URL>

    basic_auth {
      username = <USERNAME>
      password = <PASSWORD>
    }
  }
}

Replace the following:

  • <PROMETHEUS_REMOTE_WRITE_URL>: The URL of the Prometheus remote_write-compatible server to send metrics to.
  • <USERNAME>: The username to use for authentication to the remote_write API.
  • <PASSWORD>: The password to use for authentication to the remote_write API.

Compatible components

discovery.consulagent has exports that can be consumed by the following components:

Note

Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.