---
title: "discovery.linode | Grafana Cloud documentation"
description: "Learn about discovery.linode"
---

# `discovery.linode`

`discovery.linode` allows you to retrieve scrape targets from [Linode’s](https://www.linode.com/) Linode APIv4. This service discovery uses the public IPv4 address by default, but that can be changed with relabeling.

## Usage

Alloy ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```alloy
discovery.linode "<LABEL>" {
    bearer_token = "<LINODE_API_TOKEN>"
}
```

> Note
> 
> You must create the Linode APIv4 Token with the scopes: `linodes:read_only`, `ips:read_only`, and `events:read_only`.

## Arguments

You can use the following arguments with `discovery.linode`:

Expand table

| Name                     | Type                | Description                                                                                      | Default | Required |
|--------------------------|---------------------|--------------------------------------------------------------------------------------------------|---------|----------|
| `bearer_token_file`      | `string`            | File containing a bearer token to authenticate with.                                             |         | no       |
| `bearer_token`           | `secret`            | Bearer token to authenticate with.                                                               |         | no       |
| `enable_http2`           | `bool`              | Whether HTTP2 is supported for requests.                                                         | `true`  | no       |
| `follow_redirects`       | `bool`              | Whether redirects returned by the server should be followed.                                     | `true`  | no       |
| `http_headers`           | `map(list(secret))` | Custom HTTP headers to be sent along with each request. The map key is the header name.          |         | no       |
| `no_proxy`               | `string`            | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. |         | no       |
| `port`                   | `int`               | Port that metrics are scraped from.                                                              | `80`    | no       |
| `proxy_connect_header`   | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests.                                    |         | no       |
| `proxy_from_environment` | `bool`              | Use the proxy URL indicated by environment variables.                                            | `false` | no       |
| `proxy_url`              | `string`            | HTTP proxy to send requests through.                                                             |         | no       |
| `refresh_interval`       | `duration`          | The time to wait between polling update requests.                                                | `"60s"` | no       |
| `region`                 | `string`            | A region to filter on.                                                                           |         | no       |
| `tag_separator`          | `string`            | The string by which Linode Instance tags are joined into the tag label.                          | `","`   | no       |

At most, one of the following can be provided:

- \[`authorization`]\[authorization] block
- \[`basic_auth`]\[basic\_auth] block
- [`bearer_token_file`](#arguments) argument
- [`bearer_token`](#arguments) argument
- \[`oauth2`]\[oauth2] block

`no_proxy` can contain IPs, CIDR notations, and domain names. IP and domain names can contain port numbers. `proxy_url` must be configured if `no_proxy` is configured.

`proxy_from_environment` uses the environment variables HTTP\_PROXY, HTTPS\_PROXY, and NO\_PROXY (or the lowercase versions thereof). Requests use the proxy from the environment variable matching their scheme, unless excluded by NO\_PROXY. `proxy_url` and `no_proxy` must not be configured if `proxy_from_environment` is configured.

`proxy_connect_header` should only be configured if `proxy_url` or `proxy_from_environment` are configured.

## Blocks

You can use the following blocks with `discovery.linode`:

No valid configuration blocks found.

### `authorization`

The `authorization` block configures generic authorization to the endpoint.

Expand table

| Name               | Type     | Description                                | Default | Required |
|--------------------|----------|--------------------------------------------|---------|----------|
| `credentials_file` | `string` | File containing the secret value.          |         | no       |
| `credentials`      | `secret` | Secret value.                              |         | no       |
| `type`             | `string` | Authorization type, for example, “Bearer”. |         | no       |

`credential` and `credentials_file` are mutually exclusive, and only one can be provided inside an `authorization` block.

> Warning
> 
> Using `credentials_file` causes the file to be read on every outgoing request. Use the `local.file` component with the `credentials` attribute instead to avoid unnecessary reads.

### `basic_auth`

The `basic_auth` block configures basic authentication to the endpoint.

Expand table

| Name            | Type     | Description                              | Default | Required |
|-----------------|----------|------------------------------------------|---------|----------|
| `password_file` | `string` | File containing the basic auth password. |         | no       |
| `password`      | `secret` | Basic auth password.                     |         | no       |
| `username`      | `string` | Basic auth username.                     |         | no       |

`password` and `password_file` are mutually exclusive, and only one can be provided inside a `basic_auth` block.

> Warning
> 
> Using `password_file` causes the file to be read on every outgoing request. Use the `local.file` component with the `password` attribute instead to avoid unnecessary reads.

### `oauth2`

The `oauth` block configures OAuth 2.0 authentication to the endpoint.

Expand table

| Name                     | Type                | Description                                                                                      | Default | Required |
|--------------------------|---------------------|--------------------------------------------------------------------------------------------------|---------|----------|
| `client_id`              | `string`            | OAuth2 client ID.                                                                                |         | no       |
| `client_secret_file`     | `string`            | File containing the OAuth2 client secret.                                                        |         | no       |
| `client_secret`          | `secret`            | OAuth2 client secret.                                                                            |         | no       |
| `endpoint_params`        | `map(string)`       | Optional parameters to append to the token URL.                                                  |         | no       |
| `no_proxy`               | `string`            | Comma-separated list of IP addresses, CIDR notations, and domain names to exclude from proxying. |         | no       |
| `proxy_connect_header`   | `map(list(secret))` | Specifies headers to send to proxies during CONNECT requests.                                    |         | no       |
| `proxy_from_environment` | `bool`              | Use the proxy URL indicated by environment variables.                                            | `false` | no       |
| `proxy_url`              | `string`            | HTTP proxy to send requests through.                                                             |         | no       |
| `scopes`                 | `list(string)`      | List of scopes to authenticate with.                                                             |         | no       |
| `token_url`              | `string`            | URL to fetch the token from.                                                                     |         | no       |

`client_secret` and `client_secret_file` are mutually exclusive, and only one can be provided inside an `oauth2` block.

> Warning
> 
> Using `client_secret_file` causes the file to be read on every outgoing request. Use the `local.file` component with the `client_secret` attribute instead to avoid unnecessary reads.

The `oauth2` block may also contain a separate `tls_config` sub-block.

`no_proxy` can contain IPs, CIDR notations, and domain names. IP and domain names can contain port numbers. `proxy_url` must be configured if `no_proxy` is configured.

`proxy_from_environment` uses the environment variables HTTP\_PROXY, HTTPS\_PROXY, and NO\_PROXY (or the lowercase versions thereof). Requests use the proxy from the environment variable matching their scheme, unless excluded by NO\_PROXY. `proxy_url` and `no_proxy` must not be configured if `proxy_from_environment` is configured.

`proxy_connect_header` should only be configured if `proxy_url` or `proxy_from_environment` are configured.

### `tls_config`

The `tls_config` block configures TLS settings for connecting to the endpoint.

Expand table

| Name                   | Type     | Description                                              | Default | Required |
|------------------------|----------|----------------------------------------------------------|---------|----------|
| `ca_pem`               | `string` | CA PEM-encoded text to validate the server with.         |         | no       |
| `ca_file`              | `string` | CA certificate to validate the server with.              |         | no       |
| `cert_pem`             | `string` | Certificate PEM-encoded text for client authentication.  |         | no       |
| `cert_file`            | `string` | Certificate file for client authentication.              |         | no       |
| `insecure_skip_verify` | `bool`   | Disables validation of the server certificate.           |         | no       |
| `key_file`             | `string` | Key file for client authentication.                      |         | no       |
| `key_pem`              | `secret` | Key PEM-encoded text for client authentication.          |         | no       |
| `min_version`          | `string` | Minimum acceptable TLS version.                          |         | no       |
| `server_name`          | `string` | ServerName extension to indicate the name of the server. |         | no       |

The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:

- `ca_pem` and `ca_file`
- `cert_pem` and `cert_file`
- `key_pem` and `key_file`

When configuring client authentication, both the client certificate (using `cert_pem` or `cert_file`) and the client key (using `key_pem` or `key_file`) must be provided.

When `min_version` isn’t provided, the minimum acceptable TLS version is inherited from Go’s default minimum version, TLS 1.2. If `min_version` is provided, it must be set to one of the following strings:

- `"TLS10"` (TLS 1.0)
- `"TLS11"` (TLS 1.1)
- `"TLS12"` (TLS 1.2)
- `"TLS13"` (TLS 1.3)

## Exported fields

The following fields are exported and can be referenced by other components:

Expand table

| Name      | Type                | Description                                        |
|-----------|---------------------|----------------------------------------------------|
| `targets` | `list(map(string))` | The set of targets discovered from the Linode API. |

The following meta labels are available on targets and can be used by the discovery.relabel component:

- `__meta_linode_backups`: The backup service status of the Linode instance.
- `__meta_linode_extra_ips`: A list of all extra IPv4 addresses assigned to the Linode instance joined by the tag separator.
- `__meta_linode_group`: The display group a Linode instance is a member of.
- `__meta_linode_gpus`: The number of GPUs of the Linode instance.
- `__meta_linode_hypervisor`: The virtualization software powering the Linode instance.
- `__meta_linode_image`: The slug of the Linode instance’s image.
- `__meta_linode_instance_id`: The ID of the Linode instance.
- `__meta_linode_instance_label`: The label of the Linode instance.
- `__meta_linode_private_ipv4`: The private IPv4 of the Linode instance.
- `__meta_linode_private_ipv4_rdns`: The reverse DNS for the first private IPv4 of the Linode instance.
- `__meta_linode_public_ipv4`: The public IPv4 of the Linode instance.
- `__meta_linode_public_ipv4_rdns`: The reverse DNS for the first public IPv4 of the Linode instance.
- `__meta_linode_public_ipv6`: The public IPv6 of the Linode instance.
- `__meta_linode_public_ipv6_rdns`: The reverse DNS for the first public IPv6 of the Linode instance.
- `__meta_linode_region`: The region of the Linode instance.
- `__meta_linode_specs_disk_bytes`: The amount of storage space the Linode instance has access to.
- `__meta_linode_specs_memory_bytes`: The amount of RAM the Linode instance has access to.
- `__meta_linode_specs_transfer_bytes`: The amount of network transfer the Linode instance is allotted each month.
- `__meta_linode_specs_vcpus`: The number of VCPUS this Linode has access to.
- `__meta_linode_status`: The status of the Linode instance.
- `__meta_linode_tags`: A list of tags of the Linode instance joined by the tag separator.
- `__meta_linode_type`: The type of the Linode instance.
- `__meta_linode_ipv6_ranges`: A list of IPv6 ranges with mask assigned to the Linode instance joined by the tag separator.

## Component health

`discovery.linode` is only reported as unhealthy when given an invalid configuration. In those cases, exported fields retain their last healthy values.

## Debug information

`discovery.linode` doesn’t expose any component-specific debug information.

## Debug metrics

`discovery.linode` doesn’t expose any component-specific debug metrics.

## Example

Alloy ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```alloy
discovery.linode "example" {
    bearer_token = sys.env("LINODE_TOKEN")
    port = 8876
}
prometheus.scrape "demo" {
    targets    = discovery.linode.example.targets
    forward_to = [prometheus.remote_write.demo.receiver]
}
prometheus.remote_write "demo" {
    endpoint {
        url = <PROMETHEUS_REMOTE_WRITE_URL>
        basic_auth {
            username = <USERNAME>
            password = <PASSWORD>
        }
    }
}
```

Replace the following:

- *`<PROMETHEUS_REMOTE_WRITE_URL>`* : The URL of the Prometheus remote\_write-compatible server to send metrics to.
- *`<USERNAME>`* : The username to use for authentication to the `remote_write` API.
- *`<PASSWORD>`* : The password to use for authentication to the `remote_write` API.

### Use a private IP address

Alloy ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```alloy
discovery.linode "example" {
    bearer_token = sys.env("LINODE_TOKEN")
    port = 8876
}
discovery.relabel "private_ips" {
    targets = discovery.linode.example.targets
    rule {
        source_labels = ["__meta_linode_private_ipv4"]
        replacement     = "[$1]:8876"
        target_label  = "__address__"
    }
}
prometheus.scrape "demo" {
    targets    = discovery.relabel.private_ips.targets
    forward_to = [prometheus.remote_write.demo.receiver]
}
prometheus.remote_write "demo" {
    endpoint {
        url = <PROMETHEUS_REMOTE_WRITE_URL>
        basic_auth {
            username = <USERNAME>
            password = <PASSWORD>
        }
    }
}
```

Replace the following:

- *`<PROMETHEUS_REMOTE_WRITE_URL>`* : The URL of the Prometheus remote\_write-compatible server to send metrics to.
- *`<USERNAME>`* : The username to use for authentication to the `remote_write` API.
- *`<PASSWORD>`* : The password to use for authentication to the `remote_write` API.

## Compatible components

`discovery.linode` has exports that can be consumed by the following components:

- Components that consume [Targets](/docs/grafana-cloud/send-data/alloy/reference/compatibility/#targets-consumers)

> Note
> 
> Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.