Grafana Metrics Enterprise configuration
Grafana Metrics Enterprise utilizes a configuration file that is a superset of the Cortex configuration file.
This page gives an overview over the extensions that are available in the Grafana Metrics Enterprise configuration:
Note: The configuration of the getting started guide can be used as a starting point for writing your customised cluster configuration
You can enable the built-in, token based authentication mechanism in Grafana Metrics Enterprise by adding the following code to your configuration file:
auth: type: enterprise
Admin backend storage
You need to configure Grafana Metrics Enterprise with a bucket that stores administration objects such as clusters, access policies, tokens, or licenses. Ideally, this bucket is separate from the bucket that stores the TSDB blocks.
If you do not configure the object-storage bucket or do so incorrectly, Grafana Metrics Enterprise is unable to find its license and warnings will be logged. Failure to find a license is not a fatal error to minimise operational disruption in the case of misconfiguration or license expiry.
The client that is used is configured using the same configuration options as configuring a blocks storage backend. All of the clients supported for blocks storage are also supported for the admin API.
To verify that you have configured the object-storage bucket correctly, see either the S3 / Minio backend if you are using an S3 compatible API, or Google Cloud Storage (GCS) backend if you are using Google Cloud Storage.
Below are snippets that can be included in your configuration to setup each of the common object storage backends:
S3 / Minio backend
admin_client: storage: type: s3 s3: # The S3 bucket endpoint. It could be an AWS S3 endpoint listed at # https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an # S3-compatible service in hostname:port format. [endpoint: <string> | default = ""] # S3 bucket name [bucket_name: <string> | default = ""] # S3 secret access key [secret_access_key: <string> | default = ""] # S3 access key ID [access_key_id: <string> | default = ""] # If enabled, use http:// for the S3 endpoint instead of https://. This could # be useful in local dev/test environments while using an S3-compatible # backend storage, like Minio. [insecure: <boolean> | default = false]
To configure dynamic HTTP headers for the admin storage’s S3 / Minio backend, the following configuration can be used. Note that the poll interval controls how often the file is reloaded and there is a section on the format of the dynamic headers file.
admin_client: type: s3 storage: s3: header_map_file_path: <path to header file> header_map_poll_interval: <duration string>
Google Cloud Storage (GCS) backend
admin_client: storage: type: gcs gcs: # GCS bucket name [bucket_name: <string> | default = ""] # JSON representing either a Google Developers Console client_credentials.json # file or a Google Developers service account key file. If empty, fallback to # Google default logic. [service_account: <string> | default = ""]
Grafana Metrics Enterprise extends Cortex’s blocks storage configuration by those features:
Rate limiting of list calls
List calls to a storage bucket can be rate limited. The
blocks-storage.bucket-rate-limit.limit configuration option specifies how often per second a list call can be made before being rate limited. The
blocks-storage.bucket-rate-limit.burst configuration option specifies the burst size. If
blocks-storage.bucket-rate-limit.limit is smaller than or is equal to zero (the default) no rate limiting is applied. The snippet below shows how this can be set in your configuration file for an S3 backend:
blocks_storage: backend: s3 bucket_rate_limit: 100 bucket_rate_limit_burst: 1
Dynamic headers for S3 / Minio backend
To configure dynamic HTTP headers for the blocks storage’s S3 / Minio backend, the following configuration can be used. Note that the poll interval controls how often the file is reloaded and there is a section on the format of the dynamic headers file.
blocks_storage: backend: s3 s3: header_map_file_path: <path to header file> header_map_poll_interval: <duration string>
The Ruler is an optional service executing PromQL queries for recording rules and alerts. The ruler requires a backend storing the recording rules and alerts for each tenant.
Grafana Metrics Enterprise extends Cortex’s upstream ruler configuration by those features:
The following configuration options can be used to enable remote write rule groups and specify a desired directory to store the generated write-ahead log (WAL). To learn more see the remote-write rule forwarding documentation
enterprise_features: ruler_remote_write: enabled: <bool. defaults to false> wal_dir: <directory path. defaults to ./wal>
Dynamic headers for S3 / Minio backend
To configure dynamic HTTP headers for the ruler’s S3 / Minio backend, the following configuration can be used. Note that the poll interval controls how often the file is reloaded and there is section on the format of the dynamic headers file.
enterprise_features: ruler_s3_request_headers: file: <filename> poll_interval: <duration. defaults to 1m>
Dynamic headers configuration
A dynamic headers configuration file allows to configure HTTP headers, which can be dynamically changed during the runtime of Grafana Metrics Enterprise. It uses the YAML syntax and its format looks like this:
<header-name>: "header-value" <second-header-name>: "second-header-value"
An example of specifying a bearer token for authentication could look like this:
Authorization: "Bearer my-secret-bearer-token"
For information about the gateway and its configuration, refer to Gateway.