Skip to content

How to configure an authenticated forward proxy for Alertmanager in rancher-monitoring

Article Number: 000021575

Environment

Kubernetes cluster where you have installed the Alertmanager as part of the Monitoring Stack.

Situation

  • You have the Alertmanager installed on the cluster.
  • You need to configure any receiver integration, e.g., Slack, PagerDuty, Opsgenie, etc., where an authenticated proxy is required.

Resolution

A proxy configuration, with username and password, can be added to the alertmanager configuration, and the alertmanager UI will automatically obfuscate the password in the Status -> Config view. e.g. proxy_url: http://<user>:xxxxx@<URL>:<port> so this is secured from users with UI access. There are two ways you can define this proxy configuration:

  • A non-persistent implementation, e.g. to test the proxy configuration, can be performed by editing the "alertmanager-rancher-monitoring-alertmanager" secret in the "cattle-monitoring-system" namespace post-deployment to set the proxy_url including authentication directly in the URL. However, this solution will not be permanent, as the secret could will be overwritten, deleting the changes, if any update is made to the rancher-monitoring chart.
  • As a persistent implementation, you can create a copy of this secret (with the proxy_url including the credentials already set) in the cattle-monitoring-system namespace. Then, you can refer to this new secret in the cattle-monitoring chart alertmanager.alertmanagerSpec.configSecret value to work with your receiver integration.