diff --git a/docs/sources/shared/configuration.md b/docs/sources/shared/configuration.md index d50669016356..0b1d1e3aa664 100644 --- a/docs/sources/shared/configuration.md +++ b/docs/sources/shared/configuration.md @@ -4638,6 +4638,21 @@ alertmanager_client: # CLI flag: -ruler.alertmanager-client.credentials-file [credentials_file: | default = ""] + # HTTP proxy server to use to connect to the targets. + [proxy_url: | default = ""] + + # NoProxy contains addresses that should not use a proxy. + [no_proxy: | default = ""] + + # ProxyFromEnvironment makes use of net/http ProxyFromEnvironment function to determine proxies. + [proxy_from_environment: ] + + # ProxyConnectHeader optionally specifies headers to send to + # proxies during CONNECT requests. Assume that at least _some_ of + # these headers are going to contain secrets and use Secret as the + # value type instead of string. + [proxy_connect_header: ] + # Max time to tolerate outage for restoring "for" state of alert. # CLI flag: -ruler.for-outage-tolerance [for_outage_tolerance: | default = 1h] diff --git a/pkg/ruler/base/notifier.go b/pkg/ruler/base/notifier.go index 5c6524447bfe..19e14d4894cf 100644 --- a/pkg/ruler/base/notifier.go +++ b/pkg/ruler/base/notifier.go @@ -192,6 +192,12 @@ func amConfigFromURL(cfg *ruler_config.AlertManagerConfig, url *url.URL, apiVers Timeout: model.Duration(cfg.NotificationTimeout), ServiceDiscoveryConfigs: sdConfig, HTTPClientConfig: config_util.HTTPClientConfig{ + ProxyConfig: config_util.ProxyConfig{ + ProxyURL: cfg.Notifier.Proxy.ProxyURL, + NoProxy: cfg.Notifier.Proxy.NoProxy, + ProxyConnectHeader: cfg.Notifier.Proxy.ProxyConnectHeader, + ProxyFromEnvironment: cfg.Notifier.Proxy.ProxyFromEnvironment, + }, TLSConfig: config_util.TLSConfig{ CAFile: cfg.Notifier.TLS.CAPath, CertFile: cfg.Notifier.TLS.CertPath, diff --git a/pkg/ruler/base/notifier_test.go b/pkg/ruler/base/notifier_test.go index 8166193d8457..5f5798ec1461 100644 --- a/pkg/ruler/base/notifier_test.go +++ b/pkg/ruler/base/notifier_test.go @@ -2,6 +2,7 @@ package base import ( "fmt" + "net/url" "testing" "time" @@ -397,6 +398,52 @@ func TestBuildNotifierConfig(t *testing.T) { }, }, }, + { + name: "with proxy", + cfg: &Config{ + AlertManagerConfig: ruler_config.AlertManagerConfig{ + AlertmanagerURL: "http://alertmanager.default.svc.cluster.local/alertmanager", + Notifier: ruler_config.NotifierConfig{ + Proxy: config_util.ProxyConfig{ + ProxyURL: config_util.URL{ + URL: &url.URL{}, + }, + NoProxy: "127.0.0.1/8", + ProxyFromEnvironment: false, + ProxyConnectHeader: config_util.ProxyHeader{}, + }, + }, + }, + }, + ncfg: &config.Config{ + AlertingConfig: config.AlertingConfig{ + AlertmanagerConfigs: []*config.AlertmanagerConfig{ + { + APIVersion: "v1", + Scheme: "http", + PathPrefix: "/alertmanager", + ServiceDiscoveryConfigs: discovery.Configs{ + discovery.StaticConfig{ + { + Targets: []model.LabelSet{{"__address__": "alertmanager.default.svc.cluster.local"}}, + }, + }, + }, + HTTPClientConfig: config_util.HTTPClientConfig{ + ProxyConfig: config_util.ProxyConfig{ + ProxyURL: config_util.URL{ + URL: &url.URL{}, + }, + NoProxy: "127.0.0.1/8", + ProxyFromEnvironment: false, + ProxyConnectHeader: config_util.ProxyHeader{}, + }, + }, + }, + }, + }, + }, + }, } for _, tt := range tests { diff --git a/pkg/ruler/config/alertmanager.go b/pkg/ruler/config/alertmanager.go index 8282a39326f0..b3f307ee2085 100644 --- a/pkg/ruler/config/alertmanager.go +++ b/pkg/ruler/config/alertmanager.go @@ -5,6 +5,7 @@ import ( "time" "github.com/grafana/dskit/crypto/tls" + "github.com/prometheus/common/config" "github.com/prometheus/prometheus/model/relabel" "github.com/grafana/loki/v3/pkg/util" @@ -30,9 +31,10 @@ type AlertManagerConfig struct { } type NotifierConfig struct { - TLS tls.ClientConfig `yaml:",inline"` - BasicAuth util.BasicAuth `yaml:",inline"` - HeaderAuth util.HeaderAuth `yaml:",inline"` + Proxy config.ProxyConfig `yaml:",inline"` + TLS tls.ClientConfig `yaml:",inline"` + BasicAuth util.BasicAuth `yaml:",inline"` + HeaderAuth util.HeaderAuth `yaml:",inline"` } func (cfg *NotifierConfig) RegisterFlags(f *flag.FlagSet) {