MVP+1: RFD27 integration

[misterbisson]

RFD27/Container Monitor integration requires two things:

1. TLS certs based on a user's SSH key
2. Discovery of RFD27 endpoints

   Authenticated requests

The proxy will utilize the same TLS based scheme as the official Prometheus agents. Customers existing SSH key(s) (the same key(s) used for accessing instances and sdc-docker) will be used.

The details of generating a TLS key from a Triton user's SSH key need further definition from @richardkiene.

Discovery

@richardkiene can add the details of discovery of RFD27 endpoints. It's possible that the best solution here is to develop a new Telegraf input plugin that integrates RFD27 endpoint discovery on top of the existing Prometheus input plugin.

[richardkiene]

I don't want to get overly prescriptive about authenticated requests until I've worked out the kinks with Alex. However, the Prometheus TLS configuration section gives the basics. Also, I believe we can re-use the key and cert we generate for users when they setup sdc-docker access.

Discovery happens via CloudAPI and then knowledge of how the CNS CNAME is created (i.e. https://(container_uuid).cm.triton.zone:9163/metrics). There is a WIP Prometheus server plugin which handles discovery for the Prometheus server. Forwarders would need to follow this same pattern/logic.