How to use Go pprof pulling when the pprof endpoint requires a Bearer token?

grafana / pyroscope

Continuous Profiling Platform. Debug performance issues down to a single line of code

https://grafana.com/oss/pyroscope/

GNU Affero General Public License v3.0

9.67k stars 578 forks source link

How to use Go pprof pulling when the pprof endpoint requires a Bearer token? #980

Closed ethercrow closed 2 years ago

ethercrow commented 2 years ago

I'm able to get pprof data by doing

curl -H"Authorization: Bearer "$(generate-acme-token) https://acme-service/debug/pprof/foo

Is it possible to configure pyroscope to also pass this header?

kolesnikovae commented 2 years ago

Thank you for opening the issue @ethercrow!

Pyroscope inherited almost all scraping features of Prometheus, and is almost 100% compatible with the Prometheus configuration (please notice that we use kebab-yaml-style instead of snake_case).

The following configuration should do the trick:

---
scrape-configs:
  - job-name: testing
    scheme: https
    authorization:
       type: Bearer
       credentials: <bearer-token> 
    static-configs:
      - application: acme
        targets:
          - acme-service

Also, the secret can be read from a file specified in the authorization.credentials-file parameter.

ethercrow commented 2 years ago

Thank you so much, works great!

For the curious people who found this issue (probably including myself from the future), here's my current config:

Makefile:

.PHONY: pyroscope
pyroscope:
  generate-acme-token > token.tmp
  pyroscope server --config pyroscope.yml

pyroscope.yml:

---
log-level: debug
scrape-configs:
  - job-name: prod
    scheme: https
    authorization:
       type: Bearer
       credentials-file: token.tmp
    static-configs:
      - application: acme
        targets:
          - "acme-service:443"