Description:
Hi,
I’m running pmm-server v2.41.0 on my kubernetes cluster and pmm-client for monitoring my MongoDB running on GCE instances.
I want to know if there is any other way of registering the node with pmm server apart from using admin username & password? maybe through service accounts or api-keys??
The issue is that i wish to push PMM monitoring in production and before i do that i want to put it behind IAP. If i put it behind IAP,then i’m not able to register the node with admin username & password. So is there any other way of registering the node maybe through service accounts,api-keys or maybe creating an internal LB for PMM server.
Expected Result:
It should be able to register the node with pmm-server through some other way too.
Actual Result:
Can only register through username & password.
Any help would be appreciated,thanks.
Hello @Wali_Hasan,
Unfortunately, at this time using username/password is the only way to add the local agent to PMM. However, you can add a remote Mongo monitoring instance to PMM using the API/UI. But you won’t get any disk/OS/memory stats this way.
Hello @matthewb ,
which means i won’t be able to put PMM behind Google Single Sign on?? This would defeat the purpose…I couldn’t find any official document to implement google authentication,is that also not supported?
Hello @Wali_Hasan,
Grafana, the UI of PMM, fully supports OAuth2-style authentication.
Our public demo, https://pmmdemo.percona.com/ uses OAuth2 for employee SSO, so it does indeed work.
Hello @matthewb ,
I’m trying to implement Google OAuth2 authentication but facing issue.
So i’ve installed pmm server using helm charts,
pmmEnv:
GF_AUTH_GENERIC_OAUTH_ENABLED: “true”
GF_AUTH_GENERIC_OAUTH_SCOPES: “https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email”
GF_AUTH_GENERIC_OAUTH_AUTH_URL: “Sign in - Google Accounts”
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: “https://accounts.google.com/o/oauth2/token”
GF_AUTH_GENERIC_OAUTH_API_URL: “https://accounts.google.com/o/oauth2/authorize”
GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: “gmail.com”
GF_SERVER_ROOT_URL: “https://pmm-example.com/graph”
I’ve passed these values under pmmEnv in helmchart to pass as environment variables,
and passed clientID & clientSecret as Secrets in helmchart
secret:
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: “base64 encoded value”
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: “base64 encoded value”
My redirect URI at google end is https://pmm-example.com/graph/login/generic_oauth
But it dont seem to work…i get “Error 401: invalid_client” when i try to sigin with OAuth,can please help as to what i’m doing wrong in this??
Any help would be highly appreciated.
Thanks.