This document describes how to configure Prometheus to send metrics to Firetiger using the remote_write feature. This allows you to leverage Firetiger for long-term storage, analysis, and visualization of your Prometheus metrics.
The Firetiger ingest service exposes a Prometheus remote write compatible endpoint at /api/v1/write.
To configure Prometheus, you first need the correct endpoint URL and authentication credentials for your Firetiger instance. These credentials (specifically the password) are typically stored in your cloud provider's secret management service after the initial Firetiger setup in your account.
Choose the instructions below based on whether your Firetiger resources (like the S3 bucket and secrets) are deployed in Google Cloud Platform (GCP) or Amazon Web Services (AWS).
Use the following script to generate the endpoint URL and retrieve credentials from GCP Secret Manager.
Bash
#!/bin/bash
# --- GCP Configuration ---
# REQUIRED: Set your Firetiger bucket name (used in GCP)
export BUCKET_NAME="my-firetiger-bucket"
# REQUIRED: Set your Google Cloud Project ID where the secret is stored
export PROJECT_ID="my-gcp-project-id"
# --- End GCP Configuration ---
# Derive the secret name (assuming default naming convention)
SECRET_NAME="${BUCKET_NAME}-basic-auth-ingest"
echo "Fetching GCP secret: ${SECRET_NAME} from project: ${PROJECT_ID}"
# Fetch the password from GCP Secret Manager
export FIRETIGER_PASSWORD=$(gcloud --project "${PROJECT_ID}" secrets versions access latest --secret "${SECRET_NAME}")
if [ -z "$FIRETIGER_PASSWORD" ]; then
echo "Error: Failed to fetch password from GCP Secret Manager."
echo "Check BUCKET_NAME, PROJECT_ID, secret name ('${SECRET_NAME}'), and gcloud permissions."
exit 1
fi
# Construct the base endpoint URL
# Slugify the bucket name (replace non-alphanumeric with hyphen)
SLUGIFIED_BUCKET_NAME=$(echo "${BUCKET_NAME}" | sed 's/[^a-zA-Z0-9-]/-/g')
export INGEST_BASE_URL="<https://ingest.$>{SLUGIFIED_BUCKET_NAME}.firetigerapi.com:443"
# Construct the full Prometheus remote write URL
export REMOTE_WRITE_URL="${INGEST_BASE_URL}/api/v1/write"
# The username for Basic Auth is the bucket name
export USERNAME="${BUCKET_NAME}"
echo ""
echo "--- Prometheus Configuration Details (from GCP) ---"
echo "Remote Write URL: ${REMOTE_WRITE_URL}"
echo "Username: ${USERNAME}"
echo "Password: [Fetched from GCP Secret Manager, stored in \\$FIRETIGER_PASSWORD]"
echo "---------------------------------------------------"
echo ""
echo "Use these details in your prometheus.yml configuration."
# Optional: Export for direct use in envsubst or similar templating if needed
export PROMETHEUS_REMOTE_WRITE_URL="${REMOTE_WRITE_URL}"
export PROMETHEUS_USERNAME="${USERNAME}"
export PROMETHEUS_PASSWORD="${FIRETIGER_PASSWORD}"
Before running (GCP):
"my-firetiger-bucket" with your actual Firetiger bucket name used in your GCP setup."my-gcp-project-id" with the Google Cloud Project ID where your Firetiger secrets are stored.gcloud CLI installed and authenticated with permissions to access secrets in the specified project.Use the following script to generate the endpoint URL and retrieve credentials from AWS Secrets Manager. This assumes you have already deployed the Firetiger resources in your AWS account (e.g., using the Terraform configuration described in the AWS setup guide), which includes creating the necessary secret in AWS Secrets Manager.
Bash
#!/bin/bash
# --- AWS Configuration ---
# REQUIRED: Set your Firetiger bucket name (used in AWS)
export BUCKET_NAME="firetiger-my-company"
# REQUIRED: Set the AWS Region where your secret is stored
export AWS_REGION="us-west-2"
# OPTIONAL: Set your AWS CLI profile if not using default
export AWS_PROFILE="my-firetiger-account-profile"
# --- End AWS Configuration ---
# Derive the secret name (assuming default naming convention)
SECRET_NAME="${BUCKET_NAME}-basic-auth-ingest"
echo "Fetching AWS secret: ${SECRET_NAME} from region: ${AWS_REGION}"
AWS_CMD="aws secretsmanager get-secret-value --secret-id ${SECRET_NAME} --region ${AWS_REGION} --query SecretString --output text"
if [ ! -z "$AWS_PROFILE" ]; then
AWS_CMD="${AWS_CMD} --profile ${AWS_PROFILE}"
echo "Using AWS Profile: ${AWS_PROFILE}"
fi
# Fetch the password from AWS Secrets Manager
export FIRETIGER_PASSWORD=$(eval ${AWS_CMD})
if [ -z "$FIRETIGER_PASSWORD" ]; then
echo "Error: Failed to fetch password from AWS Secrets Manager."
echo "Check BUCKET_NAME, AWS_REGION, secret name ('${SECRET_NAME}'), AWS_PROFILE (if used), and AWS CLI permissions."
exit 1
fi
# Construct the base endpoint URL
# Slugify the bucket name (replace non-alphanumeric with hyphen)
SLUGIFIED_BUCKET_NAME=$(echo "${BUCKET_NAME}" | sed 's/[^a-zA-Z0-9-]/-/g')
export INGEST_BASE_URL="<https://ingest.$>{SLUGIFIED_BUCKET_NAME}.firetigerapi.com:443"
# Construct the full Prometheus remote write URL
export REMOTE_WRITE_URL="${INGEST_BASE_URL}/api/v1/write"
# The username for Basic Auth is the bucket name
export USERNAME="${BUCKET_NAME}"
echo ""
echo "--- Prometheus Configuration Details (from AWS) ---"
echo "Remote Write URL: ${REMOTE_WRITE_URL}"
echo "Username: ${USERNAME}"
echo "Password: [Fetched from AWS Secrets Manager, stored in \\$FIRETIGER_PASSWORD]"
echo "---------------------------------------------------"
echo ""
echo "Use these details in your prometheus.yml configuration."
# Optional: Export for direct use in envsubst or similar templating if needed
export PROMETHEUS_REMOTE_WRITE_URL="${REMOTE_WRITE_URL}"
export PROMETHEUS_USERNAME="${USERNAME}"
export PROMETHEUS_PASSWORD="${FIRETIGER_PASSWORD}"