Grafana: Datasource (Prometheus ) query 403

Question

When querying Datasource from grafana getting 403 for a few of the metrics.

curl --location --request GET 'https://xxx.xxx.xxx/api/datasources/proxy/1/api/v1/query?query=sum(kube_pod_container_status_restarts_total%7Bnamespace%3D%22default%22%2C%20container%3D~%22al-agent-container%22%2C%20pod%3D%22al-agent-container-hlrz2%22%7D)&time=1607489911' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json; charset=UTF-8' \
> --header 'Authorization: Bearer xxx' \
> --data-raw ''
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

When Querying from the Prometheus server endpoint with same query it resolves with 200:

curl --location --request GET 'http://kube-system-prometheus-server.kube-system.svc.cluster.local/api/v1/query_range?query=sum(kube_pod_container_resource_requests_cpu_cores%7Bnamespace%3D%22default%22%2C%20pod%3D~%22al-agent-container-hlrz2%22%7D)&start=1607488035&end=1607489835&step=15' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json; charset=UTF-8'
{"status":"success","data":{"resultType":"matrix","result":[]}}

Grafana Version: v6.6.2 (3fa63cfc34)

Prometheus does not have any authentication in place, This issue is facing only for few metrics not for all.

When tested the data source from its configuration section. it shows it's all working.

does anyone have any idea on this?

score 1 · Accepted Answer · answered Dec 09 '20 at 06:13

1

I have found this issue,

I had WAF enabled in the entry LB, I have removed and checked that it does work. WAF is considering this as SQL injection and hence blocking it.

answered Dec 09 '20 at 06:13

Saikat Chakrabortty

2,520
4
22
39

Disabling WAF is not a reliable solution, some right solution should be investigated. and said way is how grafana queries https://community.grafana.com/t/sql-injection-in-api-tsdb-query-in-grafana/29713/7 – Jun 04 '23 at 12:45
@KarthikKumar I haven't suggested disabling, however, this is up to the operator how they want to configure waf or switch to something else. - its just acknowledging the issue so that you can check and relate and respond your own way :) – Saikat Chakrabortty Jun 05 '23 at 06:11

score 0 · Answer 2 · answered Dec 15 '20 at 19:17

0

From my view , you cant get the data from Grafana. Because Grafana doesn't have DB place to store the data . It will use the Existing database from any other source to plot the Time-based series.

answered Dec 15 '20 at 19:17

katheravan arumugam

11
3

this is resolved, I'm querying the data source added in grafana, through grafanas API. – Saikat Chakrabortty Dec 16 '20 at 03:37
Will you pls share the steps here , it will be very useful for my grafana studies. i am ot sure about how to use grafana API's – katheravan arumugam Dec 28 '20 at 06:44

Grafana: Datasource (Prometheus ) query 403

2 Answers2