{"id":37205831,"url":"https://github.com/postfinance/discovery","last_synced_at":"2026-01-14T23:42:34.331Z","repository":{"id":36949957,"uuid":"295702188","full_name":"postfinance/discovery","owner":"postfinance","description":"Service discovery for prometheus.","archived":true,"fork":false,"pushed_at":"2024-06-18T06:12:11.000Z","size":1412,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-06-19T11:37:54.823Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/postfinance.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-15T11:13:23.000Z","updated_at":"2024-06-18T06:13:01.000Z","dependencies_parsed_at":"2023-11-20T08:13:59.153Z","dependency_job_id":"b59ae8bd-8466-43f4-bc4f-c31672a4d6e1","html_url":"https://github.com/postfinance/discovery","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/postfinance/discovery","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/postfinance%2Fdiscovery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/postfinance%2Fdiscovery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/postfinance%2Fdiscovery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/postfinance%2Fdiscovery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/postfinance","download_url":"https://codeload.github.com/postfinance/discovery/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/postfinance%2Fdiscovery/sbom","scorecard":{"id":741781,"data":{"date":"2025-08-11","repo":{"name":"github.com/postfinance/discovery","commit":"97eb80467d1fc258f7f3f52287204536a1d371ef"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/push.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":-1,"reason":"Found no human activity in the last 30 changesets","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/postfinance/discovery/push.yml/master?enable=pin","Warn: containerImage not pinned by hash: packaging/docker/Dockerfile:1: pin your Docker image by updating gcr.io/distroless/static-debian11:latest to gcr.io/distroless/static-debian11:latest@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: goCommand not pinned by hash: .github/workflows/push.yml:30","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.9.0 not signed: https://api.github.com/repos/postfinance/discovery/releases/93168439","Warn: release artifact v0.8.3 not signed: https://api.github.com/repos/postfinance/discovery/releases/90170705","Warn: release artifact v0.8.2 not signed: https://api.github.com/repos/postfinance/discovery/releases/66344931","Warn: release artifact v0.8.1 not signed: https://api.github.com/repos/postfinance/discovery/releases/56723655","Warn: release artifact v0.8.0 not signed: https://api.github.com/repos/postfinance/discovery/releases/50380590","Warn: release artifact v0.9.0 does not have provenance: https://api.github.com/repos/postfinance/discovery/releases/93168439","Warn: release artifact v0.8.3 does not have provenance: https://api.github.com/repos/postfinance/discovery/releases/90170705","Warn: release artifact v0.8.2 does not have provenance: https://api.github.com/repos/postfinance/discovery/releases/66344931","Warn: release artifact v0.8.1 does not have provenance: https://api.github.com/repos/postfinance/discovery/releases/56723655","Warn: release artifact v0.8.0 does not have provenance: https://api.github.com/repos/postfinance/discovery/releases/50380590"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3250 / GHSA-29wx-vh33-7x7r","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T17:38:09.256Z","repository_id":36949957,"created_at":"2025-08-22T17:38:09.256Z","updated_at":"2025-08-22T17:38:09.256Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28439518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T23:42:33.739Z","updated_at":"2026-01-14T23:42:34.323Z","avatar_url":"https://github.com/postfinance.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n\n- [discovery](#discovery)\n  - [Architecture](#architecture)\n  - [Example Workflow:](#example-workflow)\n  - [Authentication](#authentication)\n  - [Configuration](#configuration)\n  - [API](#api)\n    - [GRPC](#grpc)\n    - [REST](#rest)\n  - [Prometheus Scrape Configuration](#prometheus-scrape-configuration)\n    - [http_sd](#http_sd)\n  - [Systemd](#systemd)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n# discovery\n\nService discovery for prometheus with etcd backend. This service can be useful in environments\nwhere no prometheus service discovery other than [http_sd](https://prometheus.io/docs/prometheus/latest/http_sd/) is possible.\n\n## Architecture\n\n![Architecture](./architecture.png)\n\nThe service discovery consists of three components:\n\n- A GPRC service to register services and store them to [etcd](https://etcd.io) backend.\n- A rest endpoint for prometheus [http_sd](https://prometheus.io/docs/prometheus/latest/http_sd/).\n- ~~An exporter service to export stored services to filesystem for prometheus [file-sd](https://prometheus.io/docs/guides/file-sd/)~~.\n- CLI to register or unregister services and perform admin tasks.\n\n## Example Workflow:\n\nFirst we have to register a (prometheus) server:\n\n```console\n$ discovery server register prometheus1.example.com --labels=environment=test\n```\n\nThe labels above can be used on service registration to select a server via kubernetes style label selectors (see below).\n\nTo list all registered servers:\n\n```console\n$ discovery server list\nNAME                    MODIFIED             STATE  LABELS\nprometheus1.example.com 2021-02-04T14:12:50Z active environment=test\n```\n\nNow you can register a service:\n\n```console\n$ discovery service register -e http://example.com/metrics example --labels=label1=value1,label2=value2 --selector=environment=test\n2021-02-04T15:13:50.085+0100    INFO    client/service.go:82    service registered      {\"id\": \"93c156b1-f218-5d79-88a5-219307e59d29\"}\n```\n\nThe selector is a kubernetes style [label selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) to select a server from the registered servers.\nWhen you start the discovery service with `--replicas=n` and n\u003e1, a service is distributed to n servers with the corresponding labels. The service discovery uses a [consistent hashing algorithm](https://arxiv.org/pdf/1406.2294v1.pdf)\nto distribute services among servers.\n\nYou can see the registered services:\n\n```console\n$ discovery service list\nNAME    NAMESPACE ID                                   ENDPOINT                   SERVERS                 LABELS                      SELECTOR         MODIFIED             DESCRIPTION\nexample default   93c156b1-f218-5d79-88a5-219307e59d29 http://example.com/metrics prometheus1.example.com label1=value1,label2=value2 environment=test 2021-02-04T14:13:50Z\n```\n\nYou can specify a namespace with `-n`. The namespace defines how its services are exported (standard or blackbox). You can also create namespaces to group services. The service endpoint is unique per namepace.\n\nTo view all configured namespaces:\n\n```console\n$ discovery namespace list\nNAME    EXPORTCONFIG MODIFIED\ndefault standard     2021-02-04T14:07:03Z\n```\n\nRegister a blackbox namespace:\n\n```console\n$ discovery namespace register -e blackbox default-blackbox\n$ discovery namespace list\nNAME             EXPORTCONFIG MODIFIED\ndefault          standard     2021-02-05T07:58:35Z\ndefault-blackbox blackbox     2021-02-05T08:00:18Z\n```\n\nNow we can register a blackbox service:\n\n```console\n$ discovery service register -e http://blackbox.example.com -n default-blackbox blackbox -s environment=test\n$ discovery service list\nNAME     NAMESPACE        ID                                   ENDPOINT                    SERVERS                 LABELS                      SELECTOR         MODIFIED             DESCRIPTION\nblackbox default-blackbox e988791c-2c4e-5eeb-b3b8-db3c0cf82719 http://blackbox.example.com prometheus1.example.com                             environment=test 2021-02-05T08:05:44Z\nexample  default          93c156b1-f218-5d79-88a5-219307e59d29 http://example.com/metrics  prometheus1.example.com label1=value1,label2=value2 environment=test 2021-02-05T07:59:17Z\n```\n\nYou can verify that the http service discovery endpoint works (see [below](#authentication) on how to get a token) with the following command:\n\n```console\n$ curl -s -H  \"authorization: bearer $TOKEN\" 'http://localhost:3002/v1/sd/prometheus1.example.com/default' |jq\n[\n  {\n    \"targets\": [\n      \"example.com\"\n    ],\n    \"labels\": {\n      \"__metrics_path__\": \"/metrics\",\n      \"__scheme__\": \"http\",\n      \"instance\": \"example.com\",\n      \"job\": \"example\",\n      \"label1\": \"value1\",\n      \"label2\": \"value2\"\n    }\n  }\n]\n```\n\nAnd for the blackbox service:\n\n```console\n$ curl -s -H  \"authorization: bearer $TOKEN\" 'http://localhost:3002/v1/sd/prometheus1.example.com/default-blackbox?config=blackbox' |jq\n[\n  {\n    \"targets\": [\n      \"http://blackbox.example.com\"\n    ],\n    \"labels\": {}\n  }\n]\n```\n\nSee [below](#http_sd) on how to configure prometheus for [http_sd](https://prometheus.io/docs/prometheus/latest/http_sd/).\n\n## Authentication\n\nDiscovery is meant to work with an openid connect server (Password Grant Flow). The following options exist for configuration:\n\n```\n--oidc-endpoint=STRING                       OIDC endpoint URL ($DISCOVERY_OIDC_ENDPOINT).\n--oidc-client-id=STRING                      OIDC client ID ($DISCOVERY_OIDC_CLIENT_ID).\n--oidc-roles=OIDC-ROLES,...                  The the roles that are allowed to change servers and namespaces and to issue machine tokens ($DISCOVERY_OIDC_ROLES).\n--ca-cert=STRING                             Path to a custom tls ca pem file. Certificates in this file are added to system cert pool ($DISCOVERY_CA_CERT).\n```\n\nWith `--oidc-roles` you can specify a comma separated list of roles, that can register servers, namespaces and services. Those roles can also issue machine access tokens.\n\nTo login run:\n\n```console\n$ discovery login\n```\n\nOn successful login the token is saved to `~/.config/discovery/.token` for all subsequent requests.\n\nYou can create machine tokens with:\n\n```console\n$ token create -n default,default-blackbox ansible-user\neyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhbnNpYmxlLXVzZXIiLCJpYXQiOjE2MTI1MTM1ODkuMDA3ODY2OSwiaXNzIjoidGhlc2VjcmV0IiwibmJmIjoxNjEyNTEzNTg5LjAwNzg2NjksIm5hbWVzcGFjZXMiOlsiZGVmYXVsdCIsImRlZmF1bHQtYmxhY2tib3giXX0.IUKFuyKMAU5aRZJPLp67Uei9o2G5neJz_Ha86JZnd8o\n```\n\nThe above command creates a token with access to `default` and `default-blackbox` namespaces. `ansible-user` is an ID to identify the token.\n\nTo view a token run:\n\n```console\n$ discovery token info eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhbnNpYmxlLXVzZXIiLCJpYXQiOjE2MTI1MTM1ODkuMDA3ODY2OSwiaXNzIjoidGhlc2VjcmV0IiwibmJmIjoxNjEyNTEzNTg5LjAwNzg2NjksIm5hbWVzcGFjZXMiOlsiZGVmYXVsdCIsImRlZmF1bHQtYmxhY2tib3giXX0.IUKFuyKMAU5aRZJPLp67Uei9o2G5neJz_Ha86JZnd8o\nid: ansible-user\nnamespaces: [default default-blackbox]\nexpiry: never\n```\n\nYou can use the created token for automating tasks. You can set the token as follows in `~/.config/discovery/.token`:\n\n```yaml\nmachine_token: \u003cgenerated jwt token\u003e\n```\n\nWith the above token you can register services only (no namespaces or servers can be registered)\n\n## Configuration\n\nEvery flag can be set with environment variables. Run `discovery --help` to check which variables are available. It is also possible to use yaml configuration files. You can check which config files are used with:\n\n```console\n$ discovery --show-config\nConfiguration files:\n  /home/user/.config/discovery/config.yaml                       parsed\n  /etc/discovery/config.yaml                                     not found\n```\n\nExample config:\n\n```yaml\nselector: zone=default\noidc-client-id: client-id\noidc-roles:\n  - role1\n  - role2\noidc-endpoint: https://auth.example.com/auth/realms/discovery\n```\n\n## API\n\n### GRPC\n\nThe service discovery has a GRPC API. The proto files can be found [here](./proto/postfinance/discovery/v1). The generated GRPC go code is also in that directory. To send the authorization token with the go client you\ncan use an [UnaryClientInterceptor](https://github.com/grpc/grpc-go/blob/master/interceptor.go) like below:\n\n```go\nfunc buildClientInterceptor(token string) func(context.Context, string, interface{}, interface{}, *grpc.ClientConn, grpc.UnaryInvoker, ...grpc.CallOption) error {\n\treturn func(ctx context.Context, method string, req interface{}, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {\n\t\tctx = metadata.AppendToOutgoingContext(ctx, \"authorization\", \"bearer \"+token)\n\n\t\treturn invoker(ctx, method, req, reply, cc, opts...)\n\t}\n}\n```\n\n### REST\n\nIt is also possible to access the a rest api generated with [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway). The swagger api documentation is available under http://localhost:3002/swagger/\n(when running the server with default settings).\n\nTo access the API you have to set an authorization header:\n\n```console\ncurl -X GET \"http://localhost:3002/v1/namespaces\" -H  \"accept: application/json\" -H \" -H \"authorization: bearer \u003ctoken\u003e\"\"\n```\n\nTo unregister a service by endpoint URL run:\n\n```console\ncurl -G -v -X DELETE --data-urlencode \"id=http://example.com:9182/metrics\" -H \"accept: application/json\" -H \"authorization: bearer $TOKEN\" http://localhost:3002/v1/services/windows\n```\n\nwhich is the same as:\n\n```console\ncurl -v -X DELETE -H \"accept: application/json\" -H \"authorization: bearer $TOKEN\" 'http://localhost:3002/v1/services/windows?id=http%3A%2F%2Fexample.com%3A9182%2Fmetrics'\n```\n\n## Prometheus Scrape Configuration\n\n### http_sd\n\nThe following is an example on how to configure prometheus for http_sd:\n\n```yaml\nglobal:\n  scrape_interval: 15s\n\nscrape_configs:\n  - job_name: \"http\"\n    http_sd_configs:\n      - url: https://\u003cservice-discovery-url\u003e:\u003cport\u003e/v1/sd/prometheus1.example.com/default?export-config=standard\n        authorization:\n          type: Bearer\n          credentials: \u003cjwt token\u003e\n```\n\n## Systemd\n\nIt is possible to register and unregister services on start/stop with systemd. An example for auto registering [node_exporter](https://github.com/prometheus/node_exporter):\n\n- `/usr/lib/systemd/system/node_exporter.service`:\n\n```\n[Unit]\nDescription=prometheus node exporter\nWants=network-online.target\nAfter=network-online.target\n\n[Service]\nEnvironmentFile=/etc/sysconfig/node_exporter\nExecStart=/usr/bin/node_exporter --web.listen-address=${LISTEN} --log.level=${LOGLEVEL} --collector.netstat.fields=(.*) --collector.processes\nExecStartPost=-/bin/discovery service register ${DISCOVERY_NAME}\nExecStopPost=-/bin/discovery service unregister\n\n[Install]\nWantedBy=multi-user.target\n```\n\n- `/etc/sysconfig/node_exporter`:\n\n```yaml\nLISTEN=:9549\nLOGLEVEL=info\nDISCOVERY_NAMESPACE=systemd\nDISCOVERY_ENDPOINTS=\"\u003cendpoint_url\u003e\"\nDISCOVERY_NAME=node\n```\n\n- `etc/discovery/config.yaml`:\n\n```yaml\naddress: \u003cdiscovery-service-url\u003e\noidc-endpoint: \u003coidc-endpoint-url\u003e\noidc-client-id: \u003coidc-endpoint-client-id\u003e\nselector: environment=test\n```\n\nCreate a token and add it to `/root/.config/discovery/.token`:\n\n```yaml\nmachine_token: \u003cjwt-token\u003e\n```\n\nAfter you have run `systemctl daemon-reload` the service registers and unregisters automatically on `systemctl start|stop node_exporter`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpostfinance%2Fdiscovery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpostfinance%2Fdiscovery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpostfinance%2Fdiscovery/lists"}