I'm trying to set up Prometheus-to-Prometheus metrics flow, I was able to do it by flag --enable-feature=remote-write-receiver.
However I need to have mTLS there, can someone advice a manual or post a config sample?
Appreciate you help
Asked
Active
Viewed 1,320 times
2
Victor EStalin
- 171
- 1
- 11
1 Answers
1
There is a second config file with experimental options related to HTTP server, and it has options to enable TLS:
tls_server_config:
# Certificate and key files for server to use to authenticate to client.
cert_file: <filename>
key_file: <filename>
# Server policy for client authentication. Maps to ClientAuth Policies.
# For more detail on clientAuth options:
# https://golang.org/pkg/crypto/tls/#ClientAuthType
#
# NOTE: If you want to enable client authentication, you need to use
# RequireAndVerifyClientCert. Other values are insecure.
client_auth_type: RequireAndVerifyClientCert # default = "NoClientCert"
# CA certificate for client certificate authentication to the server.
client_ca_file: <filename>
The documentation on this file is located at the HTTPS AND AUTHENTICATION article. Note that after creating this file, you have to start Prometheus with the extra option:
--web.config.file=/path/to/the/file.yml
The above is to be configured on the receiving part. The sending part needs a client TLS certificate configured in its remote_write:
remote_write:
- url: https://prometheus.example.com
tls_config:
# https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config
cert_file: <filename>
key_file: <filename>
anemyte
- 17,618
- 1
- 24
- 45