Prometheus 远程写入 mTLS
Prometheus remote write mTLS
我正在尝试设置 Prometheus 到 Prometheus 指标流,我能够通过标记 --enable-feature=remote-write-receiver
来完成。
但是我需要在那里安装 mTLS,有人可以建议手册或 post 配置示例吗?
感谢您的帮助
第二个配置文件带有与 HTTP 服务器相关的 实验性 选项,并且它具有启用 TLS 的选项:
tls_server_config:
# Certificate and key files for server to use to authenticate to client.
cert_file: <filename>
key_file: <filename>
# Server policy for client authentication. Maps to ClientAuth Policies.
# For more detail on clientAuth options:
# https://golang.org/pkg/crypto/tls/#ClientAuthType
#
# NOTE: If you want to enable client authentication, you need to use
# RequireAndVerifyClientCert. Other values are insecure.
client_auth_type: RequireAndVerifyClientCert # default = "NoClientCert"
# CA certificate for client certificate authentication to the server.
client_ca_file: <filename>
此文件的文档位于 HTTPS AND AUTHENTICATION 文章中。请注意,创建此文件后,您必须使用额外选项启动 Prometheus:
--web.config.file=/path/to/the/file.yml
以上是在接收端配置。发送方需要在其 remote_write
:
中配置客户端 TLS 证书
remote_write:
- url: https://prometheus.example.com
tls_config:
# https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config
cert_file: <filename>
key_file: <filename>
我正在尝试设置 Prometheus 到 Prometheus 指标流,我能够通过标记 --enable-feature=remote-write-receiver
来完成。
但是我需要在那里安装 mTLS,有人可以建议手册或 post 配置示例吗?
感谢您的帮助
第二个配置文件带有与 HTTP 服务器相关的 实验性 选项,并且它具有启用 TLS 的选项:
tls_server_config:
# Certificate and key files for server to use to authenticate to client.
cert_file: <filename>
key_file: <filename>
# Server policy for client authentication. Maps to ClientAuth Policies.
# For more detail on clientAuth options:
# https://golang.org/pkg/crypto/tls/#ClientAuthType
#
# NOTE: If you want to enable client authentication, you need to use
# RequireAndVerifyClientCert. Other values are insecure.
client_auth_type: RequireAndVerifyClientCert # default = "NoClientCert"
# CA certificate for client certificate authentication to the server.
client_ca_file: <filename>
此文件的文档位于 HTTPS AND AUTHENTICATION 文章中。请注意,创建此文件后,您必须使用额外选项启动 Prometheus:
--web.config.file=/path/to/the/file.yml
以上是在接收端配置。发送方需要在其 remote_write
:
remote_write:
- url: https://prometheus.example.com
tls_config:
# https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config
cert_file: <filename>
key_file: <filename>