Prometheus 远程写入 mTLS

Prometheus remote write mTLS

我正在尝试设置 Prometheus 到 Prometheus 指标流,我能够通过标记 --enable-feature=remote-write-receiver 来完成。

但是我需要在那里安装 mTLS,有人可以建议手册或 post 配置示例吗?

感谢您的帮助

第二个配置文件带有与 HTTP 服务器相关的 实验性 选项,并且它具有启用 TLS 的选项:

tls_server_config:
  # Certificate and key files for server to use to authenticate to client.
  cert_file: <filename>
  key_file: <filename>

  # Server policy for client authentication. Maps to ClientAuth Policies.
  # For more detail on clientAuth options:
  # https://golang.org/pkg/crypto/tls/#ClientAuthType
  #
  # NOTE: If you want to enable client authentication, you need to use
  # RequireAndVerifyClientCert. Other values are insecure.
  client_auth_type: RequireAndVerifyClientCert # default = "NoClientCert"

  # CA certificate for client certificate authentication to the server.
  client_ca_file: <filename>

此文件的文档位于 HTTPS AND AUTHENTICATION 文章中。请注意,创建此文件后,您必须使用额外选项启动 Prometheus:

--web.config.file=/path/to/the/file.yml

以上是在接收端配置。发送方需要在其 remote_write:

中配置客户端 TLS 证书
remote_write:
- url: https://prometheus.example.com
  tls_config:
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config
    cert_file: <filename>
    key_file: <filename>