当前位置: 文江博客话题详情

Prometheus远程写入mTLS

发布于 2025-01-09 10:18:15 字数 163 浏览 0 评论 0原文

我正在尝试设置 Prometheus 到 Prometheus 指标流,我可以通过标志 --enable-feature=remote-write-receiver 来完成此操作。

但是我需要那里有 mTLS,有人可以建议手册或发布配置示例吗?

感谢你的帮助

原文

I'm trying to set up Prometheus-to-Prometheus metrics flow, I was able to do it by flag --enable-feature=remote-write-receiver.

However I need to have mTLS there, can someone advice a manual or post a config sample?

Appreciate you help

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

成熟稳重的好男人 2025-01-16 10:18:15

还有第二个配置文件,其中包含与 HTTP 服务器相关的实验选项,并且它具有启用 TLS 的选项:

tls_server_config:
  # Certificate and key files for server to use to authenticate to client.
  cert_file: <filename>
  key_file: <filename>

  # Server policy for client authentication. Maps to ClientAuth Policies.
  # For more detail on clientAuth options:
  # https://golang.org/pkg/crypto/tls/#ClientAuthType
  #
  # NOTE: If you want to enable client authentication, you need to use
  # RequireAndVerifyClientCert. Other values are insecure.
  client_auth_type: RequireAndVerifyClientCert # default = "NoClientCert"

  # CA certificate for client certificate authentication to the server.
  client_ca_file: <filename>

此文件的文档位于 HTTPS 和身份验证 文章。请注意,创建此文件后,您必须使用额外选项启动 Prometheus:

--web.config.file=/path/to/the/file.yml

以上内容将在接收部分进行配置。发送部分需要在其 remote_write 中配置客户端 TLS 证书:

remote_write:
- url: https://prometheus.example.com
  tls_config:
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config
    cert_file: <filename>
    key_file: <filename>

There is a second config file with experimental options related to HTTP server, and it has options to enable TLS:

tls_server_config:
  # Certificate and key files for server to use to authenticate to client.
  cert_file: <filename>
  key_file: <filename>

  # Server policy for client authentication. Maps to ClientAuth Policies.
  # For more detail on clientAuth options:
  # https://golang.org/pkg/crypto/tls/#ClientAuthType
  #
  # NOTE: If you want to enable client authentication, you need to use
  # RequireAndVerifyClientCert. Other values are insecure.
  client_auth_type: RequireAndVerifyClientCert # default = "NoClientCert"

  # CA certificate for client certificate authentication to the server.
  client_ca_file: <filename>

The documentation on this file is located at the HTTPS AND AUTHENTICATION article. Note that after creating this file, you have to start Prometheus with the extra option:

--web.config.file=/path/to/the/file.yml

The above is to be configured on the receiving part. The sending part needs a client TLS certificate configured in its remote_write:

remote_write:
- url: https://prometheus.example.com
  tls_config:
    # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config
    cert_file: <filename>
    key_file: <filename>
回复 原文
~没有更多了~

关于作者

情愿

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文