tls_config:
ca_file: '/etc/prometheus/work/testkey/rootCA-crt.pem'
cert_file: '/etc/prometheus/work/testkey/client-crt.pem'
key_file: '/etc/prometheus/work/testkey/client-key.pem'
insecure_skip_verify: true
The docker directory is mapped.
On Monday, October 23, 2023 at 9:47:01 PM UTC+1 Taneem Mazumder wrote:
> Hello, I am running Prometheus from a docker container. I am trying to
> provide access control on my service APIs, so that prometheus would need to
> verify itself with a client certificate.
>
> Below is my prometheus.yml:
>
> global:
> scrape_interval: 30s
> evaluation_interval: 25s
>
> scrape_configs:
> - job_name: "prometheus"
> static_configs:
> - targets: ["localhost:9090"]
>
> - job_name: 'spring-actuator'
> scheme: https
> tls_config:
> ca_file: '/work/testkey/rootCA-crt.pem'
> cert_file: '/work/testkey/client-crt.pem'
> key_file: '/work/testkey/client-key.pem'
> insecure_skip_verify: true
> metrics_path: '/service/actuator/prometheus'
> scrape_interval: 5s
> static_configs:
> - targets: ['192.168.0.7:8443']
>
> With the above config prometheus stops scraping my service - no
> interaction. I can't even see my service in Targets as job name. My srevice
> url also doesn't appear in service discovery of prometheus as well.However,
> when I remove the certificate paths, I can view metrics data from
> Prometheus.
>
> The certificates are working as I have tested through Postman talking with
> my service.
>
> Any suggestion would be really appreciated.
>
> Many thanks.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/3f2004c7-3139-4921-87ae-cb337614e1a9n%40googlegroups.com.
