On Tuesday, 17 March 2020 16:28:35 UTC, Steve wrote: > > 1) What are the reasons for *not* supporting TLS with client certificates > for connections to Prometheus server instance? Any plan to support it in > the near future? > > Presumably because this is functionality which is easily provided separately via a reverse-proxy: https://www.robustperception.io/adding-basic-auth-to-prometheus-with-nginx Note that node_exporter 1.0.0 (which is in RC status) has gained some TLS server functionality: https://github.com/prometheus/node_exporter/releases https://github.com/prometheus/node_exporter/pull/1277
It can validate a client cert, but AFAICS it can't check the certificate identity, so will accept *any* cert signed by the given CA. 2) Can connections from Prometheus server instance to alertManagers and > connections from alertManager to webhook receivers be secured using TLS with > certificates today? > > Yes: all *outbound* connections (including exporter scrapes) can use TLS, and can authenticate themselves using client cert, basic auth and/or bearer token. https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/5c1de49b-37de-43ba-a3f3-c18df899000d%40googlegroups.com.
