Add mutual TLS to Prometheus endpoints

You can configure mutual TLS authentication when needed for the endpoints in your Prometheus OpenMetrics integration with New Relic. Add tls_config to your configuration file for Docker or Kubernetes, as explained in this example.

Add secret to config file

Recommendation: Put the CA bundle, key, and cert files in a secret, and include them in the Prometheus OpenMetrics integration's container.

Mutual TLS authentication is limited to a static list of URLs. To configure endpoints that require MTLS authentication, follow this example:

targets:
- description: "Secure etcd example"
  urls: ["https://123.456.7.1:2379", "https://123.456.7.2:2379"]
  tls_config:
    ca_file_path: "/etc/etcd/etcd-client-ca.crt"
    cert_file_path: "/etc/etcd/etcd-client.crt"
    key_file_path: "/etc/etcd/etcd-client.key"
transformations:
  ...

For more help

If you need more help, check out these support and learning resources:

Browse the Explorers Hub to get help from the community and join in discussions.
Find answers on our sites and learn how to use our support portal.
Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
Review New Relic's and and documentation.

Add mutual TLS to Prometheus endpoints

Add secret to config file

.css-3u3y73{fill:none;stroke:currentColor;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;}.css-1bvd50p{width:1rem;height:1rem;fill:none;stroke:currentColor;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;}For more help

For more help