http: mtail TLS/SSL support #473
Comments
|
TLS support would be a great addition. In the enterprise cloud world tls connections between distributed applications is becoming a hard requirement, even for something as basic as metrics. |
jaqx0r
added
enhancement
|
The linked bug and PR from node_exporter is massive. I am very disinclined to make |
|
I was trying to avoid having to install a ssl/tls proxy but it may have to do for my case. mtail is a great tool and we use it to extend the apache metrics we can't get with apache_exporter's server-status metrics. The apache exporter I use doesn't have native TLS either so using something like nginx or ghostunnel would solve the encrypted communications problem for all of my prometheus exporters and would be better than having to maintain my own forks of those projects. Thanks for the response. |
|
I understand. Fewer tools required to solve a task is great. What I
don't want to do is add the complexity of certificate management to mtail
-- the existence of tools like ghostunnel make me think that it's not
trivial. And with configuration management tools all over the place, the
cost I perceive of an additional tool that specialises in that doesn't seem
that great to me, while it returns significant value.
But if it's simple to add -- doesn't make the http server in mtail more
complex -- and simple to use -- maybe just command line flags to set the
certificates -- then I'd be happy to review a PR to add the support for it.
So I'm not promising that we'll add it, but if someone wants to work on the
feature and it doesn't terrify me, then I'll accept it. (I can also
entertain the idea that someone else volunteers to be responsible for the
http server and any future maintenance required, in which case they just
make a blood oath rather than convince me to accept it.)
…On Mon, 22 Mar 2021 at 02:55, uselessjargon ***@***.***> wrote:
I was trying to avoid having to install a ssl/tls proxy but it may have to
do for my case. mtail is a great tool and we use it to extend the apache
metrics we can't get with apache_exporter's server-status metrics. The
apache exporter I use doesn't have native TLS either so using something
like nginx or ghostunnel would solve the encrypted communications problem
for all of my prometheus exporters and would be better than having to
maintain my own forks of those projects.
Thanks for the response.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#473 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXFX6YD2ZFNVDARIBMGD2LTEYJIFANCNFSM4YJS5TRQ>
.
|
|
This issue has been waiting for more information for more than 60 days and will be closed in 7 if no update is provided. |
Similar to node_exporter's TLS support (prometheus/node_exporter#1286), it would be great to have TLS supported here using
https://github.com/prometheus/exporter-toolkit
referenced before here:
#327 (comment)
Alternatively, since most hosts I am working with have text file collection, having the option to emit prom text files directly without having an additional Cronjob performing curl to save it into the text file collection folder would be great.
Either options would reduce the number of components needed (nginx/or curl cronjob) to turn logs into metrics for prometheus ingestion.
Thanks!
Looking forward to v3 release
The text was updated successfully, but these errors were encountered: