Prometheus TLS

[rohank07]

Hello,
Is there a way to pass cacert/cert/key via the CLI if I want to authenticate to Prometheus via TLS?

When trying to pass in https://prom-url
I get:

SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)'))))

I would like to pass in the cert and key to the cli

Thanks

[arikalon1]

hi @rohank07

Yes, you can pass the self sign certificate using an env var named CERTIFICATE

see here

[rohank07]

Thanks @arikalon1

The cacert I am trying to already injected inside my container. It is an istio cert for mTLS. I see that the docs say the cert has to be base-encoded. Is there a way I can pass in the location of the cert (already inside the pod).

[arikalon1]

Hey @rohank07

Passing the cacert location on the container isn't supported yet.
The code that handles loading the custom certificate is here

I think supporting loading a custom cert from a file, based on a different env var is a valid suggestion.

Would you be open to contribute a PR for this?

[rohank07]

I will take a look at this once time permits. Thanks again!