Exposing an unauthenticated prometheus endpoint when tls is enabled

mariowood · November 28, 2019, 5:15pm

Hi,

We’re setting up a new consul cluster in AWS on EC2, our cluster has TLS configured with client certificates required (verify_incoming / verify_outgoing both true in config). Is there any way to expose an unauthenticated prometheus endpoint over HTTP whilst our cluster is configured like this?

We’re trying to avoid the need to generate a client certificate for our prometheus servers that will be scraping the metrics from our consul instances.

Any help would be really appreciated.

Thanks
Andy

blake · December 3, 2019, 1:32am

Hi Andrew,

Take a look at the expose parameter which was added to the proxy service registration config in Consul 1.6.2 (PR#6446). It allows exposing HTTP endpoints through an Envoy sidecar proxy.

This should offer the functionality you’re looking for.

Topic		Replies	Views
Consul and Prometheus with ACLs and TLS enable Consul prometheus	9	2959	September 24, 2022
Consul ingress gateway route to https enabled application Consul	7	1194	July 22, 2021
External Consul Clients - Kubernetes Servers - TLS and ACL Enabled Consul	1	278	September 1, 2020
Register services, protected by HTTPS and Basic Auth Consul	0	293	January 27, 2023
Consul verified TLS from Pods in Kubernetes cluster Consul k8s	12	4038	May 29, 2020

Exposing an unauthenticated prometheus endpoint when tls is enabled

Related topics