Add mutual TLS to Prometheus endpoints

You can configure mutual TLS authentication when needed for the endpoints in your Prometheus OpenMetrics integration with New Relic. Add tls_config to your configuration file for Docker or Kubernetes, as explained in this example.

Add secret to config file

Recommendation: Put the CA bundle, key, and cert files in a secret, and include them in the Prometheus OpenMetrics integration's container.

Mutual TLS authentication is limited to a static list of URLs. To configure endpoints that require MTLS authentication, follow this example:

targets:
- description: "Secure etcd example"
  urls: ["https://123.456.7.1:2379", "https://123.456.7.2:2379"]
  tls_config:
    ca_file_path: "/etc/etcd/etcd-client-ca.crt"
    cert_file_path: "/etc/etcd/etcd-client.crt"
    key_file_path: "/etc/etcd/etcd-client.key"
transformations:
  ...

For more help

Recommendations for learning more: