Add mutual TLS to Prometheus endpoints

You can configure mutual TLS authentication when needed for the endpoints in your Prometheus OpenMetrics integration with New Relic. Add tls_config to your configuration file for Docker or Kubernetes, as explained in this example.

Add secret to config file

Recommendation: Put the CA bundle, key, and cert files in a secret, and include them in the Prometheus OpenMetrics integration's container.

Mutual TLS authentication is limited to a static list of URLs. To configure endpoints that require MTLS authentication, follow this example:

- description: "Secure etcd example"
  urls: ["https://123.456.7.1:2379", "https://123.456.7.2:2379"]
    ca_file_path: "/etc/etcd/etcd-client-ca.crt"
    cert_file_path: "/etc/etcd/etcd-client.crt"
    key_file_path: "/etc/etcd/etcd-client.key"

For more help

If you need more help, check out these support and learning resources: