Configuration of TLS encryption for Node-exporter to user defined Prometheus

Hello @roidelapluie ,

We are using user defined Prometheus and would like to know how can we implement node-exporter with TLS encryption with User-Defined Prometheus.

We have used OCP 4.8 (Openshift Container Platform ) as Prometheus and node-exporter

configuration file for node-exporter service is:

Exporter Side

  1. config.yaml
  2. node_exporter.crt
  3. node_exporter.key

$ podman run -i -t -v /home/supervisor/encryption:/tmp:z -p 9100:9100 quay.io/prometheus/node-exporter --web.config="/tmp/config.yaml"

Prometheus side


[root@ocp003-mng001 node]# cat service.yaml
apiVersion: v1
kind:

 Service
metadata:
  name: caasnode-exporter
  namespace: pf-monitor
  labels:
    app: caasnode-exporter
spec:
  ports:
  - port: 9100
    targetPort: 9100
    name: metric
    protocol: TCP
  type: NodePort

[root@ocp003-mng001 node]# cat endpoints.yaml
kind: Endpoints
apiVersion: v1
metadata:
  name: caasnode-exporter
  namespace: pf-monitor
subsets:
  - addresses:
      - ip: 172.17.40.221
    ports:
      - port: 9100
        name: metric

[root@ocp003-mng001 node]# cat serviceMonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    k8s-app: node-exporter
  name: caasnode-exporter
  namespace: pf-monitor
spec:
  endpoints:
  - interval: 30s
    name: metric
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
  selector:
    matchLabels:
      app: caasnode-exporter

[root@ocp003-mng001 node]# oc get pods -n openshift-user-workload-monitoring
NAME                                 READY   STATUS    RESTARTS   AGE
prometheus-operator-fb9dcc6c-tbvbj   2/2     Running   0          2d
prometheus-user-workload-0           5/5     Running   1          2d
prometheus-user-workload-1           5/5     Running   1          2d
thanos-ruler-user-workload-0         3/3     Running   0          2d
thanos-ruler-user-workload-1         3/3     Running   0          2d