What did you do?
I have added scrape config for servers. FW are opened.
What did you expect to see?
Targets scraped without - remote error: tls: handshake failure.
Tested on prometheus 2.26.0,2.28.0,2.28.1 - kube-prometheus-stack helm chart
- Prometheus configuration file:
- job_name: "<NAME>" honor_timestamps: true scrape_interval: 30s scrape_timeout: 10s metrics_path: /actuator/prometheus scheme: https tls_config: cert_file: "/etc/prometheus/secrets/prometheus-client-cert/tls.crt" key_file: "/etc/prometheus/secrets/prometheus-client-cert/tls.key" ca_file: "/etc/prometheus/secrets/<CA>" insecure_skip_verify: false follow_redirects: true metrics_path: "/actuator/prometheus" scheme: https static_configs: - targets: - <server1>:6472 - <server2>:6472 - <server3>:6472
Debug log shows only same problem as Prometheus UI.
I did try to use wget for scrape endpoint (not working), also curl from kubernetes node (works).
Also curl from my pc with same certificates works.
What other debug should be done ? I know curl is security issue in images, but there should be some option to test this connection more.
Also TLS ciphers offered by server matches possible TLS basic ciphers from go.