Hello,
Is there a way to secure the endpoints exposed by the exporters by using the default security toolkit that is available on the newer versions of the node-exporter, postgres-exporter and mysqld-exporter?
Regards,
Jesus
I am sorry I didn’t understand your question fully but if you want to go for SSL that should help
@jesus-velez I googled ‘security toolkit node-exporter’ and did not find anything on this. Can you please explain more and perhaps provide some links to documentation?
@matthewb Totally got busy with other stuff, but old topics like these always find their way back. What I wanted to know is to see if the exporters that pmm is using by default can be secured with tls. You can find more information on it at GitHub - prometheus/node_exporter: Exporter for machine metrics. I went over the pmm documentation but could not find an answer.
I can see that our node_exporter does use the webConfig parameter: --web.config.file=/usr/local/percona/pmm/tmp/agent_type_node_exporter/b33f74c6-9c0c-4304-86a8-eeeab27ac720/webConfig
Metrics are pushed to PMM by default, and since PMM is SSL/TLS by default, this should already be in place. If your environment requires ‘pull’ metrics (very rare), then additional steps would need to be taken to setup each *_exporter to use SSL/TLS.
Hey @matthewb thanks so much for the reply. Is there any documentation that you know off to get the webconfig configured on pre-existing deployments on the clients?
You might want to open a feature request https://jira.percona.com/ as I believe the webConfig file is created/managed by the PMM agent.
Thank you for the information!