Configure Prometheus Connector with Security¶
These instructions assume you have the correct version of the connector installed in your Confluent Platform instance. The communication from the Prometheus agent to the connector HTTP endpoint (scrape interface) can be encrypted with TLS support, TLS and basic authentication, or basic authentication only.
Generate Certificates¶
The following example shows how to generate certificates:
# Generate JKS
keytool -genkeypair -alias <alias_name> -keyalg RSA -keysize 2048 -keystore <jks_name>.jks -validity 3650
Configure the Connector¶
You can use the following configuration examples to setup TLS or TLS with basic authentication.
TLS only¶
The following example configuration starts the connector with TLS support:
name=prometheus-connector
topics=test-topic
tasks.max=1
connector.class=io.confluent.connect.prometheus.PrometheusMetricsSinkConnector
confluent.topic.bootstrap.servers=localhost:9092
prometheus.scrape.url=https://localhost:8889/metrics
key.converter=io.confluent.connect.avro.AvroConverter
key.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081
reporter.result.topic.replication.factor=1
reporter.error.topic.replication.factor=1
behavior.on.error=LOG
tls.keystore.filepath=/home/User/some_directory/example.jks
tls.storepass=mypassword
tls.keypass=mypassword
TLS with basic authentication¶
The following example configuration starts the connector with TLS and basic authentication:
name=prometheus-connector
topics=test-topic
tasks.max=1
connector.class=io.confluent.connect.prometheus.PrometheusMetricsSinkConnector
confluent.topic.bootstrap.servers=localhost:9092
prometheus.scrape.url=https://localhost:8889/metrics
key.converter.schema.registry.urlhttp://localhost:8081
key.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
reporter.result.topic.replication.factor=1
reporter.error.topic.replication.factor=1
behavior.on.error=LOG
tls.keystore.filepath=/home/User/some_directory/example.jks
tls.storepass=mypassword
tls.keypass=mypassword
basic.auth.username=basicauthusername
basic.auth.password=basicauthpassword
Basic authentication only¶
The following example configuration starts the connector with basic authentication only:
name=prometheus-connector
topics=test-topic
tasks.max=1
connector.class=io.confluent.connect.prometheus.PrometheusMetricsSinkConnector
confluent.topic.bootstrap.servers=localhost:9092
prometheus.scrape.url=http://localhost:8889/metrics
key.converter.schema.registry.url=http://localhost:8081
key.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
key.converter.schemas.enable=true
value.converter.schemas.enable=true
reporter.result.topic.replication.factor=1
reporter.error.topic.replication.factor=1
behavior.on.error=LOG
basic.auth.username=basicauthusername
basic.auth.password=basicauthpassword