Configure Prometheus Connector with Security

These instructions assume you have the correct version of the connector installed in your Confluent Platform instance. The communication from the Prometheus agent to the connector HTTP endpoint (scrape interface) can be encrypted with TLS support, TLS and basic authentication, or basic authentication only.

Generate Certificates

The following example shows how to generate certificates:

# Generate JKS
keytool -genkeypair -alias <alias_name> -keyalg RSA -keysize 2048 -keystore <jks_name>.jks -validity 3650

Configure the Connector

You can use the following configuration examples to setup TLS or TLS with basic authentication.

TLS only

The following example configuration starts the connector with TLS support:

name=prometheus-connector
topics=test-topic
tasks.max=1
connector.class=io.confluent.connect.prometheus.PrometheusMetricsSinkConnector
confluent.topic.bootstrap.servers=localhost:9092
prometheus.scrape.url=https://localhost:8889/metrics
key.converter=io.confluent.connect.avro.AvroConverter
key.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081
reporter.result.topic.replication.factor=1
reporter.error.topic.replication.factor=1
behavior.on.error=LOG
tls.keystore.filepath=/home/User/some_directory/example.jks
tls.storepass=mypassword
tls.keypass=mypassword

TLS with basic authentication

The following example configuration starts the connector with TLS and basic authentication:

name=prometheus-connector
topics=test-topic
tasks.max=1
connector.class=io.confluent.connect.prometheus.PrometheusMetricsSinkConnector
confluent.topic.bootstrap.servers=localhost:9092
prometheus.scrape.url=https://localhost:8889/metrics
key.converter.schema.registry.urlhttp://localhost:8081
key.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
reporter.result.topic.replication.factor=1
reporter.error.topic.replication.factor=1
behavior.on.error=LOG
tls.keystore.filepath=/home/User/some_directory/example.jks
tls.storepass=mypassword
tls.keypass=mypassword
basic.auth.username=basicauthusername
basic.auth.password=basicauthpassword

Basic authentication only

The following example configuration starts the connector with basic authentication only:

name=prometheus-connector
topics=test-topic
tasks.max=1
connector.class=io.confluent.connect.prometheus.PrometheusMetricsSinkConnector
confluent.topic.bootstrap.servers=localhost:9092
prometheus.scrape.url=http://localhost:8889/metrics
key.converter.schema.registry.url=http://localhost:8081
key.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
key.converter.schemas.enable=true
value.converter.schemas.enable=true
reporter.result.topic.replication.factor=1
reporter.error.topic.replication.factor=1
behavior.on.error=LOG
basic.auth.username=basicauthusername
basic.auth.password=basicauthpassword