Alertmanager received x509 mattermost
720 views
Skip to first unread message
wade....@gmail.com
Mar 7, 2018, 4:58:53 PM3/7/18
to Prometheus Users
Hi All - I enabled the slack receiver for alertmanager running in K8s (Kube-Prometheus) in a public facing K8s cluster to Slack and all went fine.
Next I am trying to do the same on prem to MatterMost. However I am getting a x509 on the notification attempt by alertmanager even after importing the MatterMost issuer CA into all node/ minion hosts of kubernetes. Is there another way that will get the alertmanager container the right CA certificate such that I won’t get the x509 error ?
Best Regards
Wade
Next I am trying to do the same on prem to MatterMost. However I am getting a x509 on the notification attempt by alertmanager even after importing the MatterMost issuer CA into all node/ minion hosts of kubernetes. Is there another way that will get the alertmanager container the right CA certificate such that I won’t get the x509 error ?
Best Regards
Wade
Simon Pasquier
Mar 8, 2018, 3:46:22 AM3/8/18
to wade....@gmail.com, Prometheus Users
On Wed, Mar 7, 2018 at 10:58 PM, <wade....@gmail.com> wrote:
Hi All - I enabled the slack receiver for alertmanager running in K8s (Kube-Prometheus) in a public facing K8s cluster to Slack and all went fine.
Next I am trying to do the same on prem to MatterMost. However I am getting a x509 on the notification attempt by alertmanager even after importing the MatterMost issuer CA into all node/ minion hosts of kubernetes. Is there another way that will get the alertmanager container the right CA certificate such that I won’t get the x509 error ?
It isn't possible with the current stable verson. But you can try the 0.15.0-rc.0 version [0] which allows to configure HTTP client parameters such as the CA certificate.
[0] https://github.com/prometheus/alertmanager/releases/tag/v0.15.0-rc.0
[0] https://github.com/prometheus/alertmanager/releases/tag/v0.15.0-rc.0
Best Regards
Wade
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-users+unsubscribe@googlegroups.com.
To post to this group, send email to prometheus-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/02775c94-e3f2-455c-b70a-12908c7b680a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Wade Holler
Mar 13, 2018, 7:13:30 PM3/13/18
to Simon Pasquier, Prometheus Users
Thank you !
On Thu, Mar 8, 2018 at 3:46 AM Simon Pasquier <spas...@redhat.com> wrote:
On Wed, Mar 7, 2018 at 10:58 PM, <wade....@gmail.com> wrote:Hi All - I enabled the slack receiver for alertmanager running in K8s (Kube-Prometheus) in a public facing K8s cluster to Slack and all went fine.
Next I am trying to do the same on prem to MatterMost. However I am getting a x509 on the notification attempt by alertmanager even after importing the MatterMost issuer CA into all node/ minion hosts of kubernetes. Is there another way that will get the alertmanager container the right CA certificate such that I won’t get the x509 error ?It isn't possible with the current stable verson. But you can try the 0.15.0-rc.0 version [0] which allows to configure HTTP client parameters such as the CA certificate.
[0] https://github.com/prometheus/alertmanager/releases/tag/v0.15.0-rc.0
Best Regards
Wade
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To post to this group, send email to promethe...@googlegroups.com.
vincent....@gmail.com
Jul 4, 2018, 1:01:31 AM7/4/18
to Prometheus Users
Is it possible to pass CA parameter to the slack notifier?
My Slack calls get rejected with 509 because I assume our internal corporate network needs a CA for calls to external SSL URL.
Or can we relax SLACK notifications
Christian Hoffmann
Jul 7, 2018, 5:02:15 AM7/7/18
to vincent....@gmail.com, Prometheus Users
Hi Vincent,
On 07/04/2018 07:01 AM, vincent....@gmail.com wrote:
> Is it possible to pass CA parameter to the slack notifier?
I think this is exactly what Simon was trying to point out. :)
The referenced v0.15 release is considered stable now, by the way. So,
once you have updated to this version, you should be able to use the new
parameters.
> My Slack calls get rejected with 509 because I assume our internal
> corporate network needs a CA for calls to external SSL URL.
You could try something like:
slack_configs:
- channel: ...
http_config:
tls_config:
ca_file: /path/to/your/companys/ca.pem
(I have no experience with the slack notifier; just going by the docs)
Kind regards,
Christian
On 07/04/2018 07:01 AM, vincent....@gmail.com wrote:
> Is it possible to pass CA parameter to the slack notifier?
The referenced v0.15 release is considered stable now, by the way. So,
once you have updated to this version, you should be able to use the new
parameters.
> My Slack calls get rejected with 509 because I assume our internal
> corporate network needs a CA for calls to external SSL URL.
slack_configs:
- channel: ...
http_config:
tls_config:
ca_file: /path/to/your/companys/ca.pem
(I have no experience with the slack notifier; just going by the docs)
Kind regards,
Christian
Vincent Brouillet
Jul 8, 2018, 6:59:53 PM7/8/18
to Christian Hoffmann, Prometheus Users
Hi Christian,
thanks
I've been able to make it work with 0.15
I've used insecure_skip_verify: true
Unfortunately ca_file didn't work for me despite passing my company CA. Not sure what went wrong, and if it's an issue with the CA or alert manager.
No big deal, as long as it works.
No big deal, as long as it works.
For others who read this, I use Prometheus Operator which allows mounting files, such as CA inside the Alert manager pod. See https://github.com/coreos/prometheus-operator/issues/1572
Reply all
Reply to author
Forward
0 new messages