TLS issue

[Mohan Nagandlla]

I have enabled the TLS for proemtheus web and it has success but comming to the config reloader container it is giving error like this

ts=2021-10-21T03:17:20.472907734Z caller=log.go:124 level=error msg="function failed. Retrying in next tick" err="trigger reload: received non-200 response: 400 Bad Request; have you set `--web.enable-lifecycle` Prometheus flag?"

ts=2021-10-21T03:17:25.473290874Z caller=log.go:124 level=error msg="function failed. Retrying in next tick" err="trigger reload: received non-200 response: 400 Bad Request; have you set `--web.enable-lifecycle` Prometheus flag?"

But I have enabled the flag the main problem I have observed is

 in reloaded contianer argumnets tye reload url is http only not https Prometheus running on https but config reloader is trying to connect to the Prometheus with http that's why it's showing that error and which leads to not able to update scrap targets and alerts by CRD

Thanks

Mohan Nagandlla

[Brian Candler]

I think you answered your own question.  If you've changed the prometheus web interface to use HTTPS, then whatever piece of software is sending the reload command to prometheus also needs to use HTTPS.

You didn't mention what that piece of software is, but you'll need to change it (or its configuration).  Of course, how to do this is not a question about prometheus, so talk to the author of that software.

Another option is to leave prometheus on http, put a proxy in front of it (e.g. exporter_exporter, apache, nginx) to do the TLS termination.  Then the thing that's doing the reload can connect directly to prometheus on 127.0.0.1:9090 (if it's running in the same pod).  Or since you mention CRDs, and presumably kubernetes, then you could do your TLS termination on an ingress controller.