Scrape mtls enabled pod metrics from external non-mtls prometheus in istio 1.5

deepak_deore · April 7, 2020, 12:22pm

we have prometheus installed by prometheus operator, istio 1.4.x is installed without prometheus, kiali is configured to use this prometheus.

this promtheus doesnt have istio sidecar injected so we mount istio.default secret inside prometheus and using that scrape metrics from the application mtls enabled pod’s.

Ref: https://github.com/istio/istio/issues/7352#issuecomment-439617432

istio 1.5 doesn’t have default secrets in every namespace, does anyone know how to make non istio sidecar prometheus communicate with istio sidecar pod with strict mtls?

leitang · April 8, 2020, 8:31am

https://istio.io/blog/2020/proxy-cert/ is a blog about provisioning a certificate to Prometheus in Istio 1.5.

deepak_deore · April 9, 2020, 9:41am

its not straightforward to use with prometheus installed with prometheus operator

Topic		Replies	Views
Istio 1.5.1 Operator, Mixerless Metrics with Prometheus Operator	9	2514	May 15, 2020
Previous istio proxyv2:1.7.5 is used with Prometheus with istio 1.8.x Policies and Telemetry	0	534	January 28, 2021
BYO Prometheus with mTLS Policies and Telemetry	18	6263	December 21, 2020
Can't scrape metrics using 1.7.3 Policies and Telemetry	3	767	February 26, 2021
mTLS between Grafana and Prometheus Istio 1.0.5 Security	3	1551	April 17, 2019

Scrape mtls enabled pod metrics from external non-mtls prometheus in istio 1.5

Related topics