memcached_exporter icon indicating copy to clipboard operation
memcached_exporter copied to clipboard
verified publisher icon prometheus

Add TLS support to the memcached exporter

Open rhodesn opened this issue 4 years ago • 2 comments

This is based on, and pending, the changes in gomemcache PR https://github.com/grobie/gomemcache/pull/2.

The original non-TLS behaviour is unchanged, however when --tls.enable is given, the net connection is created by the crypto/tls module instead of the net module.

The PR follows a similar setup to the TLS code in amtool and made cert/key/ca/servername/insecure-skip-verify configurable. The ServerName defaults to the provided address which seems a sensible default. During testing, verification of the server certificates was expecting an IP SAN even when a hostname is provided as the connection address, hence the default.

rhodesn avatar Nov 22 '21 12:11 rhodesn

This should probably use the exporter toolkit.

Take a look at https://github.com/prometheus/haproxy_exporter/pull/205 for an example.

SuperQ avatar Nov 22 '21 17:11 SuperQ

@SuperQ thanks for the pointer! I think that's already implemented here? https://github.com/prometheus/memcached_exporter/blob/master/cmd/memcached_exporter/main.go#L39

The PR is to enable TLS connections between exporter -> memcached. Not Prometheus -> exporter.

rhodesn avatar Nov 22 '21 18:11 rhodesn

Hi, we are looking into this issue recently. Is this something we can help unblock soon? If not, we are happy to have a new pr and get this feature in.

yeya24 avatar Jan 29 '23 07:01 yeya24

Continued and merged in #153

matthiasr avatar Feb 13 '23 10:02 matthiasr