Promtail to support TLS termination

[kirankh7]

I'm using promtail to push logs from thousands of bare metal machines. When promtail pushes logs, we do mtls. But when is collected performance data(promtail metrics) by default promtail is not supporting tls termination. I don't know why promtail doesn't support TSL Termination to collect metrics. It's not a heavy feature to support tls, it will be nice if you add mtls support to promtail /metric connection.

In the modern world, we have sidecars to manage these types of scenarios. However, this is still an issue with bare-metal, we don't like to ship many different products(haproxy/nginx) just to support promtail metric collection on mTLS.

If we can add support that will be super cool, thank you

[jkerndev]

+1, the metrics from promtail would be nice to scrap instead of doing queries to calculate similar data, but it's simply data we don't want to have exposed over the network through unencrypted scraping. Additionally, even if we did do unencrypted scraping, our prometheus instance is also using mTLS which rules it out as a possibility.

[ec-appsoss]

+1, I have the same use case as well. We need prometheus to scrape promtail metrics but it is only possible through mTLS.

[chodges15]

+1, we are using a sidecar to scrape metrics and report them with mTLS, but only a subset of them. It would be nice to be able to have secure remote access to the full set of metrics.