Manually Deploy SSL/TLS Connections Between Components, TiKV Pushes Metrics to Pushgateway

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 手动部署组件间ssl/tls连接,tikv推送metrics给pushgateway

| username: TiDBer_WcVhwJ2n

[TiDB Usage Environment] Production Environment / Testing / PoC
[TiDB Version] 4.0.0 pushgateway 1.6.2
[Reproduction Path] Operations performed that led to the issue
[Encountered Issue: Problem Phenomenon and Impact]
[Resource Configuration] Enter TiDB Dashboard - Cluster Info - Hosts and take a screenshot of this page
[Attachments: Screenshots/Logs/Monitoring]
Single-machine virtual machine binary deployment of the minimal architecture TiDB cluster (2tidb+3tikv+3pd+node_exporter+pushgateway+prometheus+grafana)
Configured SSL/TLS verification and introduced pushgateway, allowing tikv to push metrics data to pushgateway (which is the monitoring framework before TiDB 3.0)
After configuring the former, there were no issues, the cluster status was normal, and prometheus could obtain the correct status. Due to security requirements, pushgateway was also configured with SSL/TLS verification. At this point, tikv reports a certificate verification failure error when pushing metrics. The preliminary judgment is that tikv does not carry certificate and key information when sending requests. Since using curl alone with SSL/TLS verification information to initiate a request to pushgateway (the URL here is the same URL that tikv reports an error on) is successful, I see that the default documentation does not have relevant configurations for this request. Is there any way to solve this problem? :face_with_diagonal_mouth: :face_with_diagonal_mouth: :face_with_diagonal_mouth:

| username: dba远航 | Original post link

You’re getting too deep into it.

| username: wangccsy | Original post link

Newbie supports you.

| username: TiDBer_WcVhwJ2n | Original post link

Just need to check if the source code has been adapted. However, my internship is almost over, and I don’t want to mess around with it anymore. I want to know if it can be configured to solve the issue. :joy: