Safety…first? Prometheus 2.24 finally features TLS on HTTP serving endpoints


The Prometheus team has pushed out its first release of the year, improving the monitoring system’s security and giving its command line tool promtool and time series database TSDB a little polish.

After some years of discussion, Prometheus 2.24 is the first version of the tool that comes fitted with TLS and basic authentication for HTTP endpoints. The addition is meant to provide a way to securely transfer data and is probably among the more requested features as Prometheus spreads into privacy-focused enterprise setups.

A smooth user experience can surely help to keep this trajectory, so the service discovery component received some fixes preventing it from running into some maybe confusing warnings and errors. 

It also learned to reuse the EC2 client instead of recreating it, which leads to less frequent credential requests, and finally knows how to handle IPv6 addresses of EC2 instances, something that had been outstanding for a while.


Another component that received quite a bit of attention in the 2.24 release is the HTTP API. Not only did the team fix a bug to avoid double-closing channels, it also added verification to check that matchers in api/v1/series aren’t empty since this could lead to quite dramatic increases in memory usage in earlier versions.

To unify behaviour between APIs, the HTTP API now comes with support for label names matchers, which makes them filterable and allows the realisation of some autocompletion use cases.

For TSDB, the Prometheus team decided that calling the runtime garbage collection straight after compaction isn’t needed anymore due to some changes in memory handling and adjusted the implementation accordingly. It also added some logging for cases in which compaction takes especially long, after users had reported issues with growing checkpoints.

Meanwhile the developers working on promtool made the CLI a bit more user friendly by adding functionality to check if a server address is prefixed correctly and add a scheme should that not be the case. 

They also advanced the project’s backfilling capabilities to bulk-load data from OpenMetrics files through the new tsdb create-blocks-from openmetrics subcommand. This should allow for easier data migration and can be used to fill gaps if new recording rules are established. A subcommand to check web configuration files has been added as well.

Prometheus is an event monitoring system and time series database that was initially developed by music streaming service SoundCloud. In 2016, the open source tool was accepted into the Cloud Native Computing Foundation, whose process it graduated in 2018, making it the second project to achieve this tier after container orchestrator Kubernetes

- Advertisement -