NETOBSERV-1532: add TLS support to ebpf agent metrics config

Signed-off-by: Mohamed Mahmoud <[email protected]>

pkg/agent/agent.go

@@ -153,6 +153,10 @@ func FlowsAgent(cfg *Config) (*Flows, error) {
 		PromConnectionInfo: metrics.PromConnectionInfo{
 			Address: cfg.MetricsServerAddress,
 			Port:    cfg.MetricsPort,
+			TLS: &metrics.PromTLS{
+				CertPath: cfg.MetricsTLSCACertPath,
+				KeyPath:  cfg.MetricsTLSKeyPath,
+			},
 		},
 		Prefix: cfg.MetricsPrefix,
 	}

pkg/agent/config.go

@@ -175,6 +175,10 @@ type Config struct {
 	MetricsServerAddress string `env:"METRICS_SERVER_ADDRESS"`
 	// MetricsPort is the port of the server that collects ebpf agent metrics.
 	MetricsPort int `env:"METRICS_SERVER_PORT" envDefault:"9090"`
+	// MetricsTLSCACertPath is the path to the server certificate for TLS connections
+	MetricsTLSCACertPath string `env:"METRICS_TLS_CA_CERT_PATH"`
+	// MetricsTLSKeyPath is the path to the server private key for TLS connections
+	MetricsTLSKeyPath string `env:"METRICS_TLS_KEY_PATH"`
 	// MetricsPrefix is the prefix of the metrics that are sent to the server.
 	MetricsPrefix string `env:"METRICS_PREFIX" envDefault:"ebpf_agent_"`
 

pkg/metrics/metrics.go

@@ -14,9 +14,15 @@ type MetricDefinition struct {
 	Labels []string
 }
 
+type PromTLS struct {
+	CertPath string
+	KeyPath  string
+}
+
 type PromConnectionInfo struct {
 	Address string
 	Port    int
+	TLS     *PromTLS
 }
 
 type Settings struct {

pkg/prometheus/prom_server.go

@@ -53,7 +53,12 @@ func StartServerAsync(conn *metrics.Settings, registry *prom.Registry) *http.Ser
 	httpServer = defaultServer(httpServer)
 
 	go func() {
-		err := httpServer.ListenAndServe()
+		var err error
+		if conn.TLS != nil {
+			err = httpServer.ListenAndServeTLS(conn.TLS.CertPath, conn.TLS.KeyPath)
+		} else {
+			err = httpServer.ListenAndServe()
+		}
 		if err != nil && err != http.ErrServerClosed {
 			maybePanic("error in http.ListenAndServe: %v", err)
 		}