Add TLS to metric endpoints or disable metrics


The mTLS known issue section mentions that the endpoints scraped by Prometheus are not TLS’d.

Is there any way to enable TLS? If not, is it possible to disable the metrics endpoint?

Also open to contributing and adding support for TLS on these endpoints. This is a hard requirement for our use case.


Hey @afah, thanks for opening this. It’s not currently possible for linkerd2 to TLS outbound connections to arbitrary IP addresses; the TLS setup requires that connections be made to Kubernetes service addresses. But support for TLS on connections to IP addresses is being tracked here:

Feel free to follow along in order to be notified when this feature is available.