Comments (20)
Thx, it is working, but without single quotes ;)
- selector: redis
template: |
- module: redis
name: redis-{{.TUID}}
address: redis://:{{ get .Env "NETDATA_SD_AUTH_PASS" }}@{{.Address}}
But for consistency, better
- selector: redis
template: |
- module: redis
name: redis-{{.TUID}}
address: redis://{{ get .Env "NETDATA_SD_AUTH_USER" }}:{{ get .Env "NETDATA_SD_AUTH_PASS" }}@{{.Address}}
from helmchart.
@rerime thanks for help/testing, not really sure why it doesn't work with single quotes 🤔 If you want you can make a PR with Redis btw (after #280 is merged).
from helmchart.
Hi, @rerime. How do you set credentials for RabbitMQ container?
from helmchart.
Via definitions.json
example:
{
"rabbit_version": "3.6.6",
"users": [
{
"name": "user1",
"password_hash": "pass1",
"hashing_algorithm": "rabbit_password_hashing_sha256",
"tags": ""
},
{
"name": "adminuser",
"password_hash": "adminpass",
"hashing_algorithm": "rabbit_password_hashing_sha256",
"tags": "administrator"
}
],
"vhosts": [
{
"name": "\/vhost1"
},
{
"name": "\/vhost2"
}
],
"permissions": [
{
"user": "user1",
"vhost": "\/vhost1",
"configure": ".*",
"write": ".*",
"read": ".*"
}
],
"parameters": [],
"policies": [],
"queues": [],
"exchanges": [],
"bindings": []
}
from helmchart.
And this file is mounted to the rabbitmq container or do you pass some values via env variables?
from helmchart.
Only as file, I can pass as env also if it helps netdata
from helmchart.
Passing user/pass as env var will do. You can create a secret and set env vars from it. The service discovery thing collects all env vars keys/values and we can use them in netdata-child-sd-config-map.
from helmchart.
So I provide, but it didn't change anything.
env:
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: rabbitmq
key: RABBITMQ_DEFAULT_USER
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: rabbitmq
key: RABBITMQ_DEFAULT_PASS
Would be nice, if you add more information about service discovery mechanics
https://github.com/netdata/helmchart#configure-service-discovery
from helmchart.
@rerime yes, it doesn't work right now. We need to agree on env var names and I will update https://github.com/netdata/helmchart/blob/master/charts/netdata/sdconfig/child.yml
We need to agree on env var names
I think we need generic names we could use for all applications that support user/pass auth.
from helmchart.
@ilyam8 Thx for update!
I'm always create user netdata
for server monitoring. May be add it and update docs.
from helmchart.
NETDATA_SD_AUTH_USER
env var value is used as username for HTTP basic auth.NETDATA_SD_AUTH_PASS
env var value is used as password for HTTP basic auth.
If it works I will update other jobs that support HTTP basic auth.
from helmchart.
@ilyam8
Works like a charm)
I've added:
- name: NETDATA_SD_AUTH_USER
valueFrom:
secretKeyRef:
name: rabbitmq
key: RABBITMQ_DEFAULT_USER
- name: NETDATA_SD_AUTH_PASS
valueFrom:
secretKeyRef:
name: rabbitmq
key: RABBITMQ_DEFAULT_PASS
Also tested that it is not broken if auth is not needed.
But still not very happy that netdata grub all secrets.
from helmchart.
But still not very happy that netdata grub all secrets.
Secrets are basically ConfigMaps with encoded values, using them to store sensitive info is not secure in general.
Using this method is an option, I think it is acceptable. If there are better ways we can add them.
from helmchart.
Works like a charm)
Great, I will:
- update other collectors' jobs to use those variables.
- update documentation.
from helmchart.
@ilyam8 Off topic... whats about redis module in sd config? Should I create another issue?
from helmchart.
Ahh, the config has no Redis. Actually nice things you mention the problem, I will add it and you will help with testing 😄
If we go with the current approach of identifying applications that is guessing by the image name... Can you share the image name of your Redis container?
from helmchart.
I've added:
containers:
- name: redis
image: artifactory.org/redis:6-alpine
command:
- redis-server
- '--requirepass'
- $(REDIS_PWD)
ports:
- name: redis
containerPort: 6379
protocol: TCP
envFrom:
- secretRef:
name: redis
env:
- name: NETDATA_SD_AUTH_PASS
valueFrom:
secretKeyRef:
name: redis
key: REDIS_PWD
and in netdata-child-sd-config-map
- tags: redis
expr: '{{ and (eq .Port "6379") (glob .Image "redis*" "**/redis*") }}'
# ....
- selector: redis
template: |
- module: redis
name: redis-{{.TUID}}
url: http://{{.Address}}
password: "{{ get .Env "NETDATA_SD_AUTH_PASS" }}"
No success.
Seems, it accept password in url string
https://github.com/netdata/go.d.plugin/blob/master/config/go.d/redis.conf
from helmchart.
Try
- module: redis
name: redis-{{.TUID}}
address: 'redis://:{{ get .Env "NETDATA_SD_AUTH_PASS" }}@{{.Address}}'
address
string format is https://github.com/netdata/go.d.plugin/tree/master/modules/redis#configuration- service discovery available fields we can use is https://github.com/netdata/agent-service-discovery#pod-role
from helmchart.
@ilyam8 Will wait merge and make PR.
I guess #280 should be expanded to all http basic auth modules.
from helmchart.
I think all that support user/pass authentication - I gave a generic name to those env var on purpose.
from helmchart.
Related Issues (20)
- Please support imagePullSecrets in values.yml HOT 1
- Disable netdata-parent HOT 1
- Provide instructions on how to run with a parent outside the k8s cluster HOT 4
- How to add PostgreSQL monitoring in the Kubernetes cluster HOT 1
- Helm upgrade fails 3.7.33 to 3.7.34, 3.7.35 or 3.7.36 HOT 2
- Incompatible with current versions of k8s (1.25) HOT 3
- Can't use ingressClassName HOT 3
- Add support for the nightlies channel HOT 5
- Specify an Alarm Configuration Example HOT 1
- Include default requests/limits for child pods HOT 2
- Netdata deployment issue: PersistentVolume provisioning failure and child pods not loading on k3s cluster HOT 5
- Add initialDelaySeconds to DaemonSet livenessProbe HOT 2
- Helm chart broken in recent releases when not using secrets HOT 4
- netdata state container: runaway FD use HOT 3
- Netdata parent pod keeps running into error HOT 9
- storedType not in values.yaml HOT 6
- Error: template: netdata/templates/secrets.yaml:1:21 HOT 5
- Impossibility to configure child agent nodes differently (for A/B testing, progressive alert rollout, etc)
- avoid child open port and fix liveness probe on public worker nodes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helmchart.