Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make credential structure used for monitoring configurable #144

Closed
toabi opened this issue May 12, 2022 · 3 comments
Closed

Make credential structure used for monitoring configurable #144

toabi opened this issue May 12, 2022 · 3 comments

Comments

@toabi
Copy link
Contributor

toabi commented May 12, 2022

I'm migrating to the integrated monitoring because of #138

I see the following issues:

Duplicate definition of admin secrets

Not a big deal, just a bit duplication of code when using existingAdminSecret. Monitoring templates will just look at adminUserSecret. If the existing one is defined, it could use that one?

Structure of secret hardcoded

For some reason, while existingAdminSecret works, the same secret doesn't for the pg_exporter.

I'm using the zalando postgres operator and it creates secrets with username and password as keys. The monitoring pod expects user and password:

db-operator/charts/db-instances/templates/postgres_exporter.yaml

Lines 36 to 39 in 27daa92

- name: DATA_SOURCE_PASS_FILE
value: /run/secrets/db-secrets/password
- name: DATA_SOURCE_USER_FILE
value: /run/secrets/db-secrets/user

If I'm not mistaken, the operator itself has a fallback to use the "postgres" user in that case, which apparently works in my setup:

https://github.com/kloeckner-i/db-operator/blame/aefb00fb1ac9e37db02706f7e2209c8c26e7a23e/pkg/utils/database/postgres.go#L356-L365

Changing the secret in the operator is not possible yet: zalando/postgres-operator#1746
@toabi
Copy link
Contributor Author

toabi commented Jun 29, 2022
edited
Loading

Do you think it would be feasible to make the password-key and username-key configurable in the helm chart values?

Because changing the value from .../db-secrets/user to .../db-sercerts/username manually in the deployment makes it all work nicely.

I imagine it could be set as exporter.postgres.secret.password_key and exporter.postgres.secret.user_key which default to the current values but could then be overridden.

@toabi
Copy link
Contributor Author

toabi commented Jun 29, 2022
edited
Loading

db-operator/charts/db-instances/templates/postgres_exporter.yaml

Lines 34 to 35 in 27daa92

- name: DATA_SOURCE_URI
value: dbinstance-{{ $name }}-svc:5432/postgres?sslmode=disable

This would also have to be configurable, because the zalando operator builds the service name differently from the $name (without prefix and suffix) and additionally zalandos default pg_hba only allows SSL connections from non-localhost.

@toabi toabi mentioned this issue Jun 29, 2022
Closed
@toabi
Copy link
Contributor Author

toabi commented Jul 19, 2022

Would you accept a Pull Request which makes the user and password key and the DATA_SOURCE_URI more configurable or do you plan to change this yourself? // CC @sookloeckner , @hyunysmile

toabi added a commit to mecodia/db-operator that referenced this issue Jul 26, 2022
@toabi
feat: postgres exporter username key, password key and uri can be ove…
16fe1f3 
…rwritten per db instance

Solves kloeckner-i#144
@toabi toabi mentioned this issue Jul 26, 2022
Merged
@toabi toabi closed this as completed Jul 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@toabi