consul-k8s icon indicating copy to clipboard operation
consul-k8s copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Update acl-init job to create token/policy for metrics scraping

Open barrymars opened this issue 2 years ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Feature Description

When enabling metrics alongside ACLs, prometheus requires and auth token to scrape the consul agent metrics.

It would be nice if the consul-server-acl-init-job could automatically create the policy and token.

policy: "metrics-token" agent_prefix "" { policy = "read" }

secret: "consul-metrics-acl-token"

barrymars avatar Mar 28 '22 16:03 barrymars

Or maybe we should have a CRD for creating tokens? Might scale a bit better.

lkysow avatar Apr 04 '22 18:04 lkysow

@lkysow CRDs for creating tokens and policies would be great

We are a very GitOps driven team and the 'manual' steps required in configuring Consul are causing some friction

barrymars avatar Apr 05 '22 10:04 barrymars