helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon prometheus-community

[prometheus-snmp-exporter] Is there a way to put SNMPv3 auth passwords in secrets?

Open iPenguin opened this issue 1 year ago • 1 comments

Describe the bug a clear and concise description of what the bug is.

I have configured the snmp exporter and have a working config. However I do not want to enter my SNMPv3 passwords directly into git, I would like to encrypt the passwords. We're using a secrets manager that will create k8s Secrets. However I am not seeing a way to force this chart to reference the values from a Secret.

Is there any way to accomplish this? Or is there a better way to encrypt/protect the passwords?

Thanks!

What's your helm version?

v3.12.1

What's your kubectl version?

v1.28.2

Which chart?

prometheus-snmp-exporter

What's the chart version?

1.8.1

What happened?

No response

What you expected to happen?

No response

How to reproduce it?

No response

Enter the changed values of values.yaml?

config: |-
  auths:
    snmpv3:
      version: 3
      security_level: authPriv
      auth_protocol: SHA
      username: Exporter
      password: auth_password
      priv_protocol: AES
      priv_password: priv_password
  modules:
    ...

Enter the command that you execute and failing/misfunctioning.

helm upgrade --install -n monitoring snmp-exporter prometheus-community/prometheus-snmp-exporter --version 1.8.1 -f ~/projects/prometheus/snmp.yaml

Anything else we need to know?

No response

iPenguin avatar Dec 07 '23 20:12 iPenguin

Hey, I had the same issue recently (I want to have the auth part of the config be a secret). SNMP exporter now supports submitting multiple config files, so you can have your config as values and auth block mounted as secret/injected as a file in runtime. I am running the version from https://github.com/prometheus-community/helm-charts/pull/4043 and it works fine, but looks like the maintainer is not active.

tr3mor avatar Dec 29 '23 11:12 tr3mor

Closing this as it has been resolved in #4043, if you have any further problems or feature requests please open a new issue, thanks!

walker-tom avatar Feb 27 '24 05:02 walker-tom

Don't mean to necro this, but is the intended way to use this to add an --config.file=foo as an extraArgs value? For anyone finding this that's what I ended up doing (not that this was for extraSecretMounts, more for extraVolumes/extraVolumeMounts).

extraSecretMounts:
  - name: secret-files
    mountPath: /run/secrets/snmp-exporter
    secretName: snmp-exporter-secret-files
    readOnly: true
    defaultMode: 420
extraArgs:
  - "--config.file=/run/secrets/snmp-exporter/auth.yaml"

prometheanfire avatar Mar 16 '24 23:03 prometheanfire

Don't mean to necro this, but is the intended way to use this to add an --config.file=foo as an extraArgs value? For anyone finding this that's what I ended up doing (not that this was for extraSecretMounts, more for extraVolumes/extraVolumeMounts).

extraSecretMounts:
  - name: secret-files
    mountPath: /run/secrets/snmp-exporter
    secretName: snmp-exporter-secret-files
    readOnly: true
    defaultMode: 420
extraArgs:
  - "--config.file=/run/secrets/snmp-exporter/auth.yaml"

Yeah that's exactly how I've been using it @prometheanfire

walker-tom avatar Apr 23 '24 14:04 walker-tom