pgbouncer_exporter
pgbouncer_exporter copied to clipboard
prometheus-community
Support environment variables for credentials
Would it be possible to support environment variables for the exporter's configuration?
I intend to use this exporter with Kubernetes, right now I need to do something like this:
- name: metrics-exporter
image: prometheuscommunity/pgbouncer-exporter:v0.7.0
args:
- --pgBouncer.connectionString=postgres://pgbouncer:pgbouncer@localhost:5432/pgbouncer
- --web.listen-address=:9127
It is more ideal to use environment variables as they can be derived from pre configured secrets.
- name: metrics-exporter
image: prometheuscommunity/pgbouncer-exporter:v0.7.0
args:
- --web.listen-address=:9127
env:
- name: PGBOUNCER_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: pgbouncer-connection-string
This way, the configuration can be safely committed to a Git repo, and the secret can be managed by existing secret management tools within the K8s ecosystem.
#151 has been merged but then reverted by upstream - apparently, this is not wanted.
ENV vars are not very secure, as they can be leaked in a number of ways. It is more recommended to read credentials from a file, as these are more easily protected from accidental exposure.
The PR was reverted because it added everything as ENV vars. This is not allowed.
A change that allows just the connection string as an ENV would be accepted.
https://github.com/prometheus-community/pgbouncer_exporter/pull/153 would be a better solution if the issues were addressed.
I opened #159 with the additional handling of PGBOUNCER_EXPORTER_METRICS_PATH and PGBOUNCER_EXPORTER_PIDFILE_PATH removed. While using a config file could also be valid and I am well aware of the shortcomings of environment variables, in a mainly via env vars configured container deployment this still would help keeping things in one place.