Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support fetching of database metrics credentials #1292

Open
jgrau opened this issue Dec 19, 2024 · 2 comments
Open

Support fetching of database metrics credentials #1292

jgrau opened this issue Dec 19, 2024 · 2 comments

Comments

@jgrau
Copy link

jgrau commented Dec 19, 2024

Is your feature request related to a problem? Please describe.

I am setting up prometheus scraping of the metrics that the digital ocean database cluster exposes. There's a guide here: https://docs.digitalocean.com/products/databases/postgresql/how-to/monitor-clusters/ that describes how to do it "manually" but of cause I want to do it automatically using terraform. For the prometheus scraping configuration I need:

  • Endpoint host
  • Endpoint port
  • Endpoint basic auth username
  • Endpoint basic auth password
  • Cluster CA certificate

Currently only the Cluster CA certificate is available to me in terraform.

Describe the solution you'd like

It would be awesome if the metrics endpoint and credentials were also available.

Describe alternatives you've considered

The only alternative I can see is doing it manually - not with terraform

Additional context

Nope

@moreinhardt
Copy link
Contributor

As I need this too I'm interested in working on it. 🙂

@jgrau
Copy link
Author

jgrau commented Dec 20, 2024

After I created the issue I did find a workaround to get the basic auth username and password:

data "digitalocean_database_ca" "example" {
  cluster_id = digitalocean_database_cluster.example.id
}

data "http" "example" {
  url = "https://api.digitalocean.com/v2/databases/metrics/credentials"

  # Optional request headers
  request_headers = {
    Accept        = "application/json"
    Authorization = "Bearer ${var.digitalocean_token}"
  }
}

resource "kubernetes_secret" "example" {
  metadata {
    name      = "do-dbaas-auth"
    namespace = "monitoring"
  }

  data = {
    "ca.crt"   = data.digitalocean_database_ca.example.certificate
    "username" = jsondecode(data.http.example.response_body)["credentials"]["basic_auth_username"]
    "password" = jsondecode(data.http.example.response_body)["credentials"]["basic_auth_password"]
  }
}

I think the endpoint host can be assumed to the be same host as the database and the port to be 9273.

When I got this working I was disappointed though: I didn't find the number of metrics to be what I expected. DO support confirmed that: they use the telegraf plugin while I had expected the prometheus postgres_exporter was being used.

Anyways, I'll leave the issue open as I feel it's still a good improvement to make. For reference here's the prometheus scrape config that went along with the above secret to make the metrics import:

      - job_name: dbaas_cluster_metrics_svc_discovery
        static_configs:
          - targets:
              [
                "<db host>:9273",
              ]
        scheme: https
        tls_config:
          ca_file: /etc/prometheus/secrets/do-dbaas-auth/ca.crt
        basic_auth:
          username_file: /etc/prometheus/secrets/do-dbaas-auth/username
          password_file: /etc/prometheus/secrets/do-dbaas-auth/password
    secrets:
      - do-dbaas-auth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants