Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[prometheus-snmp-exporter] Is there a way to put SNMPv3 auth passwords in secrets? #4066

Closed
iPenguin opened this issue Dec 7, 2023 · 4 comments
Closed

[prometheus-snmp-exporter] Is there a way to put SNMPv3 auth passwords in secrets? #4066

iPenguin opened this issue Dec 7, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@iPenguin
Copy link
Contributor

iPenguin commented Dec 7, 2023
edited
Loading

Describe the bug a clear and concise description of what the bug is.

I have configured the snmp exporter and have a working config. However I do not want to enter my SNMPv3 passwords directly into git, I would like to encrypt the passwords. We're using a secrets manager that will create k8s Secrets. However I am not seeing a way to force this chart to reference the values from a Secret.

Is there any way to accomplish this? Or is there a better way to encrypt/protect the passwords?

Thanks!

What's your helm version?

v3.12.1

What's your kubectl version?

v1.28.2

Which chart?

prometheus-snmp-exporter

What's the chart version?

1.8.1

What happened?

No response

What you expected to happen?

No response

How to reproduce it?

No response

Enter the changed values of values.yaml?

config: |-
  auths:
    snmpv3:
      version: 3
      security_level: authPriv
      auth_protocol: SHA
      username: Exporter
      password: auth_password
      priv_protocol: AES
      priv_password: priv_password
  modules:
    ...

Enter the command that you execute and failing/misfunctioning.

helm upgrade --install -n monitoring snmp-exporter prometheus-community/prometheus-snmp-exporter --version 1.8.1 -f ~/projects/prometheus/snmp.yaml

Anything else we need to know?

No response
@iPenguin iPenguin added the bug Something isn't working label Dec 7, 2023
@tr3mor
Copy link
Contributor

tr3mor commented Dec 29, 2023

Hey, I had the same issue recently (I want to have the auth part of the config be a secret). SNMP exporter now supports submitting multiple config files, so you can have your config as values and auth block mounted as secret/injected as a file in runtime. I am running the version from #4043 and it works fine, but looks like the maintainer is not active.

@walker-tom walker-tom mentioned this issue Feb 27, 2024
Merged
3 tasks
@walker-tom
Copy link
Contributor

Closing this as it has been resolved in #4043, if you have any further problems or feature requests please open a new issue, thanks!

@prometheanfire
Copy link

Don't mean to necro this, but is the intended way to use this to add an --config.file=foo as an extraArgs value? For anyone finding this that's what I ended up doing (not that this was for extraSecretMounts, more for extraVolumes/extraVolumeMounts).

extraSecretMounts:
  - name: secret-files
    mountPath: /run/secrets/snmp-exporter
    secretName: snmp-exporter-secret-files
    readOnly: true
    defaultMode: 420
extraArgs:
  - "--config.file=/run/secrets/snmp-exporter/auth.yaml"

@walker-tom
Copy link
Contributor

Don't mean to necro this, but is the intended way to use this to add an --config.file=foo as an extraArgs value? For anyone finding this that's what I ended up doing (not that this was for extraSecretMounts, more for extraVolumes/extraVolumeMounts).

extraSecretMounts:
  - name: secret-files
    mountPath: /run/secrets/snmp-exporter
    secretName: snmp-exporter-secret-files
    readOnly: true
    defaultMode: 420
extraArgs:
  - "--config.file=/run/secrets/snmp-exporter/auth.yaml"

Yeah that's exactly how I've been using it @prometheanfire

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@iPenguin @prometheanfire @tr3mor @walker-tom