I am struggling with using basic auth credentials in Service Monitor. Here is what I have tried:
- Creating Secrets.yaml and using static string as secrets and using the same in basicAuth basicAuth: password: name: username key: basic-auth username: name: password key: basic-auth
But I need to get the secrets from banzai cloud vault instead of static string secrets
I am also using ConfigMap to fetch the secrets from vault but I am unable to use the same in Secrets.yaml
apiVersion: v1 kind: ConfigMap metadata: name: demo labels: demo data: es.basic-user: vault:{{ .Values.vault.secretsEnginePath }}/data/demo#username es.basic-pass: vault:{{ .Values.vault.secretsEnginePath }}/data/demo#password
Only static secrets are working:
apiVersion: v1 kind: Secret metadata: name: basic-auth stringData: password: demo username: demo type: Opaque
My objective is to have something from the following:
- Use secrets from vault for basicAuth credentials
- Even if secrets.yaml needs to be used then credentials need not be string.
- If config map parameter can be used
This is my ServiceMonitor:
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels: demo
name: demo
annotations:
vault.security.banzaicloud.io/vault-skip-verify: "true"
vault.security.banzaicloud.io/vault-addr: "{{ .Values.vault.url }}"
vault.security.banzaicloud.io/vault-role: "{{ .Release.Namespace }}-demo"
spec:
endpoints:
- honorLabels: true
port: http
scheme: https
path: /_prometheus/metrics
tlsConfig:
insecureSkipVerify: true
basicAuth:
password:
name: username
key: basic-auth
username:
name: password
key: basic-auth
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels: demo
