Skip to content

Latest commit

 

History

History
123 lines (88 loc) · 3.08 KB

readme.md

File metadata and controls

123 lines (88 loc) · 3.08 KB

Acronis Prometheus Exporter

Will use /probe endpoint: https://prometheus.io/docs/guides/multi-target-exporter/

query

The 'cache' directory will contain "byPolicy" and "byTenent" folders that cache data from the API. Should be able to pull a testable uniq_id out of one of these. Then to target:

curl localhost:9666/byTenant?target=GBEWPG

Or to target by uuidv4 policy:

curl localhost:9666/byPolicy?target=01FCB317-131F-0B3C-228D-F781E469348A

Docker

.env

Use the .envrc file to set the following environment variables. Setting up a folder in lastpass for these

ACRONIS_CLIENT_ID=xxx
ACRONIS_CLIENT_SECRET=yyy

Build

make build - builds the docker image locally

Run

make run - runs the exporter in the docker image

Shell

make shell - runs sh in the docker image

exec

make exec - gives you a shell in a running docker image (for make run)

test

make test - runs go test to run those tests against the codebase

Deploy via Helm directly

Set up your docker-registry credentials:

kubectl create secret docker-registry lw-registry \
--docker-server=$CI_REGISTRY \
--docker-username=$CI_REGISTRY_USER \
--docker-password=$CI_REGISTRY_PASSWORD

Set up your acronis credentials:

envsubst < k8s-version/template-secrets.yaml | tee secrets.yaml
kubectl apply -f secrets.yaml

See your template to be applied with:

helm template .

Install it with:

helm install acronis-exporter .

But of course you can't see that cause 10/8 route for AnyConnect.

Of course, this is helm uploaded in CI, and then installed via flux in github.com/liquidweb/mako-flux-state.

Kubeseal

https://github.com/bitnami-labs/sealed-secrets#helm-chart https://github.com/helm/charts/tree/master/stable/sealed-secrets

https://medium.com/better-programming/encrypting-kubernetes-secrets-with-sealed-secrets-fe363149a211

To create docker registry credentials:

kubectl create secret docker-registry acronis-exporter-registry \
--dry-run=client -oyaml \
--docker-server=$CI_REGISTRY \
--docker-username=$CI_REGISTRY_USER \
--docker-password=$CI_REGISTRY_PASSWORD \
> registry-secrets.yaml

To pack the Acronis credentials:

envsubst < templates/secrets.yaml >secrets.yaml

To get the mako cert for sealing, you'll have to contact @mwineland directly. With that, to kubeseal both:

kubeseal --format yaml \
--namespace acronis-exporter \
--cert ~/Downloads/mako.crt \
<registry-secrets.yaml >sealed-registry-secrets.yaml

Note, you have to have ACRONIS_CLIENT_URL ACRONIS_CLIENT_ID and ACRONIS_CLIENT_SECRET set to something valid for the below to work. ACRONIS_CLIENT_URL is probably https://us5-cloud.acronis.com but depends on region.

envsubst <~/src/git.liquidweb.com/helm-charts/acronis-exporter/template-acronis-secrets.yaml | \
kubeseal \
--format yaml \
--namespace acronis-exporter \
--cert ~/.config/prod2.crt | \
tee ~/src/github.com/liquidweb/mako-flux-state/prod2/releases/acronis-exporter/sealed-acronis-secrets.yaml

Secrets that have been kubeseal can (and should) be committed to the repo.