License
MIT License
v0.0.2 · public · Published over 3 years ago
The sensu-cluster-metrics is a Sensu Check that queries the Sensu backend graphql endpoint and provides federation cluster metrics.
Help:
Usage:
sensu-cluster-metrics [flags]
sensu-cluster-metrics [command]
Available Commands:
help Help about any command
version Print the version number of this plugin
Flags:
-k, --api-key string Sensu api-key for authentication (use envvar CLUSTER_API_KEY in production)
--dry-run for testing only, do not use during regular operation
-h, --help help for sensu-cluster-metrics
--output-format string metrics output format, supports: opentsdb_line or prometheus_text (default "opentsdb_line")
--skip-insecure-verify skip TLS certificate verification (not recommended!) (default true)
-u, --url string url to access the Sensu cluster graphql endpoint (default "https://localhost:8080/graphql")
Argument | Environment Variable |
---|---|
--api-key | CLUSTER_API_KEY |
--url | CLUSTER_URL |
--output-format | CLUSTER_OUTPUT_FORMAT |
--dry-run | CLUSTER_DRY_RUN |
Security Note: Care should be taken to not expose the apikey for this check by specifying it
on the command line or by directly setting the environment variable in the check definition. It is
suggested to make use of secrets management to surface it as an environment variable. The
check definition below references it as a secret. Below is an example secrets definition that make
use of the built-in env secrets provider.
---
type: Secret
api_version: secrets/v1
metadata:
name: cluster-apikey
spec:
provider: env
id: CLUSTER_API_KEY
Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:
sensuctl asset add sensu/sensu-cluster-metrics
If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][https://bonsai.sensu.io/assets/sensu/sensu-cluster-metrics].
---
type: CheckConfig
api_version: core/v2
metadata:
name: sensu-cluster-metrics
namespace: default
spec:
command: sensu-cluster-metrics --output-format "prometheus_text"
subscriptions:
- sensu-metrics
runtime_assets:
- sensu/sensu-cluster-metrics
output_metric_format: prometheus_text
output_metric_handlers:
- timeseries_database
secrets:
- name: CLUSTER_API_KEY
secret: cluster-apikey
It is advised to use RBAC to create a Sensu user scoped specifically for
purposes such as these commands and to not re-use the admin account. For these
commands, in particular, the account would only need read access to entities, namespaces, and events.
The example below shows how to create this limited-scope user and the necessary role and role-binding resources to give it the required access.
sensuctl user create cluster-metrics --password='3yBa!#k90vq'
Created
sensuctl cluster-role create cluster-metrics-role --verb get,list --resource entities,namespaces,events
Created
sensuctl cluster-role-binding create cluster-metrics-binding --cluster-role=cluster-metrics-role --user=cluster-metrics
Created
Then create an API key for this user:
sensuctl api-key grant cluster-metrics
Created: /api/core/v2/apikeys/0af36dbf-9fe1-40a4-8194-95b5fac95639
The key (the text after [...]/apikeys/) above can be used with the --api-key
option, but
preferably it should be stored and accessed as a secret.
The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.
From the local path of the sensu-cluster-metrics repository:
go build
For more information about contributing to this plugin, see Contributing.
Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.
×