sensu-cluster-metrics

Table of Contents

• Overview
• Usage examples
  • Help output
  • Environment variables
• Configuration
  • Asset registration
  • Check definition
  • RBAC
• Installation from source
• Contributing

Overview

The sensu-cluster-metrics is a Sensu Check that queries the Sensu backend graphql endpoint and provides federation cluster metrics.

Usage examples

Help Output

Help:

Usage:
  sensu-cluster-metrics [flags]
  sensu-cluster-metrics [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

Flags:
  -k, --api-key string         Sensu api-key for authentication (use envvar CLUSTER_API_KEY in production)
      --dry-run                for testing only, do not use during regular operation
  -h, --help                   help for sensu-cluster-metrics
      --output-format string   metrics output format, supports: opentsdb_line or prometheus_text (default "opentsdb_line")
      --skip-insecure-verify   skip TLS certificate verification (not recommended!) (default true)
  -u, --url string             url to access the Sensu cluster graphql endpoint (default "https://localhost:8080/graphql")

Environment variables

Security Note: Care should be taken to not expose the apikey for this check by specifying it
on the command line or by directly setting the environment variable in the check definition. It is
suggested to make use of secrets management to surface it as an environment variable. The
check definition below references it as a secret. Below is an example secrets definition that make
use of the built-in env secrets provider.

---
type: Secret
api_version: secrets/v1
metadata:
  name: cluster-apikey
spec:
  provider: env
  id: CLUSTER_API_KEY

Configuration

Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:

sensuctl asset add sensu/sensu-cluster-metrics

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][https://bonsai.sensu.io/assets/sensu/sensu-cluster-metrics].

Check definition

---
type: CheckConfig
api_version: core/v2
metadata:
  name: sensu-cluster-metrics
  namespace: default
spec:
  command: sensu-cluster-metrics --output-format "prometheus_text"
  subscriptions:
  - sensu-metrics
  runtime_assets:
  - sensu/sensu-cluster-metrics
  output_metric_format: prometheus_text
  output_metric_handlers:
  - timeseries_database
  secrets:
  - name: CLUSTER_API_KEY
    secret: cluster-apikey

RBAC

It is advised to use RBAC to create a Sensu user scoped specifically for
purposes such as these commands and to not re-use the admin account. For these
commands, in particular, the account would only need read access to entities, namespaces, and events.
The example below shows how to create this limited-scope user and the necessary role and role-binding resources to give it the required access.

sensuctl user create cluster-metrics --password='3yBa!#k90vq'
Created

sensuctl cluster-role create cluster-metrics-role --verb get,list --resource entities,namespaces,events
Created

sensuctl cluster-role-binding create cluster-metrics-binding --cluster-role=cluster-metrics-role --user=cluster-metrics
Created

Then create an API key for this user:

sensuctl api-key grant cluster-metrics
Created: /api/core/v2/apikeys/0af36dbf-9fe1-40a4-8194-95b5fac95639

The key (the text after [...]/apikeys/) above can be used with the --api-key option, but
preferably it should be stored and accessed as a secret.

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.

From the local path of the sensu-cluster-metrics repository:

go build

Contributing

For more information about contributing to this plugin, see Contributing.