Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Telegraf] Proper way to use envFromSecret #629

Open
SpontaneousDuck opened this issue Mar 9, 2024 · 3 comments
Open

[Telegraf] Proper way to use envFromSecret #629

SpontaneousDuck opened this issue Mar 9, 2024 · 3 comments

Comments

@SpontaneousDuck
Copy link

I am trying to use the envFromSecret to pass K8s secrets that are shared with InfluxDB to allow Telegraf to push to InfluxDB. The secrets have dashes in them which does not seem to parse properly in the config file. For example, my secret key is named user-token. I use the below output:

outputs:
  - influxdb_v2:
    urls:
      - "http://influxdb-influxdb2:80"
    bucket: "default"
    organization: "influxdata"
    token: $user-token

It appears that $admin-token does not parse correctly and I get 401 errors in Telegraf. I can hach=k around this by passing the secret as an env variable:

- name: INFLUXDB_USER_TOKEN
    valueFrom:
      secretKeyRef:
        name: influxdb-influxdb2-auth
        key: user-token

Is this the expected way to do this or is there some other way I can use the envFromSecret to get a secret in the config with a dash?

Thanks for the help!
@thopewell
Copy link

In case anyone else stumbles on this, I got this working using:

envFromSecret: telegraf-token-secret
outputs:
      - influxdb_v2:
          token: "${telegraf-token}"

where my k8 secret named "telegraf-token-secret" looks something like:

# k describe secret telegraf-token-secret
Type:  Opaque

Data
====
telegraf-token:  88 bytes

@Elly-B
Copy link

Elly-B commented Jul 5, 2024
edited
Loading

Hi!
Thank you so much to coming back to this issue. I am relatively new to helm. If I want to set them from values.yaml, would the description look something like:

apiVersion: v1
kind: Secret
 metadata:
  name: telegraf-token-secret
type: Opaque
stringData:
    {{ toYaml .Values.secrets.telegraf-token | ident 2}}

@thopewell
Copy link

thopewell commented Jul 5, 2024
edited
Loading

@Elly-B my setup is a bit more complex because I'm using some other services to pull the tokens from a 3rd party secret store. However, the secret this results in looks something like:

apiVersion: v1
kind: Secret
metadata:
  name: telegraf-token-secret
  namespace: thenamespace
data:
  telegraf-token: base64 encoded token
immutable: false

If I look inside the telegraf pod I see telegraf-token=actual value of token as an environment variable. So I assume the telegraf code is doing some expansion of the string inside the config map:

[[outputs.influxdb_v2]]    
  token = "${telegraf-token}"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thopewell @SpontaneousDuck @Elly-B