Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add agent metrics annotations & env vars #329

Closed
wants to merge 2 commits into from
Closed

Add agent metrics annotations & env vars #329

wants to merge 2 commits into from

Conversation

BrandonS05
Copy link

@BrandonS05 BrandonS05 commented Mar 30, 2022
edited
Loading

Now that Vault Agent metrics have been released in v1.10.0 (hashicorp/vault#13675), the injector needs a way to enable and configure them. There is a strong need for those using the Vault Injector in production to have insights on Vault authentication/ connection issues from the injected agent. This pull request addresses #331.

A few notes on this pull request:

  • Annotations have not been added for setting up server-side TLS on the exposed metrics address; this would be a great feature to add later. If there is a strict requirement for TLS right now, this can still be achieved either via a service mesh or by setting the metrics address to localhost for a custom application to consume and expose on its own terms.
  • Until Vault agent listener without cache silently ignored vault#8953 is resolved, an empty cache block will be added as a temporary workaround to the configuration if a cache configuration isn't provided already
  • The "vault agent -config" command currently adds cache endpoints to all listeners regardless of their purpose, which can create an unintentionally insecure configuration if a user only wants to expose a metrics endpoint externally. Until this issue is resolved on the Vault Agent, a temporary safeguard has been implemented that prevents users with auto-auth configured on the cache from also configuring an external metrics listening address.

@hashicorp-cla
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@tvoran
Copy link
Member

tvoran commented Apr 2, 2022

Hi there, welcome to the HashiCorp Vault community! Please note that it's best if PRs are associated with an issue, either an existing one or a new issue, so that the community and the engineers can discuss implementation details, strategy, and where the request fits into an existing roadmap. Additionally, we can't do much more with this PR until the CLA is signed. Please feel free to create or link an existing issue to this PR. Thanks!

@BrandonS05 BrandonS05 changed the title add agent metrics annotations & env vars Add agent metrics annotations & env vars Apr 4, 2022
@tvoran tvoran mentioned this pull request Apr 8, 2022
Open
@BrandonS05 BrandonS05 closed this May 18, 2022
@BrandonS05 BrandonS05 deleted the telemetry-annotations branch May 18, 2022 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BrandonS05 @hashicorp-cla @tvoran