Update acl-init job to create token/policy for metrics scraping

barrymars commented 2 years ago

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.

When enabling metrics alongside ACLs, prometheus requires and auth token to scrape the consul agent metrics.

It would be nice if the consul-server-acl-init-job could automatically create the policy and token.

policy: "metrics-token" agent_prefix "" { policy = "read" }

secret: "consul-metrics-acl-token"

lkysow commented 2 years ago

Or maybe we should have a CRD for creating tokens? Might scale a bit better.

barrymars commented 2 years ago

@lkysow CRDs for creating tokens and policies would be great

We are a very GitOps driven team and the 'manual' steps required in configuring Consul are causing some friction

hashicorp / consul-k8s