sql_exporter/examples/k8s-secret/secret-examples.yaml at master · burningalchemist/sql_exporter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Kubernetes Secrets for SQL Exporter DSN Resolution
#
# This file demonstrates the complete setup needed for SQL Exporter to read
# database connection strings from Kubernetes secrets, including:
# 1. Service account configuration
# 2. RBAC Role and RoleBinding
# 3. Database credential secrets
# 4. Example values configuration

---
# Service Account - Required for accessing Kubernetes secrets
apiVersion: v1
kind: ServiceAccount
metadata:
  name: sql-exporter
  namespace: default
  labels:
    app.kubernetes.io/name: sql-exporter
automountServiceAccountToken: true

---
# RBAC Role - Grants permission to read secrets
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: sql-exporter-secret-reader
  namespace: default
  labels:
    app.kubernetes.io/name: sql-exporter
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

---
# RBAC RoleBinding - Binds the role to the service account
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: sql-exporter-secret-reader
  namespace: default
  labels:
    app.kubernetes.io/name: sql-exporter
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: sql-exporter-secret-reader
subjects:
- kind: ServiceAccount
  name: sql-exporter
  namespace: default

---
# Example 1: Full DSN stored in secret (complete connection string)
# Usage: k8ssecret://postgres-db
apiVersion: v1
kind: Secret
metadata:
  name: postgres-db
  namespace: default
  labels:
    app: sql-exporter
    type: full-dsn
type: Opaque
stringData:
  data_source_name: "postgres://user:password@postgres.default.svc.cluster.local:5432/mydb?sslmode=require"

---
# Example 2: Partial DSN stored in secret (credentials + host info only)
# This will be combined with a template to build the complete DSN
# Usage: k8ssecret://db-creds?key=APP_DB_CONNECTION&template=postgres://DSN_VALUE?application_name=sql-exporter&sslmode=require
apiVersion: v1
kind: Secret
metadata:
  name: db-creds
  namespace: default
  labels:
    app: sql-exporter
    type: partial-dsn
type: Opaque
stringData:
  # Partial DSN: credentials@host:port/database (no protocol, no query params)
  APP_DB_CONNECTION: "user:password@postgres.default.svc.cluster.local:5432/mydb"