Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

User Defined Secrets in LM Container

Last updated on 03 June, 2024

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Kubernetes Secrets allows you to configure the Kubernetes cluster to use sensitive data (such as passwords) without writing the password in plain text into the configuration files. For more information, see Secrets from Kubernetes documentation.

Note: If you are using secrets on your LM Container, granting manage permission might reveal your encoded configuration data.

Requirements for Configuring User Defined Secrets in LM Container

Ensure you have LM Container Helm Charts version 5.0.0 or later.

Configuring User Defined Secrets for your Kubernetes Clusters in LM Containers

Creating a Secret involves using the key-value pair to store the data. To create Secrets, do as follows:

  1. Create the secrets.yaml with opaque secret type that encodes in Base64 format similar to the following example.

Note: Adding the data label encodes the accessID, accessKey, and account field values in Base64 format. 

apiVersion: v1
data:
  accessID: NmdjRTNndEU2UjdlekZhOEp2M2Q=
  accessKey: bG1hX1JRS1MrNFUtMyhrVmUzLXE0Sms2Qzk0RUh7aytfajIzS1dDcUxQREFLezlRKW1KSChEYzR+dzV5KXo1UExNemxoT0RWa01XTXROVEF5TXkwME1UWmtMV0ZoT1dFdE5XUmpOemd6TlROaVl6Y3hMM2oyVGpo
  account: bG1zYWdhcm1hbWRhcHVyZQ==
  etcdDiscoveryToken: ""
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque

or

  1. Create the secrets.yaml with an opaque secret stringData type similar to the following example.
apiVersion: v1
stringData:
  accessID: "6gcE3gtE6R7ezFa8Jv3d"
  accessKey: "lma_RQKS+4U-3(kVe3-q4Jk6C94EH{k+_j23KWCqLPDAK{9Q)mJH(Dc4~w5y)z5PLMzlhODVkMWMtNTAyMy00MTZkLWFhOWEtNWRjNzgzNTNiYzcxL3j2Tjh"
  account: "lmadminuser"
  etcdDiscoveryToken: ""
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque
  1. Enter the accessIDaccessKey, and account field values.

Note: If you have an existing cluster, enter the same values used while creating Kubernetes Cluster.

  1. Save the secrets.yaml file.
  2. Open and edit the lm-container-configuration.yaml file.
  3. Enter a new field userDefinedSecret with the required value similar to the following example.

Note: The value for userDefinedSecret must be the same as the newly created secret name.

argus:
  clusterName: secret-cluster
global:
  accessID: ""
  accessKey: ""
  account: ""
  userDefinedSecret: "user-provided-secret"
  1. Save the lm-container-configuration.yaml file.
  2. In your terminal, enter the following command:
Kubectl apply -f secrets.yaml -n <namespace_where_lm_container will be installed>

Note: Once you apply the secrets and install the LM Container, delete the accessID, accessKey, and account field values in the lm-container-configuration.yaml for security reasons.

The following table displays the Secrets fields:

Field NameField TypeDescription
accessIDmandatoryLM access ID
accessKeymandatoryLM access key
accountmandatoryLM account name
argusProxyPassoptionalargus proxy password
argusProxyUseroptionalargus proxy user name
collectorProxyPassoptionalcollector proxy password
collectorProxyUseroptionalcollector proxy username
collectorSetControllerProxyPassoptionalcollectorset-controller proxy password
collectorSetControllerProxyUseroptionalcollectorset-controller proxy username
etcdDiscoveryTokenoptionaletcd discovery token
proxyPassoptionalglobal proxy password
proxyUseroptionalglobal proxy username

Example of Secrets with Proxy Details for Kubernetes Cluster

The following secrets.yaml file displays user-defined secrets with the proxy details:

apiVersion: v1
data:
  accessID:
  accessKey:
  account:
  etcdDiscoveryToken:
  proxyUser:
  proxyPass:
  argusProxyUser:
  argusProxyPass:
  cscProxyUser:
  cscProxyPass:
  collectorProxyUser:
  collectorProxyPass:
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque

There are two types of proxies; global proxy and component-level proxy. When you provide a global proxy, it applies to all Argus, Collectorset-Controller, and collector components. When you add both component-level proxy and global proxy, component-level proxy gains precedence. For example, if you add a collector proxy and a global proxy, the collector proxy is applied to the collector, and a global proxy is applied to the other Argus and Collectorset-Controller components. 

The following is an example of the lm-container-configuration.yaml file:

global:
  accessID: ""
  accessKey: ""
  account: ""
  userDefinedSecret: <secret-name>
  proxy: 
    url: "proxy_url_here"
In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.