Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    User Defined Secrets in LM Container

    Last updated on 20 December, 2023

    A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Kubernetes Secrets allows you to configure the Kubernetes cluster to use sensitive data (such as passwords) without writing the password in plain text into the configuration files. For more information, see Secrets from Kubernetes documentation.

    Note: If you are using secrets on your LM Container, granting manage permission might reveal your encoded configuration data.

    Requirements for Configuring User Defined Secrets in LM Container

    Ensure you have LM Container Helm Charts version 5.0.0 or later.

    Configuring User Defined Secrets for your Kubernetes Clusters in LM Containers

    Creating a Secret involves using the key-value pair to store the data. To create Secrets, do as follows:

    1. Create the secrets.yaml with opaque secret type that encodes in Base64 format similar to the following example.

    Note: Adding the data label encodes the accessID, accessKey, and account field values in Base64 format. 

    apiVersion: v1
data:
  accessID: NmdjRTNndEU2UjdlekZhOEp2M2Q=
  accessKey: bG1hX1JRS1MrNFUtMyhrVmUzLXE0Sms2Qzk0RUh7aytfajIzS1dDcUxQREFLezlRKW1KSChEYzR+dzV5KXo1UExNemxoT0RWa01XTXROVEF5TXkwME1UWmtMV0ZoT1dFdE5XUmpOemd6TlROaVl6Y3hMM2oyVGpo
  account: bG1zYWdhcm1hbWRhcHVyZQ==
  etcdDiscoveryToken: ""
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque

    or

    1. Create the secrets.yaml with an opaque secret stringData type similar to the following example.
    apiVersion: v1
stringData:
  accessID: "6gcE3gtE6R7ezFa8Jv3d"
  accessKey: "lma_RQKS+4U-3(kVe3-q4Jk6C94EH{k+_j23KWCqLPDAK{9Q)mJH(Dc4~w5y)z5PLMzlhODVkMWMtNTAyMy00MTZkLWFhOWEtNWRjNzgzNTNiYzcxL3j2Tjh"
  account: "lmadminuser"
  etcdDiscoveryToken: ""
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque
    1. Enter the accessIDaccessKey, and account field values.

    Note: If you have an existing cluster, enter the same values used while creating Kubernetes Cluster.
    1. Save the secrets.yaml file.
    2. Open and edit the lm-container-configuration.yaml file.
    3. Enter a new field userDefinedSecret with the required value similar to the following example.

    Note: The value for userDefinedSecret must be the same as the newly created secret name.

     
    argus:
  clusterName: secret-cluster
global:
  accessID: ""
  accessKey: ""
  account: ""
  userDefinedSecret: "user-provided-secret"
    1. Save the lm-container-configuration.yaml file.
    2. In your terminal, enter the following command:
    Kubectl apply -f secrets.yaml -n <namespace_where_lm_container will be installed>

    Note: Once you apply the secrets and install the LM Container, delete the accessID, accessKey, and account field values in the lm-container-configuration.yaml for security reasons.

    The following table displays the Secrets fields:

    Field NameField TypeDescription
    accessIDmandatoryLM access ID
    accessKeymandatoryLM access key
    accountmandatoryLM account name
    argusProxyPassoptionalargus proxy password
    argusProxyUseroptionalargus proxy user name
    collectorProxyPassoptionalcollector proxy password
    collectorProxyUseroptionalcollector proxy username
    collectorSetControllerProxyPassoptionalcollectorset-controller proxy password
    collectorSetControllerProxyUseroptionalcollectorset-controller proxy username
    etcdDiscoveryTokenoptionaletcd discovery token
    proxyPassoptionalglobal proxy password
    proxyUseroptionalglobal proxy username

    Example of Secrets with Proxy Details for Kubernetes Cluster

    The following secrets.yaml file displays user-defined secrets with the proxy details:

    apiVersion: v1
data:
  accessID:
  accessKey:
  account:
  etcdDiscoveryToken:
  proxyUser:
  proxyPass:
  argusProxyUser:
  argusProxyPass:
  cscProxyUser:
  cscProxyPass:
  collectorProxyUser:
  collectorProxyPass:
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque

    There are two types of proxies; global proxy and component-level proxy. When you provide a global proxy, it applies to all Argus, Collectorset-Controller, and collector components. When you add both component-level proxy and global proxy, component-level proxy gains precedence. For example, if you add a collector proxy and a global proxy, the collector proxy is applied to the collector, and a global proxy is applied to the other Argus and Collectorset-Controller components. 

    The following is an example of the lm-container-configuration.yaml file:

    global:
  accessID: ""
  accessKey: ""
  account: ""
  userDefinedSecrets: <secret-name>
  proxy: 
    url: "proxy_url_here"
    In This Article