The application uses DefaultAzureCredential to authenticate using the developer's az identity.
azure-exporter container images are being signed by Sigstore and may be verified:
cosign verify \
--key=./cosign.pub \
ghcr.io/dazwilkin/azure-exporter:270f18af60491aed215951fbb7748602d44c76c2Uses azidentity.NewDefaultAzureCredential, please az login to ensure credentials are available before running:
SUBSCRIPTION="..." # Azure Subscription ID
PORT="8080"
go run github.com/DazWilkin/azure-exporter \
--endpoint="0.0.0.0:${PORT}" \
--path="/metrics"NOTE
go run .works too--endpointdefaults to0.0.0.0:9476and--pathdefaults to/metricsso both arguments are redundant
When running in a (Linux) container, the exporter is unable to obtain CLI (az login) credentials.
Please create a Service Principal and use its credentials:
First, you'll need a certificate and key:
NAME="azure-exporter" # Or...
openssl req \
-x509 \
-newkey rsa:4096 \
-keyout ${NAME}.key \
-out ${NAME}.crt \
-sha256 \
-days 365 \
-nodes \
-subj "/CN=${NAME}"In a subsequent step, the Azure CLI will set AZURE_CLIENT_CERTIFICATE_PATH to point to a file that contains both the key and cert:
NAME="azure-exporter" # Or...
cat ${NAME}.key >> ${NAME}.key+crt
cat ${NAME}.crt >> ${NAME}.key+crtThen:
SUBSCRIPTION="..."
GROUP="..."
NAME="azure-exporter" # Or...
az ad sp create-for-rbac \
--name=${NAME} \
--role="Reader" \
--scopes="/subscriptions/${SUBSCRIPTION}/resourceGroups/${GROUP}" \
--cert=@${PWD}/${NAME}.crtYields:
{
"appId": "{AZURE_CLIENT_ID}",
"displayName": "{NAME}",
"password": null,
"tenant": "{AZURE_TENANT_ID}"
}Then, using the above-generated values for the environment variables shown below, you can run the container:
SUBSCRIPTION="..." # Azure Subscription ID
AZURE_CLIENT_ID="..." # Use values from Service Principal
AZURE_TENANT_ID="..."
AZURE_CLIENT_CERTIFICATE_PATH="${PWD}/azure-exporter.key+crt"
PORT="8080"
podman run \
--interactive --tty --rm \
--name=azure-exporter \
--env=SUBSCRIPTION=${SUBSCRIPTION} \
--env=AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \
--env=AZURE_TENANT_ID=${AZURE_TENANT_ID} \
--env=AZURE_CLIENT_CERTIFICATE_PATH=/secrets/azure-exporter.key+crt \
--volume=${AZURE_CLIENT_CERTIFICATE_PATH}:/secrets/azure-exporter.key+crt \
--publish=${PORT}:${PORT}/tcp \
ghcr.io/dazwilkin/azure-exporter:270f18af60491aed215951fbb7748602d44c76c2 \
--endpoint=0.0.0.0:${PORT} \
--path="/metrics"| Name | Type | Description |
|---|---|---|
azure_container_apps_total |
Gauge | Number of Azure Container Apps deployed |
azure_exporter_build_info |
Counter | Describes build info |
azure_exporter_start_time |
Gauge | The time (UNIX epoch) when the exporter started |
azure_resource_groups_total |
Gauge | Number of Azure Resource Groups |
For example:
groups:
- name: azure_exporter
rules:
- alert: azure_container_apps_running
expr: min_over_time(azure_container_apps_total{}[15m]) > 0
for: 6h
labels:
severity: page
annotations:
summary: "Azure Container Apps ({{ $value }}) running (resource group: {{ $labels.resourcegroup }})"azure-exporter container images are being signed by Sigstore and may be verified:
cosign verify \
--key=./cosign.pub \
ghcr.io/dazwilkin/azure-exporter:270f18af60491aed215951fbb7748602d44c76c2NOTE cosign.pub may be downloaded here
To install cosign:
go install github.com/sigstore/cosign/cmd/cosign@latest- Prometheus Exporter for Fly.io
- Prometheus Exporter for GCP
- Prometheus Exporter for Koyeb
- Prometheus Exporter for Linode
- Prometheus Exporter for Vultr
