Very alpha
- Export metrics from Monzo
- OAuth token capture
- OAuth token refresh
- OAuth token persistent storage
$ monzo-exporter --help
usage: monzo-exporter [<flags>]
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
--monzo-oauth-client-id="" Monzo OAuth client id
--monzo-oauth-client-secret=""
Monzo OAuth client secret
--monzo-oauth-port=8080 The port to bind to for serving OAuth
--monzo-oauth-external-url="" The URL on which the exporter will be reachable
--monzo-access-tokens="" Monzo access tokens comma separated
--scrape-interval=30 Time in seconds between scrapes
--metrics-port=8080 The port to bind to for serving metrics
Using one or many access keys from Monzo API Playground you can run:
monzo-exporter --monzo-access-tokens=token1,token2,token3
These tokens are only valid for 6 hours.
This exporter has the ability to export metrics and also do OAuth flows for Monzo.
You can run:
monzo-exporter \
--monzo-oauth-client-id my-client-id-from-monzo-playground \
--monzo-oauth-client-secret my-client-secret-from-monzo-playground \
--monzo-oauth-external-url https://external-url-for-server
Please do TLS termination (HTTPS) in front of the Monzo exporter. This will involve something like traefik or nginx.
You can configure the port on which the OAuth component listens on with the
flag: --monzo-oauth-port
, which defaults to port 8080.
The OAuth flow uses a cookie for ensuring that there is no tampering with authentication. This means that you have to complete the OAuth journey using the same browser.
Presently this exporter has no persistent state, so restarting the process will require all users to reauthenticate.
You will need the prometheus-operator
CRDs on your cluster. Kubeyaml
examples in the examples
directory:
- There should be Deployment ensuring there is always one Pod running
- There should be a Service exposing the exporter
- There should be a ServiceMonitor so Prometheus scrapes the exporter
- (Optional) There should be a Service exposing the OAuth server
- (Optional) There should be an Ingress exposing the OAuth server (no example)