/monzo-exporter-go

Prometheus exporter for Monzo

Primary LanguageGoMIT LicenseMIT

Monzo prometheus exporter

Very alpha

Roadmap

  • Export metrics from Monzo
  • OAuth token capture
  • OAuth token refresh
  • OAuth token persistent storage

Instructions

CLI usage:

$ monzo-exporter --help

usage: monzo-exporter [<flags>]

Flags:
  --help                         Show context-sensitive help (also try --help-long and --help-man).
  --monzo-oauth-client-id=""     Monzo OAuth client id
  --monzo-oauth-client-secret=""
                                 Monzo OAuth client secret
  --monzo-oauth-port=8080        The port to bind to for serving OAuth
  --monzo-oauth-external-url=""  The URL on which the exporter will be reachable
  --monzo-access-tokens=""       Monzo access tokens comma separated
  --scrape-interval=30           Time in seconds between scrapes
  --metrics-port=8080            The port to bind to for serving metrics

Access tokens from Monzo playground

Using one or many access keys from Monzo API Playground you can run:

monzo-exporter --monzo-access-tokens=token1,token2,token3

These tokens are only valid for 6 hours.

Using OAuth flow

This exporter has the ability to export metrics and also do OAuth flows for Monzo.

You can run:

monzo-exporter                                                       \
  --monzo-oauth-client-id     my-client-id-from-monzo-playground     \
  --monzo-oauth-client-secret my-client-secret-from-monzo-playground \
  --monzo-oauth-external-url  https://external-url-for-server

Please do TLS termination (HTTPS) in front of the Monzo exporter. This will involve something like traefik or nginx.

You can configure the port on which the OAuth component listens on with the flag: --monzo-oauth-port, which defaults to port 8080.

The OAuth flow uses a cookie for ensuring that there is no tampering with authentication. This means that you have to complete the OAuth journey using the same browser.

Presently this exporter has no persistent state, so restarting the process will require all users to reauthenticate.

Deployment using Kubernetes

You will need the prometheus-operator CRDs on your cluster. Kubeyaml examples in the examples directory:

  • There should be Deployment ensuring there is always one Pod running
  • There should be a Service exposing the exporter
  • There should be a ServiceMonitor so Prometheus scrapes the exporter
  • (Optional) There should be a Service exposing the OAuth server
  • (Optional) There should be an Ingress exposing the OAuth server (no example)