From 74c8ef7209ac0ccb9d4c23db11987b22638ff91a Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Mon, 16 Mar 2026 14:42:03 -0700 Subject: [PATCH] Switch unpoller to API key auth from 1Password item 'unpoller' Co-Authored-By: Claude Opus 4.6 (1M context) --- argocd/manifests/unpoller/deployment.yaml | 9 ++------- argocd/manifests/unpoller/external-secret.yaml | 10 +++------- argocd/manifests/unpoller/up.conf | 3 +-- docs/reference/infrastructure/unifi.md | 4 ++-- 4 files changed, 8 insertions(+), 18 deletions(-) diff --git a/argocd/manifests/unpoller/deployment.yaml b/argocd/manifests/unpoller/deployment.yaml index cffa704..2f7d13c 100644 --- a/argocd/manifests/unpoller/deployment.yaml +++ b/argocd/manifests/unpoller/deployment.yaml @@ -22,16 +22,11 @@ spec: - containerPort: 9130 name: metrics env: - - name: UP_UNIFI_DEFAULT_USER + - name: UP_UNIFI_DEFAULT_API_KEY valueFrom: secretKeyRef: name: unpoller-unifi - key: username - - name: UP_UNIFI_DEFAULT_PASS - valueFrom: - secretKeyRef: - name: unpoller-unifi - key: password + key: api-key volumeMounts: - name: config mountPath: /etc/unpoller diff --git a/argocd/manifests/unpoller/external-secret.yaml b/argocd/manifests/unpoller/external-secret.yaml index e4c3165..c82ec0d 100644 --- a/argocd/manifests/unpoller/external-secret.yaml +++ b/argocd/manifests/unpoller/external-secret.yaml @@ -12,11 +12,7 @@ spec: name: unpoller-unifi creationPolicy: Owner data: - - secretKey: username + - secretKey: api-key remoteRef: - key: unifi - property: username - - secretKey: password - remoteRef: - key: unifi - property: password + key: unpoller + property: credential diff --git a/argocd/manifests/unpoller/up.conf b/argocd/manifests/unpoller/up.conf index cafef5b..0430067 100644 --- a/argocd/manifests/unpoller/up.conf +++ b/argocd/manifests/unpoller/up.conf @@ -9,8 +9,7 @@ dynamic = false [unifi.defaults] - # Credentials come from environment variables: - # UP_UNIFI_DEFAULT_USER and UP_UNIFI_DEFAULT_PASS + # API key comes from environment variable: UP_UNIFI_DEFAULT_API_KEY url = "https://192.168.1.1" verify_ssl = false save_sites = true diff --git a/docs/reference/infrastructure/unifi.md b/docs/reference/infrastructure/unifi.md index d02604f..6182880 100644 --- a/docs/reference/infrastructure/unifi.md +++ b/docs/reference/infrastructure/unifi.md @@ -71,11 +71,11 @@ Attempted Feb 2026 with the `ubiquiti-community/unifi` Terraform provider via Pu ## Monitoring -UniFi metrics are exported to Prometheus via [UnPoller](https://github.com/unpoller/unpoller), running as a k8s deployment in the `monitoring` namespace on indri. UnPoller polls the UX7 controller API using a read-only local account (`blumeops`) and exposes metrics on port 9130. +UniFi metrics are exported to Prometheus via [UnPoller](https://github.com/unpoller/unpoller), running as a k8s deployment in the `monitoring` namespace on indri. UnPoller polls the UX7 controller API using an API key and exposes metrics on port 9130. - **Prometheus job:** `unpoller` - **Metrics prefix:** `unifi_` -- **Credentials:** 1Password item `unifi` (vault `blumeops`) +- **Credentials:** 1Password item `unpoller` (vault `blumeops`, API key) ## Related