Skip to content

Commit a8f141e

Browse files
committed
feat(vmauth): add vmauth
1 parent a55dc24 commit a8f141e

6 files changed

Lines changed: 161 additions & 4 deletions

File tree

charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,22 @@ spec:
1515
kubernetes.io/metadata.name: {{.Release.Namespace}}
1616
podSelector:
1717
matchLabels:
18-
app: drycc-controller-api
18+
app: drycc-victoriametrics
19+
20+
---
21+
apiVersion: networking.k8s.io/v1
22+
kind: NetworkPolicy
23+
metadata:
24+
name: drycc-victoriametrics-vmauth
25+
spec:
26+
podSelector:
27+
matchLabels:
28+
app: drycc-victoriametrics
29+
component: drycc-victoriametrics-vmauth
30+
policyTypes:
31+
- Ingress
32+
ingress:
1933
- from:
2034
- namespaceSelector:
2135
matchLabels:
2236
kubernetes.io/metadata.name: {{.Release.Namespace}}
23-
podSelector:
24-
matchLabels:
25-
app: drycc-victoriametrics
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: victoriametrics-vmauth-config
5+
labels:
6+
heritage: drycc
7+
data:
8+
vmauth.yaml: |
9+
users:
10+
- username: {{ .Values.vmauth.username }}
11+
password: {{ .Values.vmauth.password }}
12+
url_map:
13+
- src_paths:
14+
- "/insert"
15+
url_prefix: "http://drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480/"
16+
url_prefix: "http://drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481/"
17+
discover_backend_ips: true
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
apiVersion: v1
2+
kind: Secret
3+
metadata:
4+
name: victoriametrics-vmauth-creds
5+
labels:
6+
heritage: drycc
7+
type: Opaque
8+
data:
9+
username: {{ .Values.vmauth.username | b64enc }}
10+
password: {{ .Values.vmauth.password | b64enc }}
Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
name: drycc-victoriametrics-vmauth
5+
labels:
6+
app: drycc-victoriametrics
7+
heritage: drycc
8+
component: drycc-victoriametrics-vmauth
9+
spec:
10+
replicas: {{ .Values.vmauth.replicas }}
11+
selector:
12+
matchLabels:
13+
app: drycc-victoriametrics
14+
component: drycc-victoriametrics-vmauth
15+
template:
16+
metadata:
17+
labels: {{- include "common.labels.standard" . | nindent 8 }}
18+
app: drycc-victoriametrics
19+
component: drycc-victoriametrics-vmauth
20+
spec:
21+
affinity:
22+
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmauth.podAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }}
23+
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAntiAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmauth.podAntiAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }}
24+
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmauth.nodeAffinityPreset.type "key" .Values.vmauth.nodeAffinityPreset.key "values" .Values.vmauth.nodeAffinityPreset.values ) | nindent 10 }}
25+
initContainers:
26+
- name: drycc-victoriametrics-vmauth-init
27+
image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest
28+
imagePullPolicy: {{.Values.imagePullPolicy}}
29+
args:
30+
- netcat
31+
- -v
32+
- -a
33+
- drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481
34+
- -a
35+
- drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480
36+
containers:
37+
- name: drycc-victoriametrics-vmauth
38+
image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/victoriametrics:{{.Values.imageTag}}
39+
imagePullPolicy: {{.Values.imagePullPolicy}}
40+
{{- if .Values.diagnosticMode.enabled }}
41+
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }}
42+
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }}
43+
{{- else }}
44+
args:
45+
- vmauth
46+
- --auth.config=/etc/victoriametrics/vmauth.yaml
47+
{{- if .Values.vmauth.extraArgs }}
48+
{{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraArgs "context" $) | nindent 8 }}
49+
{{- end }}
50+
{{- end }}
51+
{{- with index .Values "vmauth" "resources" }}
52+
resources:
53+
{{- toYaml . | nindent 10 }}
54+
{{- end }}
55+
ports:
56+
- containerPort: 8427
57+
livenessProbe:
58+
tcpSocket:
59+
port: 8427
60+
readinessProbe:
61+
httpGet:
62+
path: /health
63+
port: 8427
64+
startupProbe:
65+
httpGet:
66+
path: /health
67+
port: 8427
68+
volumeMounts:
69+
- name: victoriametrics-vmauth-config
70+
subPath: vmauth.yaml
71+
readOnly: true
72+
mountPath: /etc/victoriametrics/vmauth.yaml
73+
volumes:
74+
- name: victoriametrics-vmauth-config
75+
configMap:
76+
name: victoriametrics-vmauth-config
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
apiVersion: v1
2+
kind: Service
3+
metadata:
4+
name: drycc-victoriametrics-vmauth
5+
annotations:
6+
prometheus.io/scrape: "true"
7+
prometheus.io/port: "8427"
8+
prometheus.io/path: "/metrics"
9+
labels:
10+
app: drycc-victoriametrics
11+
heritage: drycc
12+
component: drycc-victoriametrics-vmauth
13+
spec:
14+
clusterIP: None
15+
ports:
16+
- port: 8427
17+
name: http
18+
targetPort: 8427
19+
selector:
20+
app: drycc-victoriametrics
21+
component: drycc-victoriametrics-vmauth

charts/victoriametrics/values.yaml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,28 @@ vmagent:
5151
size: 5Gi
5252
storageClass: ""
5353

54+
## victoriametrics vmauth configuration
55+
##
56+
vmauth:
57+
username: admin
58+
password: admin
59+
nodeAffinityPreset:
60+
key: "drycc.cc/node"
61+
type: "soft"
62+
values:
63+
- "true"
64+
podAffinityPreset:
65+
type: ""
66+
extraMatchLabels:
67+
security: "drycc-security"
68+
podAntiAffinityPreset:
69+
type: "soft"
70+
extraMatchLabels:
71+
app: "drycc-victoriametrics-vmauth"
72+
replicas: 1
73+
resources: {}
74+
extraArgs: {}
75+
5476
## victoriametrics vminsert configuration
5577
##
5678
vminsert:

0 commit comments

Comments
 (0)