Skip to content

Commit

Permalink
added vmauth to k8s-stack (#1488)
Browse files Browse the repository at this point in the history
* added vmauth to k8s-stack

* fixed example

* use built in ingress for vmauth
  • Loading branch information
AndrewChubatiuk committed Sep 19, 2024
1 parent d9965b9 commit 4223eee
Show file tree
Hide file tree
Showing 5 changed files with 105 additions and 0 deletions.
1 change: 1 addition & 0 deletions charts/victoria-metrics-k8s-stack/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
## Next release

- Moved crds to a shared chart and import them as a dependency
- Added VMAuth to k8s stack. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/829)
- Fixed ETCD dashboard

## 0.25.16
Expand Down
45 changes: 45 additions & 0 deletions charts/victoria-metrics-k8s-stack/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2102,6 +2102,51 @@ selectAllByDefault: true
</pre>
</td>
<td><p>extra vmalert annotation templates</p>
</td>
</tr>
<tr>
<td>vmauth.annotations</td>
<td>object</td>
<td><pre lang="plaintext">
{}
</pre>
</td>
<td></td>
</tr>
<tr>
<td>vmauth.enabled</td>
<td>bool</td>
<td><pre lang="">
false
</pre>
</td>
<td></td>
</tr>
<tr>
<td>vmauth.ingress</td>
<td>object</td>
<td><pre lang="plaintext">
annotations: {}
enabled: false
hosts:
- vmauth.domain.com
labels: {}
path: /
pathType: Prefix
</pre>
</td>
<td><p>vmagent ingress configuration</p>
</td>
</tr>
<tr>
<td>vmauth.spec</td>
<td>object</td>
<td><pre lang="plaintext">
discover_backend_ips: true
port: "8427"
</pre>
</td>
<td><p>full spec for VMAuth CRD. Allowed values described <a href="https://docs.victoriametrics.com/operator/api#vmauthspec" target="_blank">here</a></p>
</td>
</tr>
<tr>
Expand Down
37 changes: 37 additions & 0 deletions charts/victoria-metrics-k8s-stack/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,43 @@ If release name contains chart name it will be used as a full name.
{{- tpl (deepCopy $Values.vmagent.spec | mergeOverwrite $spec | toYaml) . -}}
{{- end }}

{{- /* VMAuth spec */ -}}
{{- define "vm.auth.spec" -}}
{{- $ctx := . -}}
{{- $Values := (.helm).Values | default .Values }}
{{- $unauthorizedAccessConfig := default list }}
{{- if $Values.vmsingle.enabled -}}
{{- $_ := set $ctx "appKey" (list "vmsingle") -}}
{{- $url := (include "vm.url" $ctx) }}
{{- $srcPath := clean (printf "%s/.*" (urlParse $url).path) }}
{{- $unauthorizedAccessConfig = append $unauthorizedAccessConfig (dict "src_paths" (list $srcPath) "url_prefix" (list $url)) }}
{{- else if $Values.vmcluster.enabled -}}
{{- $_ := set $ctx "appKey" (list "vmcluster" "vminsert") -}}
{{- $writeUrl := (include "vm.url" $ctx) }}
{{- $writeSrcPath := clean (printf "%s/insert/.*" (urlParse $writeUrl).path) }}
{{- $unauthorizedAccessConfig = append $unauthorizedAccessConfig (dict "src_paths" (list $writeSrcPath) "url_prefix" (list $writeUrl)) }}
{{- $_ := set $ctx "appKey" (list "vmcluster" "vmselect") -}}
{{- $readUrl := (include "vm.url" $ctx) }}
{{- $readSrcPath := clean (printf "%s/select/.*" (urlParse $readUrl).path) }}
{{- $unauthorizedAccessConfig = append $unauthorizedAccessConfig (dict "src_paths" (list $readSrcPath) "url_prefix" (list $readUrl)) }}
{{- else if or $Values.externalVM.read.url $Values.externalVM.write.url }}
{{- with $Values.externalVM.read.url }}
{{- $srcPath := regexReplaceAll "(.*)/api/.*" (clean (printf "%s/.*" (urlParse .).path)) "${1}" }}
{{- $unauthorizedAccessConfig = append $unauthorizedAccessConfig (dict "src_paths" (list $srcPath) "url_prefix" (list .)) }}
{{- end -}}
{{- with $Values.externalVM.write.url }}
{{- $srcPath := regexReplaceAll "(.*)/api/.*" (clean (printf "%s/.*" (urlParse .).path)) "${1}" }}
{{- $unauthorizedAccessConfig = append $unauthorizedAccessConfig (dict "src_paths" (list $srcPath) "url_prefix" (list .)) }}
{{- end -}}
{{- end -}}
{{- $spec := $Values.vmauth.spec }}
{{- $_ := set $spec "unauthorizedAccessConfig" (concat $unauthorizedAccessConfig ($spec.unauthorizedAccessConfig | default list)) }}
{{- with (include "vm.license.global" .) -}}
{{- $_ := set $spec "license" (fromYaml .) -}}
{{- end -}}
{{- tpl (toYaml $spec) . -}}
{{- end -}}

{{- /* Alermanager spec */ -}}
{{- define "vm.alertmanager.spec" -}}
{{- $Values := (.helm).Values | default .Values }}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{- if .Values.vmauth.enabled }}
---
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMAuth
metadata:
{{- with .Values.vmauth.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
{{- $ctx := dict "helm" . "appKey" "vmauth" }}
name: {{ include "victoria-metrics-k8s-stack.fullname" $ctx }}
namespace: {{ include "vm.namespace" . }}
labels: {{ include "victoria-metrics-k8s-stack.labels" . | nindent 4 }}
spec: {{ include "vm.auth.spec" . | nindent 2 }}
{{- end }}
8 changes: 8 additions & 0 deletions charts/victoria-metrics-k8s-stack/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,14 @@ vmalert:
# hosts:
# - vmalert.domain.com

vmauth:
enabled: false
annotations: {}
# -- (object) full spec for VMAuth CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmauthspec)
spec:
discover_backend_ips: true
port: "8427"

vmagent:
enabled: true
annotations: {}
Expand Down

0 comments on commit 4223eee

Please sign in to comment.