diff --git a/Makefile b/Makefile index faf89a1..78c0625 100644 --- a/Makefile +++ b/Makefile @@ -85,8 +85,8 @@ dev-operators-deploy: dev ## Deploy motel-operators helm chart to the K8s cluste .PHONY: dev-collectors-deploy dev-collectors-deploy: dev ## Deploy motel-collector helm chart to the K8s cluster specified in ~/.kube/config cp -f $(TEMPLATES_DIR)/motel-collectors/values.yaml dev/collectors-values.yaml - @$(YQ) eval -i '.motel.logs_endpoint = "http://$(MOTEL_STORAGE_NAME)-victoria-logs-single-server.$(MOTEL_STORAGE_NS):9428/insert/opentelemetry/v1/logs"' dev/collectors-values.yaml - @$(YQ) eval -i '.motel.metrics_endpoint = "http://vminsert-cluster.$(MOTEL_STORAGE_NS):8480/insert/0/prometheus/api/v1/write"' dev/collectors-values.yaml + @$(YQ) eval -i '.motel.logs.endpoint = "http://$(MOTEL_STORAGE_NAME)-victoria-logs-single-server.$(MOTEL_STORAGE_NS):9428/insert/opentelemetry/v1/logs"' dev/collectors-values.yaml + @$(YQ) eval -i '.motel.metrics.endpoint = "http://vminsert-cluster.$(MOTEL_STORAGE_NS):8480/insert/0/prometheus/api/v1/write"' dev/collectors-values.yaml @$(YQ) eval -i '.opencost.opencost.prometheus.external.url = "http://vmselect-cluster.$(MOTEL_STORAGE_NS):8481/select/0/prometheus"' dev/collectors-values.yaml $(HELM) upgrade -i motel-collectors ./charts/motel-collectors --create-namespace -n motel -f dev/collectors-values.yaml @@ -103,8 +103,8 @@ dev-storage-deploy: dev ## Deploy motel-storage helm chart to the K8s cluster sp dev-ms-deploy-aws: dev ## Deploy Mothership helm chart to the K8s cluster specified in ~/.kube/config for a remote storage cluster cp -f $(TEMPLATES_DIR)/motel-mothership/values.yaml dev/mothership-values.yaml @$(YQ) eval -i '.hmc.installTemplates = true' dev/mothership-values.yaml - @$(YQ) eval -i '.grafana.logSources = [{"name": "$(USER)-storage", "url": "https://vmauth.$(STORAGE_DOMAIN)/vls", "type": "victoriametrics-logs-datasource", "auth": {"username": "motel", "password": "motel"} }]' dev/mothership-values.yaml - @$(YQ) eval -i '.promxy.config.serverGroups = [{"clusterName": "$(USER)-storage", "targets": ["vmauth.$(STORAGE_DOMAIN):443"], "auth": {"username": "motel", "password": "motel"}}]' dev/mothership-values.yaml + @$(YQ) eval -i '.grafana.logSources = [{"name": "$(USER)-storage", "url": "https://vmauth.$(STORAGE_DOMAIN)/vls", "type": "victoriametrics-logs-datasource", "auth": {"credentials_secret_name": "grafana-admin-credentials"}}]' dev/mothership-values.yaml + @$(YQ) eval -i '.promxy.config.serverGroups = [{"clusterName": "$(USER)-storage", "targets": ["vmauth.$(STORAGE_DOMAIN):443"], "auth": {"credentials_secret_name": "grafana-admin-credentials"}}]' dev/mothership-values.yaml @$(YQ) eval -i '.hmc.motel.charts.collectors.version = "$(COLLECTORS_VERSION)"' dev/mothership-values.yaml @$(YQ) eval -i '.hmc.motel.charts.storage.version = "$(STORAGE_VERSION)"' dev/mothership-values.yaml @@ -135,8 +135,8 @@ dev-managed-deploy-aws: dev ## Deploy Regional Managed cluster using HMC @$(YQ) eval -i '.metadata.name = "$(USER)-aws-managed"' dev/aws-managed.yaml @$(YQ) '.spec.services[] | select(.name == "motel-collectors") | .values' dev/aws-managed.yaml > dev/motel-managed-values.yaml @$(YQ) eval -i '.opencost.opencost.prometheus.external.url = "https://vmauth.$(STORAGE_DOMAIN)/vm/select/0/prometheus"' dev/motel-managed-values.yaml - @$(YQ) eval -i '.motel.logs_endpoint = "https://vmauth.$(STORAGE_DOMAIN)/vls/insert/opentelemetry/v1/logs"' dev/motel-managed-values.yaml - @$(YQ) eval -i '.motel.metrics_endpoint = "https://vmauth.$(STORAGE_DOMAIN)/vm/insert/0/prometheus/api/v1/write"' dev/motel-managed-values.yaml + @$(YQ) eval -i '.motel.logs.endpoint = "https://vmauth.$(STORAGE_DOMAIN)/vls/insert/opentelemetry/v1/logs"' dev/motel-managed-values.yaml + @$(YQ) eval -i '.motel.metrics.endpoint = "https://vmauth.$(STORAGE_DOMAIN)/vm/insert/0/prometheus/api/v1/write"' dev/motel-managed-values.yaml @$(YQ) eval -i '(.spec.services[] | select(.name == "motel-collectors")).values |= load_str("dev/motel-managed-values.yaml")' dev/aws-managed.yaml kubectl apply -f dev/aws-managed.yaml diff --git a/README.md b/README.md index cd980d7..e3ba587 100644 --- a/README.md +++ b/README.md @@ -10,10 +10,26 @@ This repo contains 4 charts to deploy a monitoring stack using HMC and get metri ### Demo deployment In `demo/demo-mothership-values.yaml` set your target ingress names that you are going to use for your regional clusters, but they can always be changed after the fact + +Create secrets for grafana admin user and storage clusters datasources endpoint access. By default the secret below be reused everywhere, but it is customizable. + +```yaml +--- +kind: Secret +apiVersion: v1 +metadata: + name: grafana-admin-credentials + namespace: motel +stringData: + GF_SECURITY_ADMIN_USER: username # Grafana username + GF_SECURITY_ADMIN_PASSWORD: password # Grafana password +type: Opaque ``` + +```bash helm repo add motel https://mirantis.github.io/motel/ helm repo update -helm upgrade -i motel motel/motel-mothership -n hmc-system -f demo/demo-mothership-values.yaml +helm upgrade -i motel motel/motel-mothership -n motel -f demo/demo-mothership-values.yaml ``` ## Storage chart @@ -28,18 +44,22 @@ helm upgrade -i motel motel/motel-mothership -n hmc-system -f demo/demo-mothersh To deploy storage `managedcluster` configure desired ingress names for vmauth and regional Grafana in it's values for the `motel-storage` template. `demo/cluster/aws-storage.yaml` contains example definitions -``` + +```bash kubectl apply -f demo/cluster/aws-storage.yaml # you can check helm chart deployment status using ClusterSummary object: kubectl get clustersummaries.config.projectsveltos.io -n hmc-system ``` Once the storage managedcluster is ready - retrieve its kubeconfig and get loadbalancer IP/DNS name for your ingress-nginx service. -``` + +```bash kubectl get secret -n hmc-system aws-storage-kubeconfig -o jsonpath={.data.value} | base64 -d > /tmp/hmc-aws-storage-kubeconfig.yaml export KUBECONFIG=/tmp/hmc-aws-storage-kubeconfig.yaml kubectl get svc -n ingress-nginx ingress-nginx-controller ``` +Create secrets for grafana and vmauth according to the names provided in helm values. + With your preffered DNS hosting, set your ingress domains to resolve to that IP/DNS name, that's how the traffic will flow to/from regional cluster. To simplify this process it is posssible to enable [external-dns](https://kubernetes-sigs.github.io/external-dns/) helm chart deployment in values. @@ -62,7 +82,7 @@ kubectl apply -f demo/cluster/aws-managed.yaml kubectl get clustersummaries.config.projectsveltos.io -n hmc-system ``` -Once your managed clusters are up, it should start pushing metrics and logs to your storage one, through ingress domain you've configured. +Once your managed clusters are up, create secrets for storage cluster authentication, it should start pushing metrics and logs to your storage one, through ingress domain you've configured. Check your storage cluster's Grafana for results first, then you should be able to see the same cluster in Grafana on the "mothership". ### Scaling up diff --git a/charts/motel-collectors/templates/_helpers.tpl b/charts/motel-collectors/templates/_helpers.tpl new file mode 100644 index 0000000..00d78f5 --- /dev/null +++ b/charts/motel-collectors/templates/_helpers.tpl @@ -0,0 +1,13 @@ +{{- /* Basic auth extensions */ -}} +{{- define "basic_auth_extensions" -}} +{{- range tuple "metrics" "logs" }} +{{- $secret := (lookup "v1" "Secret" $.Release.Namespace (index $.Values "motel" . "credentials_secret_name")) }} +{{- if $secret }} +basicauth/{{ . }}: + client_auth: + username: {{ index $secret.data (index $.Values "motel" . "username_key") | b64dec | quote }} + password: {{ index $secret.data (index $.Values "motel" . "password_key") | b64dec | quote }} +{{- end }} +{{- end }} +{{- end }} + diff --git a/charts/motel-collectors/templates/opentelemetry/collector.yaml b/charts/motel-collectors/templates/opentelemetry/collector.yaml index c64b823..2f7228a 100644 --- a/charts/motel-collectors/templates/opentelemetry/collector.yaml +++ b/charts/motel-collectors/templates/opentelemetry/collector.yaml @@ -41,25 +41,23 @@ spec: exporters: debug: {} prometheusremotewrite: - endpoint: {{ .Values.motel.metrics_endpoint }} + endpoint: {{ .Values.motel.metrics.endpoint }} tls: insecure: true auth: - authenticator: basicauth/client + authenticator: basicauth/metrics otlphttp: auth: - authenticator: basicauth/client - logs_endpoint: {{ .Values.motel.logs_endpoint }} + authenticator: basicauth/logs + logs_endpoint: {{ .Values.motel.logs.endpoint }} extensions: - basicauth/client: - client_auth: - username: motel - password: motel + {{- include "basic_auth_extensions" . | nindent 6 }} service: extensions: - - basicauth/client + - basicauth/metrics + - basicauth/logs pipelines: logs: exporters: diff --git a/charts/motel-collectors/templates/opentelemetry/node-collector.yaml b/charts/motel-collectors/templates/opentelemetry/node-collector.yaml index 03b4d84..4087716 100644 --- a/charts/motel-collectors/templates/opentelemetry/node-collector.yaml +++ b/charts/motel-collectors/templates/opentelemetry/node-collector.yaml @@ -128,28 +128,26 @@ spec: batch: {} extensions: - basicauth/client: - client_auth: - username: motel - password: motel + {{- include "basic_auth_extensions" . | nindent 6 }} exporters: prometheusremotewrite: - endpoint: {{ .Values.motel.metrics_endpoint }} + endpoint: {{ .Values.motel.metrics.endpoint }} tls: insecure: true auth: - authenticator: basicauth/client + authenticator: basicauth/metrics otlphttp: auth: - authenticator: basicauth/client - logs_endpoint: {{ .Values.motel.logs_endpoint }} + authenticator: basicauth/logs + logs_endpoint: {{ .Values.motel.logs.endpoint }} debug: verbosity: detailed service: extensions: - - basicauth/client + - basicauth/metrics + - basicauth/logs pipelines: logs: exporters: diff --git a/charts/motel-collectors/values.yaml b/charts/motel-collectors/values.yaml index abd35d3..c202c26 100644 --- a/charts/motel-collectors/values.yaml +++ b/charts/motel-collectors/values.yaml @@ -2,8 +2,16 @@ global: clusterLabel: clusterName clusterName: mothership motel: - logs_endpoint: http://victoria-logs-single-server:9428/insert/opentelemetry/v1/logs - metrics_endpoint: http://vminsert-cluster:8480/insert/0/prometheus/api/v1/write + logs: + endpoint: http://victoria-logs-single-server:9428/insert/opentelemetry/v1/logs + credentials_secret_name: grafana-admin-credentials + username_key: GF_SECURITY_ADMIN_USER + password_key: GF_SECURITY_ADMIN_PASSWORD + metrics: + endpoint: http://vminsert-cluster:8480/insert/0/prometheus/api/v1/write + credentials_secret_name: grafana-admin-credentials + username_key: GF_SECURITY_ADMIN_USER + password_key: GF_SECURITY_ADMIN_PASSWORD prometheus-node-exporter: enabled: true hostNetwork: false @@ -31,8 +39,9 @@ opencost: enabled: true opencost: prometheus: - username: "motel" - password: "motel" + existingSecretName: grafana-admin-credentials + username_key: GF_SECURITY_ADMIN_USER + password_key: GF_SECURITY_ADMIN_PASSWORD external: enabled: true url: "https://vmauth.storage0.example.net/vm/select/0/prometheus" diff --git a/charts/motel-mothership/templates/grafana/grafana.yaml b/charts/motel-mothership/templates/grafana/grafana.yaml index e543904..984ee1b 100644 --- a/charts/motel-mothership/templates/grafana/grafana.yaml +++ b/charts/motel-mothership/templates/grafana/grafana.yaml @@ -46,15 +46,26 @@ spec: - name: grafana-data mountPath: /var/lib/grafana volumes: - - name: grafana-data - persistentVolumeClaim: - claimName: grafana-vm-pvc + - name: grafana-data + persistentVolumeClaim: + claimName: grafana-vm-pvc + containers: + - name: grafana + env: + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + key: GF_SECURITY_ADMIN_USER + name: {{ .Values.grafana.security.credentials_secret_name }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: GF_SECURITY_ADMIN_PASSWORD + name: {{ .Values.grafana.security.credentials_secret_name }} config: plugins: allow_loading_unsigned_plugins: victoriametrics-datasource,victoriametrics-logs-datasource - security: - admin_user: {{ .Values.grafana.security.admin_user | quote }} - admin_password: {{ .Values.grafana.security.admin_password | quote }} + ingress: metadata: annotations: diff --git a/charts/motel-mothership/templates/grafana/logs-datasource.yaml b/charts/motel-mothership/templates/grafana/logs-datasource.yaml index ec5b0aa..690b969 100644 --- a/charts/motel-mothership/templates/grafana/logs-datasource.yaml +++ b/charts/motel-mothership/templates/grafana/logs-datasource.yaml @@ -1,27 +1,4 @@ {{- if .Values.grafana.enabled }} -apiVersion: grafana.integreatly.org/v1beta1 -kind: GrafanaDatasource -metadata: - labels: - app.kubernetes.io/managed-by: Helm - name: victorialogs - namespace: {{ $.Release.Namespace }} -spec: - datasource: - access: proxy - isDefault: false - name: victorialogs - type: "victoriametrics-logs-datasource" - url: "http://vmselect-cluster.{{ .Release.Namespace }}:8481" - basicAuth: true - basicAuthUser: motel - secureJsonData: - basicAuthPassword: motel - instanceSelector: - matchLabels: - dashboards: grafana - resyncPeriod: 5m ---- {{- range .Values.grafana.logSources }} apiVersion: grafana.integreatly.org/v1beta1 kind: GrafanaDatasource @@ -31,6 +8,17 @@ metadata: name: {{ .name }} namespace: {{ $.Release.Namespace }} spec: + valuesFrom: + - targetPath: "basicAuthUser" + valueFrom: + secretKeyRef: + key: {{ .auth.username_key | default "GF_SECURITY_ADMIN_USER" }} + name: {{ .auth.credentials_secret_name }} + - targetPath: "secureJsonData.basicAuthPassword" + valueFrom: + secretKeyRef: + key: {{ .auth.password_key | default "GF_SECURITY_ADMIN_PASSWORD" }} + name: {{ .auth.credentials_secret_name }} datasource: access: proxy isDefault: false @@ -38,9 +26,6 @@ spec: type: {{ .type | default "victoriametrics-logs-datasource" }} url: {{ .url }} basicAuth: true - basicAuthUser: {{ .auth.username | quote }} - secureJsonData: - basicAuthPassword: {{ .auth.password | quote }} instanceSelector: matchLabels: dashboards: grafana diff --git a/charts/motel-mothership/templates/promxy/_helpers.tpl b/charts/motel-mothership/templates/promxy/_helpers.tpl index 9aafe9e..f86f60b 100644 --- a/charts/motel-mothership/templates/promxy/_helpers.tpl +++ b/charts/motel-mothership/templates/promxy/_helpers.tpl @@ -63,11 +63,11 @@ Create the name of the service account to use {{- end -}} {{/* -Defins the name of configmap +Defins the name of secret */}} -{{- define "chart.configname" -}} -{{- if .Values.promxy.configMap -}} -{{- .Values.promxy.configMap -}} +{{- define "chart.secretname" -}} +{{- if .Values.promxy.secret -}} +{{- .Values.promxy.secret -}} {{- else -}} {{- include "chart.fullname" . -}}-promxy-config {{- end -}} diff --git a/charts/motel-mothership/templates/promxy/deployment.yaml b/charts/motel-mothership/templates/promxy/deployment.yaml index e368d71..135a7ac 100644 --- a/charts/motel-mothership/templates/promxy/deployment.yaml +++ b/charts/motel-mothership/templates/promxy/deployment.yaml @@ -113,6 +113,6 @@ spec: memory: 20Mi volumes: - name: config - configMap: - name: {{ include "chart.configname" .}} + secret: + secretName: {{ include "chart.secretname" .}} {{- end }} diff --git a/charts/motel-mothership/templates/promxy/configmap.yaml b/charts/motel-mothership/templates/promxy/secret.yaml similarity index 68% rename from charts/motel-mothership/templates/promxy/configmap.yaml rename to charts/motel-mothership/templates/promxy/secret.yaml index fc54393..7182c8e 100644 --- a/charts/motel-mothership/templates/promxy/configmap.yaml +++ b/charts/motel-mothership/templates/promxy/secret.yaml @@ -1,15 +1,15 @@ -{{- if eq .Values.promxy.configMap "" }} +{{- if eq .Values.promxy.secret "" }} apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: - name: {{ include "chart.configname" . }} + name: {{ include "chart.secretname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "chart.labels" . | nindent 4 }} {{- if .Values.promxy.extraLabels }} {{ toYaml .Values.promxy.extraLabels | nindent 4 }} {{- end }} -data: +stringData: config.yaml: | global: evaluation_interval: 5s @@ -32,9 +32,12 @@ data: tls_config: insecure_skip_verify: true basic_auth: - username: {{ .auth.username | quote }} - password: {{ .auth.password | quote }} +{{- $secret := (lookup "v1" "Secret" $.Release.Namespace .auth.credentials_secret_name) }} +{{- if $secret }} + username: {{ index $secret.data (.auth.username_key | default "GF_SECURITY_ADMIN_USER") | b64dec | quote }} + password: {{ index $secret.data (.auth.password_key | default "GF_SECURITY_ADMIN_PASSWORD") | b64dec | quote }} +{{- end }} labels: promxyCluster: {{ .clusterName | quote }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/motel-mothership/values.yaml b/charts/motel-mothership/values.yaml index 9fbc100..7372707 100644 --- a/charts/motel-mothership/values.yaml +++ b/charts/motel-mothership/values.yaml @@ -38,17 +38,14 @@ grafana: url: https://vmauth.hmc0.example.net/vls type: victoriametrics-logs-datasource auth: - username: motel - password: motel + credentials_secret_name: grafana-admin-credentials - name: hmc1-logs url: https://vmauth.hmc1.example.net/vls type: victoriametrics-logs-datasource auth: - username: motel - password: motel + credentials_secret_name: grafana-admin-credentials security: - admin_user: motel - admin_password: motel + credentials_secret_name: grafana-admin-credentials victoria-metrics-operator: enabled: true crds: @@ -94,7 +91,7 @@ promxy: memory: 128Mi extraArgs: log-level: "info" - configMap: "" + secret: "" config: remoteWriteUrl: http://vminsert-cluster:8480/insert/0/prometheus/api/v1/write serverGroups: @@ -102,11 +99,9 @@ promxy: targets: - vmauth.hmc0.example.net:443 auth: - username: motel - password: motel + credentials_secret_name: grafana-admin-credentials - clusterName: hmc1 targets: - vmauth.hmc1.example.net:443 auth: - username: motel - password: motel + credentials_secret_name: grafana-admin-credentials diff --git a/charts/motel-storage/templates/grafana/grafana.yaml b/charts/motel-storage/templates/grafana/grafana.yaml index b47b84c..881ba5f 100644 --- a/charts/motel-storage/templates/grafana/grafana.yaml +++ b/charts/motel-storage/templates/grafana/grafana.yaml @@ -48,12 +48,22 @@ spec: - name: grafana-data persistentVolumeClaim: claimName: grafana-vm-pvc + containers: + - name: grafana + env: + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + key: GF_SECURITY_ADMIN_USER + name: {{ .Values.grafana.security.credentials_secret_name }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: GF_SECURITY_ADMIN_PASSWORD + name: {{ .Values.grafana.security.credentials_secret_name }} config: plugins: allow_loading_unsigned_plugins: victoriametrics-datasource,victoriametrics-logs-datasource - security: - admin_user: {{ .Values.grafana.security.admin_user | quote }} - admin_password: {{ .Values.grafana.security.admin_password | quote }} {{- if .Values.grafana.ingress.enabled }} ingress: metadata: diff --git a/charts/motel-storage/templates/victoria/vmuser-creds.yaml b/charts/motel-storage/templates/victoria/vmuser-creds.yaml deleted file mode 100644 index e26c4dc..0000000 --- a/charts/motel-storage/templates/victoria/vmuser-creds.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.victoriametrics.enabled }} -{{- if .Values.victoriametrics.vmauth.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: vmuser-creds - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - password: {{ .Values.victoriametrics.vmauth.credentials.password | default "motel" }} -{{- end }} -{{- end }} diff --git a/charts/motel-storage/templates/victoria/vmuser.yaml b/charts/motel-storage/templates/victoria/vmuser.yaml index c87dddd..66d7bd5 100644 --- a/charts/motel-storage/templates/victoria/vmuser.yaml +++ b/charts/motel-storage/templates/victoria/vmuser.yaml @@ -24,7 +24,7 @@ spec: url: http://vminsert-cluster.{{ .Release.Namespace }}.svc:8480 username: {{ .Values.victoriametrics.vmauth.credentials.username | default "motel" }} passwordRef: - key: password - name: vmuser-creds + key: {{ .Values.victoriametrics.vmauth.credentials.password_key | default "password" }} + name: {{ .Values.victoriametrics.vmauth.credentials.password_secret_name }} {{- end }} {{- end }} diff --git a/charts/motel-storage/values.yaml b/charts/motel-storage/values.yaml index faf194e..103456f 100644 --- a/charts/motel-storage/values.yaml +++ b/charts/motel-storage/values.yaml @@ -25,8 +25,9 @@ victoriametrics: vmauth: enabled: true credentials: + password_secret_name: grafana-admin-credentials + password_key: "GF_SECURITY_ADMIN_PASSWORD" username: motel - password: motel ingress: host: vmauth.hmc0.example.net vmcluster: @@ -47,8 +48,7 @@ grafana: alerts: enabled: true security: - admin_user: motel - admin_password: motel + credentials_secret_name: grafana-admin-credentials ingress: enabled: true host: grafana.hmc0.example.net diff --git a/demo/cluster/aws-managed.yaml b/demo/cluster/aws-managed.yaml index 64e28a9..b36aa38 100644 --- a/demo/cluster/aws-managed.yaml +++ b/demo/cluster/aws-managed.yaml @@ -41,10 +41,21 @@ spec: enabled: true opencost: prometheus: + existingSecretName: grafana-admin-credentials + username_key: GF_SECURITY_ADMIN_USER + password_key: GF_SECURITY_ADMIN_PASSWORD external: url: "https://vmauth.storage0.example.net/vm/select/0/prometheus" exporter: defaultClusterId: "aws-managed0" motel: - logs_endpoint: https://vmauth.storage0.example.net/vls/insert/opentelemetry/v1/logs - metrics_endpoint: https://vmauth.storage0.example.net/vm/insert/0/prometheus/api/v1/write + logs: + credentials_secret_name: grafana-admin-credentials + username_key: GF_SECURITY_ADMIN_USER + password_key: GF_SECURITY_ADMIN_PASSWORD + endpoint: https://vmauth.storage0.example.net/vls/insert/opentelemetry/v1/logs + metrics: + credentials_secret_name: grafana-admin-credentials + username_key: GF_SECURITY_ADMIN_USER + password_key: GF_SECURITY_ADMIN_PASSWORD + endpoint: https://vmauth.storage0.example.net/vm/insert/0/prometheus/api/v1/write diff --git a/demo/cluster/aws-storage.yaml b/demo/cluster/aws-storage.yaml index 89b1f3c..0c97719 100644 --- a/demo/cluster/aws-storage.yaml +++ b/demo/cluster/aws-storage.yaml @@ -39,11 +39,13 @@ spec: vmauth: ingress: host: vmauth.storage0.example.net - credentials: - username: motel - password: motel + security: + password_secret_name: grafana-admin-credentials + password_key: "GF_SECURITY_ADMIN_PASSWORD" grafana: ingress: host: grafana.storage0.example.net + security: + credentials_secret_name: grafana-admin-credentials cert-manager: email: mail@example.net diff --git a/demo/demo-mothership-values.yaml b/demo/demo-mothership-values.yaml index 484a7fa..f5527eb 100644 --- a/demo/demo-mothership-values.yaml +++ b/demo/demo-mothership-values.yaml @@ -25,11 +25,11 @@ grafana: url: https://vmauth.hmc0.example.net/vls type: victorialogs-datasource auth: - username: motel - password: motel + credentials_secret_name: vmauth-credentials + username_key: "username" + password_key: "password" security: - admin_user: motel - admin_password: motel + credentials_secret_name: grafana-admin-credentials victoria-metrics-operator: enabled: true crds: @@ -76,7 +76,7 @@ promxy: memory: 128Mi extraArgs: log-level: "info" - configMap: "" + secret: "" config: remoteWriteUrl: http://vminsert-cluster:8480/insert/0/prometheus/api/v1/write serverGroups: @@ -84,6 +84,6 @@ promxy: targets: - vmauth.hmc0.example.net:443 auth: - username: motel - password: motel - + credentials_secret_name: vmauth-credentials + username_key: "username" + password_key: "password"