Configurable Loki scheme in helm file, with optional basic auth (graf…

…ana#494) * Make Loki url scheme configurable and add optional authentication in helm chart * Added help text in README and changed propery names based on code review
udyvish · Apr 25, 2019 · b85609e · b85609e
1 parent c1bc17e
commit b85609e
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 3 deletions.
diff --git a/production/helm/README.md b/production/helm/README.md
@@ -56,3 +56,41 @@ $ kubectl port-forward --namespace <YOUR-NAMESPACE> service/loki-grafana 3000:80
 
 Navigate to http://localhost:3000 and login with `admin` and the password output above.
 Then follow the [instructions for adding the loki datasource](/docs/usage.md), using the URL `http://loki:3100/`.
+
+## Run Loki behind https ingress
+
+If Loki and Promtail are deployed on different clusters you can add an Ingress in front of Loki.
+By adding a certificate you create an https endpoint. For extra security enable basic authentication on the Ingress.
+
+In promtail set the following values to communicate with https and basic auth
+
+```
+loki:
+  serviceScheme: https
+  user: user
+  password: pass
+```
+
+Sample helm template for ingress:
+```
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+annotations:
+    kubernetes.io/ingress.class: {{ .Values.ingress.class }}
+    ingress.kubernetes.io/auth-type: "basic"
+    ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basic.secret }}
+name: loki
+spec:
+rules:
+- host: {{ .Values.ingress.host }}
+    http:
+    paths:
+    - backend:
+        serviceName: loki
+        servicePort: 3100
+tls:
+- secretName: {{ .Values.ingress.cert }}
+    hosts:
+    - {{ .Values.ingress.host }}
+```
diff --git a/production/helm/loki-stack/Chart.yaml b/production/helm/loki-stack/Chart.yaml
@@ -1,5 +1,5 @@
 name: loki-stack
-version: 0.7.0
+version: 0.7.1
 appVersion: 0.0.1
 kubeVersion: "^1.10.0-0"
 description: "Loki: like Prometheus, but for logs."

diff --git a/production/helm/promtail/Chart.yaml b/production/helm/promtail/Chart.yaml
@@ -1,5 +1,5 @@
 name: promtail
-version: 0.6.2
+version: 0.6.3
 appVersion: 0.0.1
 kubeVersion: "^1.10.0-0"
 description: "Responsible for gathering logs and sending them to Loki"

diff --git a/production/helm/promtail/templates/daemonset.yaml b/production/helm/promtail/templates/daemonset.yaml
@@ -40,7 +40,11 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - "-config.file=/etc/promtail/promtail.yaml"
-            - "-client.url=http://{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}/api/prom/push"
+            {{- if and .Values.loki.user .Values.loki.password }}
+            - "-client.url={{ .Values.loki.serviceScheme }}://{{ .Values.loki.user }}:{{ .Values.loki.password }}@{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}/api/prom/push"
+            {{- else }}
+            - "-client.url={{ .Values.loki.serviceScheme }}://{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}/api/prom/push"
+            {{- end }}
           volumeMounts:
             - name: config
               mountPath: /etc/promtail

diff --git a/production/helm/promtail/values.yaml b/production/helm/promtail/values.yaml
@@ -18,6 +18,9 @@ livenessProbe: {}
 loki:
   serviceName: "" # Defaults to "${RELEASE}-loki" if not set
   servicePort: 3100
+  serviceScheme: http
+  # user: user
+  # password: pass
 
 nameOverride: promtail