From b85609e5ef9f287646a5c136e2205abdf1e0c678 Mon Sep 17 00:00:00 2001 From: Arjen van der Have Date: Thu, 25 Apr 2019 21:21:58 +0200 Subject: [PATCH] Configurable Loki scheme in helm file, with optional basic auth (#494) * Make Loki url scheme configurable and add optional authentication in helm chart * Added help text in README and changed propery names based on code review --- production/helm/README.md | 38 +++++++++++++++++++ production/helm/loki-stack/Chart.yaml | 2 +- production/helm/promtail/Chart.yaml | 2 +- .../helm/promtail/templates/daemonset.yaml | 6 ++- production/helm/promtail/values.yaml | 3 ++ 5 files changed, 48 insertions(+), 3 deletions(-) diff --git a/production/helm/README.md b/production/helm/README.md index 833a1325eeaa7..59e5b39b123b1 100644 --- a/production/helm/README.md +++ b/production/helm/README.md @@ -56,3 +56,41 @@ $ kubectl port-forward --namespace service/loki-grafana 3000:80 Navigate to http://localhost:3000 and login with `admin` and the password output above. Then follow the [instructions for adding the loki datasource](/docs/usage.md), using the URL `http://loki:3100/`. + +## Run Loki behind https ingress + +If Loki and Promtail are deployed on different clusters you can add an Ingress in front of Loki. +By adding a certificate you create an https endpoint. For extra security enable basic authentication on the Ingress. + +In promtail set the following values to communicate with https and basic auth + +``` +loki: + serviceScheme: https + user: user + password: pass +``` + +Sample helm template for ingress: +``` +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: +annotations: + kubernetes.io/ingress.class: {{ .Values.ingress.class }} + ingress.kubernetes.io/auth-type: "basic" + ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basic.secret }} +name: loki +spec: +rules: +- host: {{ .Values.ingress.host }} + http: + paths: + - backend: + serviceName: loki + servicePort: 3100 +tls: +- secretName: {{ .Values.ingress.cert }} + hosts: + - {{ .Values.ingress.host }} +``` diff --git a/production/helm/loki-stack/Chart.yaml b/production/helm/loki-stack/Chart.yaml index b0c5c29176ecb..20802571051e0 100644 --- a/production/helm/loki-stack/Chart.yaml +++ b/production/helm/loki-stack/Chart.yaml @@ -1,5 +1,5 @@ name: loki-stack -version: 0.7.0 +version: 0.7.1 appVersion: 0.0.1 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." diff --git a/production/helm/promtail/Chart.yaml b/production/helm/promtail/Chart.yaml index bc60af652de35..8f3ea952a3f9b 100644 --- a/production/helm/promtail/Chart.yaml +++ b/production/helm/promtail/Chart.yaml @@ -1,5 +1,5 @@ name: promtail -version: 0.6.2 +version: 0.6.3 appVersion: 0.0.1 kubeVersion: "^1.10.0-0" description: "Responsible for gathering logs and sending them to Loki" diff --git a/production/helm/promtail/templates/daemonset.yaml b/production/helm/promtail/templates/daemonset.yaml index 8664ce8e84538..f800bc3e8e9cf 100644 --- a/production/helm/promtail/templates/daemonset.yaml +++ b/production/helm/promtail/templates/daemonset.yaml @@ -40,7 +40,11 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} args: - "-config.file=/etc/promtail/promtail.yaml" - - "-client.url=http://{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}/api/prom/push" + {{- if and .Values.loki.user .Values.loki.password }} + - "-client.url={{ .Values.loki.serviceScheme }}://{{ .Values.loki.user }}:{{ .Values.loki.password }}@{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}/api/prom/push" + {{- else }} + - "-client.url={{ .Values.loki.serviceScheme }}://{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}/api/prom/push" + {{- end }} volumeMounts: - name: config mountPath: /etc/promtail diff --git a/production/helm/promtail/values.yaml b/production/helm/promtail/values.yaml index c58c23ac4a2c9..8c77f41ceb574 100644 --- a/production/helm/promtail/values.yaml +++ b/production/helm/promtail/values.yaml @@ -18,6 +18,9 @@ livenessProbe: {} loki: serviceName: "" # Defaults to "${RELEASE}-loki" if not set servicePort: 3100 + serviceScheme: http + # user: user + # password: pass nameOverride: promtail