Type: application Version: 0.8.1 Artifact Hub Slack

Victoria Metrics Auth - is a simple auth proxy and router for VictoriaMetrics.

Prerequisites #

  • Install the follow packages: git, kubectl, helm, helm-docs. See this tutorial.

How to install #

Access a Kubernetes cluster.

Setup chart repository (can be omitted for OCI repositories) #

Add a chart helm repository with follow commands:

helm repo add vm https://victoriametrics.github.io/helm-charts/

helm repo update

List versions of vm/victoria-metrics-auth chart available to installation:

helm search repo vm/victoria-metrics-auth -l

Install victoria-metrics-auth chart #

Export default values of victoria-metrics-auth chart to file values.yaml:

  • For HTTPS repository

    helm show values vm/victoria-metrics-auth > values.yaml
    
  • For OCI repository

    helm show values oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-auth > values.yaml
    

Change the values according to the need of the environment in values.yaml file.

Test the installation with command:

  • For HTTPS repository

    helm install vma vm/victoria-metrics-auth -f values.yaml -n NAMESPACE --debug --dry-run
    
  • For OCI repository

    helm install vma oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-auth -f values.yaml -n NAMESPACE --debug --dry-run
    

Install chart with command:

  • For HTTPS repository

    helm install vma vm/victoria-metrics-auth -f values.yaml -n NAMESPACE
    
  • For OCI repository

    helm install vma oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-auth -f values.yaml -n NAMESPACE
    

Get the pods lists by running this commands:

kubectl get pods -A | grep 'vma'

Get the application by running this command:

helm list -f vma -n NAMESPACE

See the history of versions of vma application with command.

helm history vma -n NAMESPACE

How to uninstall #

Remove application with command.

helm uninstall vma -n NAMESPACE

Documentation of Helm Chart #

Install helm-docs following the instructions on this tutorial.

Generate docs with helm-docs command.

cd charts/victoria-metrics-auth

helm-docs

The markdown generation is entirely go template driven. The tool parses metadata from charts and generates a number of sub-templates that can be referenced in a template file (by default README.md.gotmpl). If no template file is provided, the tool has a default internal template that will generate a reasonably formatted README.

Parameters #

The following tables lists the configurable parameters of the chart and their default values.

Change the values according to the need of the environment in victoria-metrics-auth/values.yaml file.

KeyTypeDefaultDescription
affinityobject
{}

Affinity configurations

annotationsobject
{}

Annotations to be added to the deployment

configstring
null

Config file content.

containerWorkingDirstring
/

envlist
[]

Additional environment variables (ex.: secret tokens, flags). Check here for details

envFromlist
[]

Specify alternative source for env variables

extraArgsobject
envflag.enable: true
envflag.prefix: VM_
httpListenAddr: :8427
loggerFormat: json

Extra command line arguments for container of component

extraContainerslist
[]

Extra containers to run in a pod with vmauth

extraHostPathMountslist
[]

Additional hostPath mounts

extraLabelsobject
{}

Labels to be added to the deployment

extraObjectslist
[]

Add extra specs dynamically to this chart

extraVolumeMountslist
[]

Extra Volume Mounts for the container

extraVolumeslist
[]

Extra Volumes for the pod

fullnameOverridestring
""

Override resources fullname

global.cluster.dnsDomainstring
cluster.local.

K8s cluster domain suffix, uses for building storage pods’ FQDN. Details are here

global.compatibilityobject
openshift:
    adaptSecurityContext: auto

Openshift security context compatibility configuration

global.image.registrystring
""

Image registry, that can be shared across multiple helm charts

global.imagePullSecretslist
[]

Image pull secrets, that can be shared across multiple helm charts

image.pullPolicystring
IfNotPresent

Pull policy of Docker image

image.registrystring
""

Image registry

image.repositorystring
victoriametrics/vmauth

Victoria Metrics Auth Docker repository and image name

image.tagstring
""

Tag of Docker image

image.variantstring
""

Variant of the image to use. e.g. enterprise, scratch

imagePullSecretslist
[]

Image pull secrets

ingress.annotationsobject
{}

Ingress annotations

ingress.enabledbool
false

Enable deployment of ingress for vmauth component

ingress.extraLabelsobject
{}

Ingress extra labels

ingress.hostslist
- name: vmauth.local
  path:
    - /
  port: http

Array of host objects

ingress.ingressClassNamestring
""

Ingress controller class name

ingress.pathTypestring
Prefix

Ingress path type

ingress.tlslist
[]

Array of TLS objects

ingressInternal.annotationsobject
{}

Ingress annotations

ingressInternal.enabledbool
false

Enable deployment of internal ingress for vmauth component

ingressInternal.extraLabelsobject
{}

Ingress extra labels

ingressInternal.hostslist
- name: vmauth.local
  path:
    - /
  port: http

Array of host objects

ingressInternal.ingressClassNamestring
""

Ingress controller class name

ingressInternal.pathTypestring
Prefix

Ingress path type

ingressInternal.tlslist
[]

Array of TLS objects

initContainerslist
[]

Init containers for vmauth

licenseobject
key: ""
secret:
    key: ""
    name: ""

Enterprise license key configuration for VictoriaMetrics enterprise. Required only for VictoriaMetrics enterprise. Check docs here, for more information, visit site. Request a trial license here Supported starting from VictoriaMetrics v1.94.0

license.keystring
""

License key

license.secretobject
key: ""
name: ""

Use existing secret with license key

license.secret.keystring
""

Key in secret with license key

license.secret.namestring
""

Existing secret name

nameOverridestring
""

Override chart name

nodeSelectorobject
{}

NodeSelector configurations. Check here for details

podAnnotationsobject
{}

Annotations to be added to pod

podDisruptionBudgetobject
enabled: false
labels: {}

See kubectl explain poddisruptionbudget.spec for more. Official guide is here

podLabelsobject
{}

Labels to be added to pod

podSecurityContextobject
enabled: true

Pod’s security context. Details are here

probe.livenessobject
initialDelaySeconds: 5
periodSeconds: 15
tcpSocket: {}
timeoutSeconds: 5

Liveness probe

probe.readinessobject
initialDelaySeconds: 5
periodSeconds: 15
tcpSocket: {}

Readiness probe

probe.startupobject
{}

Startup probe

replicaCountint
1

Number of replicas of vmauth

resourcesobject
{}

We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after resources:.

secretNamestring
""

Use existing secret if specified otherwise .config values will be used. Check here for details. Configuration in the given secret must be stored under auth.yml key.

securityContextobject
enabled: true

Container security context. Check here for details.

service.annotationsobject
{}

Service annotations

service.clusterIPstring
""

Service ClusterIP

service.enabledbool
true

Enable vmauth service

service.externalIPslist
[]

Service external IPs. Check here for details

service.externalTrafficPolicystring
""

Service external traffic policy. Check here for details

service.extraLabelsobject
{}

Service labels

service.healthCheckNodePortstring
""

Health check node port for a service. Check here for details

service.ipFamilieslist
[]

List of service IP families. Check here for details.

service.ipFamilyPolicystring
""

Service IP family policy. Check here for details.

service.loadBalancerIPstring
""

Service load balancer IP

service.loadBalancerSourceRangeslist
[]

Load balancer source range

service.servicePortint
8427

Service port

service.typestring
ClusterIP

Service type

serviceAccount.annotationsobject
{}

Annotations to add to the service account

serviceAccount.createbool
true

Specifies whether a service account should be created

serviceAccount.namestring
null

The name of the service account to use. If not set and create is true, a name is generated using the fullname template

serviceMonitor.annotationsobject
{}

Service Monitor annotations

serviceMonitor.basicAuthobject
{}

Basic auth params for Service Monitor

serviceMonitor.enabledbool
false

Enable deployment of Service Monitor for server component. This is Prometheus operator object

serviceMonitor.extraLabelsobject
{}

Service Monitor labels

serviceMonitor.metricRelabelingslist
[]

Service Monitor metricRelabelings

serviceMonitor.relabelingslist
[]

Service Monitor relabelings

tolerationslist
[]

Tolerations configurations. Check here for details