Victoria Metrics Auth - is a simple auth proxy and router for VictoriaMetrics.
Prerequisites #
- Install the follow packages:
git,kubectl,helm,helm-docs. See this tutorial.
How to install #
Access a Kubernetes cluster.
Setup chart repository (can be omitted for OCI repositories) #
Add a chart helm repository with follow commands:
helm repo add vm https://victoriametrics.github.io/helm-charts/
helm repo update
List versions of vm/victoria-metrics-auth chart available to installation:
helm search repo vm/victoria-metrics-auth -l
Install victoria-metrics-auth chart
#
Export default values of victoria-metrics-auth chart to file values.yaml:
For HTTPS repository
helm show values vm/victoria-metrics-auth > values.yamlFor OCI repository
helm show values oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-auth > values.yaml
Change the values according to the need of the environment in values.yaml file.
Test the installation with command:
For HTTPS repository
helm install vma vm/victoria-metrics-auth -f values.yaml -n NAMESPACE --debug --dry-runFor OCI repository
helm install vma oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-auth -f values.yaml -n NAMESPACE --debug --dry-run
Install chart with command:
For HTTPS repository
helm install vma vm/victoria-metrics-auth -f values.yaml -n NAMESPACEFor OCI repository
helm install vma oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-auth -f values.yaml -n NAMESPACE
Get the pods lists by running this commands:
kubectl get pods -A | grep 'vma'
Get the application by running this command:
helm list -f vma -n NAMESPACE
See the history of versions of vma application with command.
helm history vma -n NAMESPACE
How to uninstall #
Remove application with command.
helm uninstall vma -n NAMESPACE
Documentation of Helm Chart #
Install helm-docs following the instructions on this tutorial.
Generate docs with helm-docs command.
cd charts/victoria-metrics-auth
helm-docs
The markdown generation is entirely go template driven. The tool parses metadata from charts and generates a number of sub-templates that can be referenced in a template file (by default README.md.gotmpl). If no template file is provided, the tool has a default internal template that will generate a reasonably formatted README.
Parameters #
The following tables lists the configurable parameters of the chart and their default values.
Change the values according to the need of the environment in victoria-metrics-auth/values.yaml file.
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object |
| Affinity configurations |
| annotations | object |
| Annotations to be added to the deployment |
| config | string |
| Config file content. |
| containerWorkingDir | string |
| |
| env | list |
| Additional environment variables (ex.: secret tokens, flags). Check here for details |
| envFrom | list |
| Specify alternative source for env variables |
| extraArgs | object |
| Extra command line arguments for container of component |
| extraContainers | list |
| Extra containers to run in a pod with vmauth |
| extraHostPathMounts | list |
| Additional hostPath mounts |
| extraLabels | object |
| Labels to be added to the deployment |
| extraObjects | list |
| Add extra specs dynamically to this chart |
| extraVolumeMounts | list |
| Extra Volume Mounts for the container |
| extraVolumes | list |
| Extra Volumes for the pod |
| fullnameOverride | string |
| Full name prefix override |
| global.cluster.dnsDomain | string |
| K8s cluster domain suffix, uses for building storage pods’ FQDN. Details are here |
| global.compatibility | object |
| Openshift security context compatibility configuration |
| global.image.registry | string |
| Image registry, that can be shared across multiple helm charts |
| global.imagePullSecrets | list |
| Image pull secrets, that can be shared across multiple helm charts |
| image.pullPolicy | string |
| Pull policy of Docker image |
| image.registry | string |
| Image registry |
| image.repository | string |
| Victoria Metrics Auth Docker repository and image name |
| image.tag | string |
| Tag of Docker image |
| image.variant | string |
| Variant of the image to use. e.g. enterprise, scratch |
| imagePullSecrets | list |
| Image pull secrets |
| ingress.annotations | object |
| Ingress annotations |
| ingress.enabled | bool |
| Enable deployment of ingress for vmauth component |
| ingress.extraLabels | object |
| Ingress extra labels |
| ingress.hosts | list |
| Array of host objects |
| ingress.ingressClassName | string |
| Ingress controller class name |
| ingress.pathType | string |
| Ingress path type |
| ingress.tls | list |
| Array of TLS objects |
| ingressInternal.annotations | object |
| Ingress annotations |
| ingressInternal.enabled | bool |
| Enable deployment of internal ingress for vmauth component |
| ingressInternal.extraLabels | object |
| Ingress extra labels |
| ingressInternal.hosts | list |
| Array of host objects |
| ingressInternal.ingressClassName | string |
| Ingress controller class name |
| ingressInternal.pathType | string |
| Ingress path type |
| ingressInternal.tls | list |
| Array of TLS objects |
| license | object |
| Enterprise license key configuration for VictoriaMetrics enterprise. Required only for VictoriaMetrics enterprise. Check docs here, for more information, visit site. Request a trial license here Supported starting from VictoriaMetrics v1.94.0 |
| license.key | string |
| License key |
| license.secret | object |
| Use existing secret with license key |
| license.secret.key | string |
| Key in secret with license key |
| license.secret.name | string |
| Existing secret name |
| nameOverride | string |
| Full name suffix override |
| nodeSelector | object |
| NodeSelector configurations. Check here for details |
| podAnnotations | object |
| Annotations to be added to pod |
| podDisruptionBudget | object |
| See |
| podLabels | object |
| Labels to be added to pod |
| podSecurityContext | object |
| Pod’s security context. Details are here |
| probe.liveness | object |
| Liveness probe |
| probe.readiness | object |
| Readiness probe |
| probe.startup | object |
| Startup probe |
| replicaCount | int |
| Number of replicas of vmauth |
| resources | object |
| We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after |
| secretName | string |
| Use existing secret if specified otherwise .config values will be used. Check here for details. Configuration in the given secret must be stored under |
| securityContext | object |
| Container security context. Check here for details. |
| service.annotations | object |
| Service annotations |
| service.clusterIP | string |
| Service ClusterIP |
| service.enabled | bool |
| Enable vmauth service |
| service.externalIPs | list |
| Service external IPs. Check here for details |
| service.externalTrafficPolicy | string |
| Service external traffic policy. Check here for details |
| service.extraLabels | object |
| Service labels |
| service.healthCheckNodePort | string |
| Health check node port for a service. Check here for details |
| service.ipFamilies | list |
| List of service IP families. Check here for details. |
| service.ipFamilyPolicy | string |
| Service IP family policy. Check here for details. |
| service.loadBalancerIP | string |
| Service load balacner IP |
| service.loadBalancerSourceRanges | list |
| Load balancer source range |
| service.servicePort | int |
| Service port |
| service.type | string |
| Service type |
| serviceAccount.annotations | object |
| Annotations to add to the service account |
| serviceAccount.create | bool |
| Specifies whether a service account should be created |
| serviceAccount.name | string |
| The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| serviceMonitor.annotations | object |
| Service Monitor annotations |
| serviceMonitor.basicAuth | object |
| Basic auth params for Service Monitor |
| serviceMonitor.enabled | bool |
| Enable deployment of Service Monitor for server component. This is Prometheus operator object |
| serviceMonitor.extraLabels | object |
| Service Monitor labels |
| serviceMonitor.metricRelabelings | list |
| Service Monitor metricRelabelings |
| serviceMonitor.relabelings | list |
| Service Monitor relabelings |
| tolerations | list |
| Tolerations configurations. Check here for details |