From 51883ea16c385b2429850ab42e1ea8fcba2de468 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 17 Nov 2024 21:56:07 +0100 Subject: [PATCH] Add basic auth to loki --- values/badhouseplants/secrets.tf-ocloud.yaml | 44 -------------------- values/badhouseplants/values.loki.yaml | 31 ++++++++++++++ 2 files changed, 31 insertions(+), 44 deletions(-) delete mode 100644 values/badhouseplants/secrets.tf-ocloud.yaml diff --git a/values/badhouseplants/secrets.tf-ocloud.yaml b/values/badhouseplants/secrets.tf-ocloud.yaml deleted file mode 100644 index 0be9235..0000000 --- a/values/badhouseplants/secrets.tf-ocloud.yaml +++ /dev/null @@ -1,44 +0,0 @@ -env: - main: - enabled: ENC[AES256_GCM,data:VwkiWw==,iv:OPPJaoVzQ4Y8/UbBMWu8tYjRnMRH/15syfTe34tb1mA=,tag:U9RM/c79pbeprPsyUd9HKA==,type:bool] - sensitive: ENC[AES256_GCM,data:eeE37Q==,iv:IsqWwo9L/kgexztNWZ/wSf9pNXtuW/btsPuCfSWyr4A=,tag:uXjfuFT0yJPtOGBX/Ab6DA==,type:bool] - data: - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:MziPbSmnpuWH,iv:+IJXuvmNvWjs/hHNTQXWhrpj7LVx7asvKJXoAyI+YBA=,tag:er8nqrsd1hZPledJzVYicg==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:GDKniDmhYc/Nm7I4Ts4V+DGyZ4d1KURwPg==,iv:JNRm3EsEKPas6xJx94LUaPg+6EEv0xYZxLE6krqxLXU=,tag:wzp5Szzrv4IT3HZTnadycg==,type:str] -files: - ocloudkey: - entries: - key.pem: - data: ENC[AES256_GCM,data:1odAZaJwWTtAl91m8WaMaUu8ifStRi91e2tuQRA3SoDr4dbihLGVTTXKJy5ikl5bGeZAWMzUwZGuFzlqOroufoTc2socuZEmNWDOhjk9llrGRaBcwfCpamixie33zHjO0VZB2jYN99iMMV1EF11u5E/hZKKsRv0+GDniQ1YSICUS14qpNkWH+iMoXgV5u+cNtaM8iC4tHt1PYy5OPFPerAGEq40VC+oentFw9HQzMsTwWs2O6jgGuur81MZUIVd3LvCp+m6Wbe1vEcaCoFIFKoqr2WuDb0Hzr9wryaY0rFTQ1Ay0CSO3FUXcctm+8YqPIzk8NichY5OZniGzHWOUIwlDZFX2lO2lmpGYXb21dV/oxf2EcpbQeoxR7ZjOd51Elw9+B6I/zVOXpkdnQ5h6VwqnNj4FZ0DJ7K9R8J0vGugFUf11mlLJpp+/UUoytn0ikkCS/EU5Sqz8mviYP448nyfcdEYjuGGNeYo9UDdDtpCDj67J/2MLzx76+QMS169ojeNQ4V7Z/zEmhtyJXFDoUmPtnVw9k+knNDmhQvAth04OkpHX1r4YHOOOqoZrnFPG0W5TynAnU2xr790J1gnCxBvTPun2oh2A0IEVhompZ0En4NnDZn/y4FqOitZw6kw6uHUhF/4Czk5OpXdfED4i9PX6jgYGuWYSN7+f2NZFf8gQmOHR5FFRtd3jti0r0lwAyjFv8GfTnEnLOdl6rWp+ZUmXSg0hM0Xux/36CWGnEaVnowYSB6O7CQpY372H/QXLdwv1Cwli81ahaphq21j4fcAC/TdplCzuSNJ8CpOh2mxvgC+gasQtGIud4pOX/jcLKkqS5KOkpCaF+zxZ/tL9wj9FMpS7SnjDGIKg1qh/Q067shFCALCg2rUpsyP93QjVcbrVT4rfVsRiezIYJJ2xQIzyGpDEDOYIy+zGRH4KCcRXcsVD0ffka/0EbyfLnQcmZnm1uOcEGvPD40INukkfigazEsLXjYlXUm4I7cS7yCM4ni4qcWgszGXh/i2d0CQzPb9NmQ4e5DzKFS66PvAS1CNc8KtistTWTiIP8vgdYAk9H1oi3dB2xz8S6or/2LzwGB8DJVTEt1Z5Nxzfew6YQ5itTq5DLg+eGTRR7tfhiVK3AqBOeVu1mHNVfV2Uu7b6w9JW6WYoz4G3DQ+0fGny6TpmCpoD74/jKmENq+gGRsFX/ukykERQWcTYSJU9KcQgmEQxvfRwyHAWIlTz9OF+9EOVYyZ7wWAG1o57LEOCYqds7UfXzOUzXzHo/Dn95fReTupDvYgTWWs8nKtDJZbFr5YDveRnAJCMVpJ54o6qx9ZCLB5C3y18F6yb38kjhFl5ZczxrevRtGK6HhZtsh3t957r8Prqk7zvbL1IQinXruZWU1CLqxZ6otXXXUZiipEx0S/65ctxMLq69ElL8SEUD0N4GLGHOFxX0N4TpEwxIV504UNr+sg0PWwKnDMTSYIGf+qYSdmUL7Dgu6WVGBdsdp42Lhr9MWdcpLramhMpf+S1Wn2AmL/tquwvfrKoTU8B7uhnoexGKpKSJY50UBRWSpb0asypZha/uDzYx8FGtdmIlr+2STBbMbVsIWU0CWoMGT6HAUyvy6NjQ0GslGoeZWwZvChIXCsPZXWNuVWNvMPcYVoFUptj25uRLsiF+YWja1ExuYl+jgvd/q3UtvF9nVGZ+pvLQuUB/B1TiBSraDZYrnBOMr9duC4Axum/yQzjupgG7iqXN9/sA1b/HAkKArf3xly2db2K3WAjF2J76fkMbUgyU28QZGg3AlmstXKe/WUl9bxIJE8y0iDH8VjbEmamFz3WM5V+WZYTxyoHwZs9M0SnnVkU02QbcdocS+3gTdxpM0EVnL0BTV/hIJZ2HfCD+wdM5Z3Y4siEfrfV8sCTXLQmphJsVhAnZJr/lc4DWdGpkOm8ZvuNdB1Z5aXdvdYKEG1j8u/qr07iO8ZoFmQ84Sc7R2bADLbdhX4jJShGHL01pqvcn/L9RdTP5Qgmeuinxy7coN7kinxbJgpC4QAaR5kXZYAGpbEMgbnevGdfwqt4VwU63dxB7NEZWSte4thU2yqRqmIrIl06I+1aCzr5cvI2Sq1gAxeUWHg0eEUBuqIOAFYkZ/O4X/Hb2iDj94KcdnW+0GD75cVCxgx21z/OT8t+OO6nQ2w/cCpFEXyV6AvG7j3nXnWADTxOQR0fDXavcl6dlCxgZ2gfojL1wJKt6Y8804xFZteZv2r0mSowC205cuCM0bqobvQ6e2pZwI7PdRIDIUHarlyfTn735b8mwNIF4AraWA==,iv:cXgBPtQhbhx5GlC5dr5jTKjmjsnYPUNou/89WMZLQWg=,tag:YVCvICRqp3fq5q+cr3r7/A==,type:str] - publickey: - entries: - public-key: - data: ENC[AES256_GCM,data:BN2vLLzL4qVhLHrHjMAz3XZnumftvIIWow5TLnyss8QQrkemdOCyyVJ7mWqAdnFhs52t0b3wSN8qj+SQ+ALieYE3hZYZEDXcEMI3nMIOAI80fxaBEsSTPtMK9idBPN1UQ5gYrlhg,iv:KBospErD3mvdlz5gRSSSfs2kA+QXNbDw7WlNT5P5tXM=,tag:rXmw9Aqrjnxi68ftb3CthQ==,type:str] - privatekey: - entries: - ssh-key: - data: ENC[AES256_GCM,data:Qx7ekDZB6HDLA503TDsXIWAd7tPZHZ8JeB8f45PKL9g8i8fAYHMe9RBS6yr0w6rf6SMEnXE6YSFJAGvEiA8tZJSzgW9otUvEzELDPOhcSRTDFpGysFRx6MYasvs6HD+mLRkIR1Or0WWma4/PtlpntD8TJTAWwmjgofStxG7Igr83YthdrIhZNnOedV7CFIKh40d2DJWLyl2mBMEG8+JwyJAHydQ2KXUPowJtChqWosMaT+t76L4lqDG1d406hCZdNam5nFGQY7JtoO3yp22V57jVqAkGwXJJ7TgsB5swFMHdNJ3oIPzElzwOGWrliDLopwHoYMDxuF3a5KoOmyDB6rY1HJtZFrfSZWsl/4KtRyxiqk5eWH3t6O3eJFzK5u2m1eiT6QyjSZHsBXwKGPsxbcEKrVTQMyJyjdktSYVQj9FnGD/ln6VGyLk5gJZnfhz5any7kuoN0lRwZbQBACvwl46+7Iy2Gp73Va0yKIvUpdpCTznbiXpOhXg9bnlMdWqiL8DLm4fr5E9mIe3UpGhnhuHzxNBmgyFXEZ4BLr3P5urKNLJ18nCmGgr+zChR4ZLT6qNfwssjB0WTJkFfPaSjVkH1J2/QetOdXDlUlO5lJdg=,iv:z5gTaOEBz+6iQRwbQSnKD4MO0OkOks3xZ56Ok7AP1pg=,tag:vHr+q9t0s2ZNqh+CN4azCg==,type:str] - tfvars: - entries: - terraform.tfvars: - data: ENC[AES256_GCM,data:YfjkqEMe53uWudbShVe9bVKMzqKAGePhBFl+pwGBYQxuWUybs6K+N70W9ek14EgvsQqIlFIBmOq1AYMjoZBfzjOP7Ondk4XwEQns8ykgIcy028ZOnUAiEMg+E54xHGvNwUR5V+GTNGVDFv8LltWWdC2Wd2Li1hqbh8o1zoTKr9Z7QrGXof//Jw12GBThuV2kF5zEvDw+29SliiC/lHrdKPWud9ROd9jiiKVpttfGZtB8uInRWrcNZ9987jGSp3jwJ9aH4oef+w29tNvjNZ1q+T1xfFbrcIB5e3NsXKtyQjUUNaFMFTbeapsFKZBbVjFqzA0qSM4adJv7XIMbF4E8nSWmIqw+avOLsk2/HRY7EhJHQgJBVbAkjZYHBnVqYGZTeZKoxl2lq4qn1slkexxrdPaJKDk4i6ebWqYe+BjjEPEILozJaZji0l/q7nrm2QlATi1er1R7IcUb3IeLzzE3G22Fptn3kCgBKd+umNUMbsqNP36Xb63LsNcd2ld7rMmj7lqU1qlrc79ZTEfZmrq/Yuson0iaPXNrBc87CjJ8wz8M2/BcAB5QRFyLYvnKe4z1nFGm9PqLt6DpOicZXowRy81X1fIJjm+xFIhOCDSXMO7NE7Lgngrsp6zD1Nn2j/yql2LsJKnXCegWWTSa8TxzGQh8ejO8dKZFN7dpvg==,iv:od/aU8SKCfZB7wRcQ+pIH3hLIFS9peMGeIOk4vLErI4=,tag:gTm7JS6sgK440dImagT9xw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWDZYeCtRQ3pEZHVrdnU4 - cjBsSnNNTUhRQnAzekFVY1cycmVEMXZnMlZVClZ0dEdRazVxRGVaTWR3TlBWUlJv - eTUxTkpKSjN5V2RyMklUa2dWNlZPbmMKLS0tIDNkZGlBVVJQZlBPR0hQRElsV2t1 - QlAwZGFKNFN3dDRDYUlxaldQTEN1UEUKj/8BcTvOmpu+/FSGtDI9vEPzAX1OG9nY - L5Lq66OoH8e9GG/iye21PrIXbpDWNF/p4jQDMlDtMY8YefNbaoeevQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T17:23:51Z" - mac: ENC[AES256_GCM,data:TEOv6k9fgpXvUxniF8FLbuRHnLP5JAyMEUghaIOYfPqmyvxcxFBItlNLmancFkT/cYmqrSqKJzJkefXxebaLzbUf3DbXyu8jlTjMwnzZWfwpJqPHdkcrxneJJhpPWBgD0lQlnN5XK9OvRe3mApwHYimNksZd9JPi05TXzWOyfng=,iv:AXLBegPqI/4wsfaYSWO6aGxR1zZeBb4RylE9N1L4zIg=,tag:W0w0QSjHBRfjWOZU2qex+w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/values/badhouseplants/values.loki.yaml b/values/badhouseplants/values.loki.yaml index eef6463..b8b4dbf 100644 --- a/values/badhouseplants/values.loki.yaml +++ b/values/badhouseplants/values.loki.yaml @@ -1,3 +1,17 @@ +ext-secret: + enabled: true + name: loki-basic-auth + data: + users: | + loki:$apr1$YmrcEKi7$9SdBV36OV1ZT0NdppklWf/ +middleware: + enabled: true + middlewares: + - name: lokiauth + spec: + basicAuth: + secret: loki-basic-auth + global: dnsService: "coredns" deploymentMode: SingleBinary @@ -55,3 +69,20 @@ bloomCompactor: replicas: 0 bloomGateway: replicas: 0 +ingress: + enabled: true + ingressClassName: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only + traefik.ingress.kubernetes.io/router.middlewares: observability-lokiauth@kubernetescrd + hosts: + - loki.badhouseplants.net + tls: + - secretName: loki.badhouseplants.net + hosts: + - loki.badhouseplants.net