enabled authorized access to vlogs and vmetrics

2025-06-02 14:21:31 +02:00 · 2025-06-02 14:21:31 +02:00 · fc34fb4ee6
commit fc34fb4ee6
parent 32bb201e82
4 changed files with 12 additions and 19 deletions
--- a/template/stacks/core/vector/values.yaml
+++ b/template/stacks/core/vector/values.yaml
@ -39,7 +39,11 @@ customConfig:
      type: elasticsearch
      inputs: [parser]
      endpoints: 
-        - http://vlogs-victorialogs:9428/insert/elasticsearch/
+        - https://o12y.observability.think-ahead.cloud/insert/elasticsearch/
+      auth:
+        strategy: basic
+        user: simple-user
+        password: simple-password  
      mode: bulk
      api_version: v8
      compression: gzip
--- a/template/stacks/observability/victoria-k8s-stack.yaml
+++ b/template/stacks/observability/victoria-k8s-stack.yaml
@ -19,7 +19,7 @@ spec:
    - chart: victoria-metrics-k8s-stack
      repoURL: https://victoriametrics.github.io/helm-charts/
      targetRevision: 0.48.1
-      releaseName: victoria
+      releaseName: vm
      helm:
        valueFiles:
          - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/observability/victoria-k8s-stack/values.yaml
--- a/template/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml
@ -11,9 +11,9 @@ spec:
        kind: VMSingle
        name: victoria-k8s-stack-victoria-metrics-k8s-stack
        namespace: observability
-      paths: ["/.*"]
+      paths: ["/api/v1/write/.*"]
    - crd:
        kind: VLogs
        name: victorialogs
        namespace: observability
-      paths: ["/.*"]  
+      paths: ["/insert/elasticsearch/.*"]
--- a/template/stacks/observability/victoria-k8s-stack/values.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/values.yaml
@ -763,23 +763,12 @@ vmauth:
      annotations:
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
        cert-manager.io/cluster-issuer: main
-      host: o12y.penguin-observability.think-ahead.cloud
+      host: o12y.{{{ .Env.DOMAIN }}}
      tlsHosts:
-        - o12y.penguin-observability.think-ahead.cloud
+        - o12y.{{{ .Env.DOMAIN }}}
      tlsSecretName: vmauth-tls-secret
-    unauthorizedUserAccessSpec:
-      # -- Flag, that allows to disable default VMAuth unauthorized user access config
-      disabled: false
-      discover_backend_ips: true
-      url_map:
-        - src_paths:
-            - '/insert/elasticsearch/.*'
-          url_prefix:
-            - 'http://vlogs-victorialogs:9428'
-        - src_paths:
-            - '/api/v1/write/.*'
-          url_prefix:
-            - 'http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8428'  
+    unauthorizedUserAccessSpec: {}
+    selectAllByDefault: true

 vmagent:
  # -- Create VMAgent CR