68 lines
1.6 KiB
YAML
68 lines
1.6 KiB
YAML
---
|
||
# Basic Auth Secret для защиты Loki
|
||
apiVersion: v1
|
||
kind: Secret
|
||
metadata:
|
||
name: loki-basic-auth
|
||
namespace: loki
|
||
type: Opaque
|
||
stringData:
|
||
# Username: admin
|
||
# Password: lokipass123
|
||
# Сгенерировано с помощью: htpasswd -nb admin lokipass123
|
||
users: |
|
||
admin:$apr1$8jGXMp0X$xR7yGcZqz.pPJY4IaGQ0n0
|
||
|
||
---
|
||
# Traefik Middleware для Basic Auth
|
||
apiVersion: traefik.containo.us/v1alpha1
|
||
kind: Middleware
|
||
metadata:
|
||
name: loki-auth
|
||
namespace: loki
|
||
spec:
|
||
basicAuth:
|
||
secret: loki-basic-auth
|
||
removeHeader: true
|
||
|
||
---
|
||
# Ingress для Loki с HTTPS и аутентификацией
|
||
apiVersion: networking.k8s.io/v1
|
||
kind: Ingress
|
||
metadata:
|
||
name: loki-ingress
|
||
namespace: loki
|
||
annotations:
|
||
# Использовать Traefik ingress controller
|
||
kubernetes.io/ingress.class: traefik
|
||
|
||
# Let's Encrypt сертификат
|
||
cert-manager.io/cluster-issuer: letsencrypt-http
|
||
cert-manager.io/acme-challenge-type: http01
|
||
|
||
# Применить Basic Auth middleware
|
||
traefik.ingress.kubernetes.io/router.middlewares: loki-loki-auth@kubernetescrd
|
||
|
||
# Entry points (http и https)
|
||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||
labels:
|
||
app.kubernetes.io/name: loki
|
||
argocd.argoproj.io/instance: loki
|
||
spec:
|
||
ingressClassName: traefik
|
||
rules:
|
||
- host: loki.thedevops.dev
|
||
http:
|
||
paths:
|
||
- path: /
|
||
pathType: Prefix
|
||
backend:
|
||
service:
|
||
name: loki
|
||
port:
|
||
number: 3100
|
||
tls:
|
||
- hosts:
|
||
- loki.thedevops.dev
|
||
secretName: loki-tls
|