Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loki helm chart - extra-containers #908

Closed
angelbarrera92 opened this issue Aug 18, 2019 · 2 comments · Fixed by #909
Closed

Loki helm chart - extra-containers #908

angelbarrera92 opened this issue Aug 18, 2019 · 2 comments · Fixed by #909

Comments

@angelbarrera92
Copy link
Contributor

Hi.

I was looking for a solution to deploy loki in a multi-tenant way. Documentation exposes that an auth_enabled flag has to be set up to true. But, it needs a reverse proxy to inject some headers along with the authentication layer.

I made a POC modifying a rendered loki helm chart template and i think that making available the possibility to add extra-containers, extra-volumes and extra service ports could make it easy to deploy loki in a multi-tenant way. Something similar to nginx ingress controller chart from bitnami -> https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values-production.yaml#L223

I think it may be a non-intrusive solution and may be helpful to implement multi-tenant solutions.

I'll paste part of the modification i tested:

partial statefulset.yaml

        
    spec:
      serviceAccountName: loki
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
        
      containers:
        - name: reverse-proxy
          image: angelbarrera92/basic-auth-reverse-proxy:dev
          args:
            - "serve"
            - "--upstream=http://localhost:3100"
            - "--auth-config=/etc/reverse-proxy-conf/authn.yaml"
          ports:
            - name: http
              containerPort: 11811
              protocol: TCP
          volumeMounts:
            - name: reverse-proxy-auth-config
              mountPath: /etc/reverse-proxy-conf
        - name: loki
          image: "grafana/loki:v0.2.0"
          imagePullPolicy: Always
          args:
            - "-config.file=/etc/loki/loki.yaml"
          volumeMounts:
            - name: config
              mountPath: /etc/loki

Added a sidecar container with a basic golang reverse proxy (we can discuss it later if you want).

partial service.yaml

spec:
  type: ClusterIP
  ports:
    - port: 3100
      protocol: TCP
      name: http-metrics
      targetPort: http-metrics
    - port: 11811
      protocol: TCP
      name: http
      targetPort: http
  selector:
    app: loki
    release: loki

partial service-headless.yaml

spec:
  clusterIP: None
  ports:
    - port: 3100
      protocol: TCP
      name: http-metrics
      targetPort: http-metrics
    - port: 11811
      protocol: TCP
      name: http
      targetPort: http
  selector:
    app: loki
    release: loki

Both services add the sidecar port.

I can make a PR for this ;)

Thanks!
@angelbarrera92 angelbarrera92 mentioned this issue Aug 18, 2019
Merged
1 task
@stale
Copy link

stale bot commented Sep 17, 2019

This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale A stale issue or PR that will automatically be closed. label Sep 17, 2019
@angelbarrera92
Copy link
Contributor Author

Up!

@stale stale bot removed the stale A stale issue or PR that will automatically be closed. label Sep 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature: Add extra containers to loki helm chart
2 participants
@cyriltovena @angelbarrera92