diff --git a/kubernetes/apps/monitoring-dev/victoria-metrics/ingress/admin.yaml b/kubernetes/apps/monitoring-dev/victoria-metrics/ingress/admin.yaml new file mode 100644 index 0000000..74dd0bd --- /dev/null +++ b/kubernetes/apps/monitoring-dev/victoria-metrics/ingress/admin.yaml @@ -0,0 +1,25 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: vmetrics-admin-token + namespace: monitoring-dev +spec: + itemPath: "vaults/Kubernetes/items/vmetrics_admin_token" +--- +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: admin + namespace: monitoring-dev + labels: + vm-user: "admin" +spec: + tokenRef: + name: vmetrics-admin-token + key: token + targetRefs: + - crd: + kind: VMSingle + name: vmetrics-dev + namespace: monitoring-dev + paths: ["/api/v1/admin"] diff --git a/kubernetes/apps/monitoring/victoria-metrics/ingress/admin.yaml b/kubernetes/apps/monitoring/victoria-metrics/ingress/admin.yaml new file mode 100644 index 0000000..65da8a6 --- /dev/null +++ b/kubernetes/apps/monitoring/victoria-metrics/ingress/admin.yaml @@ -0,0 +1,25 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: vmetrics-admin-token + namespace: monitoring +spec: + itemPath: "vaults/Kubernetes/items/vmetrics_admin_token" +--- +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: admin + namespace: monitoring + labels: + vm-user: "admin" +spec: + tokenRef: + name: vmetrics-admin-token + key: token + targetRefs: + - crd: + kind: VMSingle + name: vmetrics + namespace: monitoring + paths: ["/api/v1/admin"] diff --git a/tf/deployment/modules/1password/account/k8s-secrets.tf b/tf/deployment/modules/1password/account/k8s-secrets.tf index f64a70b..0f25faa 100644 --- a/tf/deployment/modules/1password/account/k8s-secrets.tf +++ b/tf/deployment/modules/1password/account/k8s-secrets.tf @@ -62,6 +62,28 @@ resource "onepassword_item" "grafana_admin_credentials" { } } +resource "random_password" "vmetrics_admin_token" { + length = 40 + special = false +} + +resource "onepassword_item" "vmetrics_admin_token" { + for_each = { for vault in [data.onepassword_vault.kubernetes, data.onepassword_vault.tf_dev, data.onepassword_vault.tf_prod] : vault.name => vault } + vault = each.value.uuid + title = "vmetrics_admin_token" + category = "secure_note" + + section { + label = "Victoria Metrics admin token" + + field { + label = "token" + type = "CONCEALED" + value = random_password.vmetrics_admin_token.result + } + } +} + resource "random_password" "vmetrics_write_token" { length = 40 special = false