Attempt to fix minio ldap auth
This commit is contained in:
parent
7a1f440157
commit
49ad416dfc
|
|
@ -11,8 +11,8 @@ stringData:
|
|||
MINIO_IDENTITY_LDAP_SERVER_INSECURE: ENC[AES256_GCM,data:1rM=,iv:SKhuvzcjXy7FJqZeMTtO3alvWa2E1YYRAkM4T1YnDc0=,tag:znUtC3Q0okedbOv7zVOUgQ==,type:str]
|
||||
MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN: ENC[AES256_GCM,data:33aRyIxdLvW0+I2YDwh8VifqoYoWrIL84ORiQHqqFlFvZaiimTWBNg46BhI8IC4e,iv:qeo9vFoqidUoPI19CQwP4SDqTWuNEWFvTKmipoKZwPs=,tag:7GIwLOBq4ni9ELGLdsYgNw==,type:str]
|
||||
MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD: ENC[AES256_GCM,data:pIuhgM5tnwYEUTH9D6lHoDhovoGNLV/hCKhWyPmk7hCAyT2UY1I8jGIXdErpF9YZkLcs74pMuQrJZyjg,iv:fP6UzgfOxRmmoGzDmeqO02liSzxbc3LXDkWffUY5rFU=,tag:gAPlBlSmk3sRaoFoA6uytA==,type:str]
|
||||
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN: ENC[AES256_GCM,data:DWnv61mf/MxeiT7qxv3Qs0XN03662En/pV0=,iv:38NWSoL8moO3W/Hja1M5WMdzfWmsZ4UDQKGJhQhR7CQ=,tag:lRAFgi7Fv6cSZScdIlPKZA==,type:str]
|
||||
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER: ENC[AES256_GCM,data:+F8SwQ8NnYkegYOJWAjAbeytMQ==,iv:KRBpb/ss3dYJA9CeARi4BHrUIwq8jsmXQ0N5sT/fA0M=,tag:SmBeODb3/2qV/hQTINflMA==,type:str]
|
||||
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN: ENC[AES256_GCM,data:02OYrQjYtrGR6wEZJsQbx09MdnulkfqekarDs8h/5QPZvvk=,iv:as6fwRCKLoDRtAsE3LhAR2WQ8M+fa3oxKrsXmbUDg9M=,tag:eb5yN3brZehHH82aHkXYhQ==,type:str]
|
||||
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER: ENC[AES256_GCM,data:gb8mewlGeToPCKWzqi2K+1Dr4D9BaQejcJhAbtTJXi6dPxBm1wM/pw==,iv:Iey3fRyFa+pHhTfPz6+KEhQgoCH9QaElgCEab0Uw11I=,tag:HLcARuBJqLXZMK4nVk2jKw==,type:str]
|
||||
MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN: ENC[AES256_GCM,data:/NShkg0AAnNNvADI0M3p47GjTrbUYAsyKB65bP21e2WFoF8f,iv:G7qgm3JD7lD7qc0fUVraUf5SFCgLndjnwRbbQH4KGVQ=,tag:xmpu0Y+23MMIBjER4PKXYg==,type:str]
|
||||
MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER: ENC[AES256_GCM,data:ua2lxGZOEosUk5h71qlMVsxHOTua/nUEiXPkrGqXX69SDOlR6CofDg==,iv:Lzr/kDtpJ0QU/eIlB16L0Wsym48m20a7sAbI4xsaXKs=,tag:LaognVNlPVCOXPkRWyz3Zg==,type:str]
|
||||
sops:
|
||||
|
|
@ -21,8 +21,8 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-04-26T02:24:15Z"
|
||||
mac: ENC[AES256_GCM,data:gXmUc+E90HtcgNA/JJWyHSeb3CsSNRTlKdR3bEnE5PI23AiXCx0ZAXJi1c1JiOKxIOQNiHh2BtTwHdP7BHjAYERah1N3iWlVBvGMPt/sPO+SC1kSsaauqW0B/XFoEguULviLqP01Mt/V4f+JqsdWQJaraTkwHVlwEz646/XJrbA=,iv:9lCXv8SNXWSJAW7gA+wguY+Zf81YwlG3INereKTRUUs=,tag:AguuU1vSIGt49BhMYItrMA==,type:str]
|
||||
lastmodified: "2023-05-02T01:04:37Z"
|
||||
mac: ENC[AES256_GCM,data:gDdMq2TKdDFcB62nOeUImdE5+iUKTdg1Yy58NgaENnGytCven1zjHEEAB1gRFAMHrzpgEkYpMKmeamVduetDGFriZD0CCJzfm6FyTtzZ9h7l1KrXowJJtSrycI7PJSylx2cwdqCBBw0JJzrcVUWr1UcLMvOuKtnWNcajmQCqiCc=,iv:vXXPDmATomJ5gLESj+gJ5NCTWcNJxd0HFixN2oQrIXw=,tag:AHVUyQginmTkTS/+cnZ6YQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-04-07T01:57:22Z"
|
||||
enc: |
|
||||
|
|
|
|||
|
|
@ -0,0 +1,188 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: mimir
|
||||
namespace: monitoring
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: mimir-distributed
|
||||
version: 2.8.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: grafana-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
global:
|
||||
extraEnvFrom:
|
||||
- secretRef:
|
||||
name: mimir-secret
|
||||
|
||||
mimir:
|
||||
structuredConfig:
|
||||
common:
|
||||
storage:
|
||||
backend: s3
|
||||
s3:
|
||||
endpoint: minio.database:9000
|
||||
access_key_id: $${S3_ACCESS_KEY}
|
||||
secret_access_key: $${S3_SECRET_KEY}
|
||||
insecure: true
|
||||
bucket_name: mimir
|
||||
|
||||
compactor:
|
||||
persistentVolume:
|
||||
size: 20Gi
|
||||
resources:
|
||||
limits:
|
||||
memory: 2.1Gi
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: 1.5Gi
|
||||
|
||||
distributor:
|
||||
replicas: 2
|
||||
resources:
|
||||
limits:
|
||||
memory: 5.7Gi
|
||||
requests:
|
||||
cpu: 2
|
||||
memory: 4Gi
|
||||
|
||||
ingester:
|
||||
persistentVolume:
|
||||
size: 50Gi
|
||||
replicas: 3
|
||||
resources:
|
||||
limits:
|
||||
memory: 12Gi
|
||||
requests:
|
||||
cpu: 3.5
|
||||
memory: 8Gi
|
||||
topologySpreadConstraints: {}
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: target # support for enterprise.legacyLabels
|
||||
operator: In
|
||||
values:
|
||||
- ingester
|
||||
topologyKey: 'kubernetes.io/hostname'
|
||||
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- ingester
|
||||
topologyKey: 'kubernetes.io/hostname'
|
||||
|
||||
zoneAwareReplication:
|
||||
topologyKey: 'kubernetes.io/hostname'
|
||||
|
||||
admin-cache:
|
||||
enabled: true
|
||||
replicas: 2
|
||||
|
||||
chunks-cache:
|
||||
enabled: true
|
||||
replicas: 2
|
||||
|
||||
index-cache:
|
||||
enabled: true
|
||||
replicas: 3
|
||||
|
||||
metadata-cache:
|
||||
enabled: true
|
||||
|
||||
results-cache:
|
||||
enabled: true
|
||||
replicas: 2
|
||||
|
||||
minio:
|
||||
enabled: false
|
||||
|
||||
# Deployed by kube-prometheus-stack
|
||||
alertmanager:
|
||||
enabled: false
|
||||
|
||||
overrides_exporter:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 128Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
querier:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 5.6Gi
|
||||
requests:
|
||||
cpu: 2
|
||||
memory: 4Gi
|
||||
|
||||
query_frontend:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 2.8Gi
|
||||
requests:
|
||||
cpu: 2
|
||||
memory: 2Gi
|
||||
|
||||
ruler:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 2.8Gi
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: 2Gi
|
||||
|
||||
store_gateway:
|
||||
persistentVolume:
|
||||
size: 10Gi
|
||||
replicas: 3
|
||||
resources:
|
||||
limits:
|
||||
memory: 2.1Gi
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: 1.5Gi
|
||||
topologySpreadConstraints: {}
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: target # support for enterprise.legacyLabels
|
||||
operator: In
|
||||
values:
|
||||
- store-gateway
|
||||
topologyKey: 'kubernetes.io/hostname'
|
||||
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- store-gateway
|
||||
topologyKey: 'kubernetes.io/hostname'
|
||||
zoneAwareReplication:
|
||||
topologyKey: 'kubernetes.io/hostname'
|
||||
|
||||
nginx:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 731Mi
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: 512Mi
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./mimir.sops.yaml
|
||||
- ./helm-release.yaml
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mimir-secret
|
||||
namespace: monitoring
|
||||
stringData:
|
||||
S3_ACCESS_KEY: ENC[AES256_GCM,data:jfnHq3DE,iv:Ft3d/tbvCKuTDHmCXZJgYl5xVBOwIj0Zkc9+JgILDAI=,tag:5bcZBsODsA9Pi2vf5OGsHg==,type:str]
|
||||
S3_SECRET_KEY: ENC[AES256_GCM,data:3WpNKx1d,iv:M5xewbvJm+U8td7kIpkPImd2gDIFfVTGVIR5BJtfoB8=,tag:X78jSBvcHbSIu6S8W8yZNA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-01T22:12:24Z"
|
||||
mac: ENC[AES256_GCM,data:SywFZE0Kj1lx1X1f5chgW7qycPwQvHkRz/35F/hKBLjr0UXI1T9D3IIQeNZlTrxJwSiCvm/+FxMxbF4hJBfZ61Z2jfgwDINghPkoNJothgV0dlPtFTfApgK2BfNqWffhPc3Qj4cmuQZV6kG0h05CbKL4PN89DQ/aEDPPbKI01lo=,iv:x1ZGglUJM/PT5gZgvxRR411pSFmlDkEADrd3arCqFdY=,tag:0xlalnODXYns3CpuDxt9vQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-04-07T01:57:22Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAzKleRwoSoixAQ/9Hi4VyrUXV7LvbCFiLbyfv314lMGwrAf+2po/4Lr1hANe
|
||||
KiwpfthiNheAjNaGCG6v2C1rx2Wrr5G3+rMik/1TLWbg2u9zZU4mWO8bwJUGXKDo
|
||||
/T1nl47f09UPDtQ6KiG0nPf3M0Ovmk3d63R3zpY4Q7uE4uhLNDr0KD9mp7MmRCbZ
|
||||
PO++tdiZa67z9owNDh/NSnQr9Y6JwjlxlkJl5SJ76vaK/SaOi/j86mOm9CV6SQmk
|
||||
cLOwiO7JxV8I4gD9jlLdYEPS+nqztX5eHLRoaXsAQrX4DdWNnOF0C2sk9nMHwQTb
|
||||
W8/SVmg7TiVVL6qVCXgUCgFRXllrlGlXlfv+W6ruuZIBv2MAA1V+afl5A3/KVvE6
|
||||
FDq9YrJ4XfZPCD2ZByM2386L8MiUwkfF/3uge38MT/WDU2DTT+g7jV3UQs+Awi8f
|
||||
N4YBVBcp5jGTkMD0347GPfPF7kdiN/YFZ/Ws1jf/EsS6vOpKNlPn64fVJfTSfdie
|
||||
rvNxksi8Y4vpwEngy38t7JRfpJniDo9iK9EwhXMChYXnWkiz/B3vMoii496B7TzO
|
||||
9gKd4v7kFA6iXI+wqbYrZfOGeLZlMI99pwTatNL4fo9ABJ7JScISzTvS7p/xB6Ae
|
||||
JPdlA0Tf8wP4RYz8YYRcNlfEQPZYb4kHj5r9Ei59InHzwKfq9GyKKvluS0/k3NHU
|
||||
aAEJAhCVkPuIHluRLHsjVEbKbFzSJUG8p/hSSmQnfk3CT36/dJhgv3jzoL+1/Sx1
|
||||
o8OwWPmNq8TuX9SaXfhfy/EGMulWgRaztxt9D+0+wgc8IOAPp+0SYUsaOa0T9+Pl
|
||||
pjU1GRaK5AlT
|
||||
=mItp
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||
- created_at: "2023-04-07T01:57:22Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA4WLYkVpP8xtAQ/9FQGyKS1wEodU9ZVZ8kxijp6aFtMCmL/I5HBEhbSLj0P9
|
||||
TVD0QwnUPZqf7zlWrAh6TspyLQdRMt9JAYZCPyLgu//FdKfBJNYeU3+aWj/lMtJ4
|
||||
Twgs7NPtGbRJcpF+a4NmAOIqzKfJI+h714BLFoWrGtUmTE9/dBHh2yxADSgprY1o
|
||||
/4J8aHQfaqg5JwijP3PhtRMxla4YQfhqf0JRAcmQPKUDuxT2QG/wp59Fq/665aaO
|
||||
JFWiCOPBqTtEhY4ML4EYNUV+Cd7UT7LOXC+Xzuj1eEGMV1Pmqd1u1UyQKvHOOXhT
|
||||
AfGeCub+ZONGfmcDcY5gEMnbSCGcQEvipA3dBIIFklgnxM00jmcJ1Ojo1+MYynpl
|
||||
E1XLOaolRWinlDNXA62k8iWG33hcxHGSzkHrsQjtqrrD2PdHS1RmTJ8Hn+iuRUn6
|
||||
/fGk8ZQJ7oMPsZNyfiM0OdwSXxJ4rQUtGkHHd727S4K6nXC6OLxXCzl7lYG7QKcP
|
||||
RVrbFMNv01aToyNGhLmcSxUYdQ4oc+nv65rNZDsdbi34T+dlULboJDkwV6JrJ5dz
|
||||
hlu3ySgijZuRD5bfpfKB2RScu2ixEijOIyk1oXBB2Dhyh1ezc3qnAw8xkGr9W2SE
|
||||
roBuu95mZsIZEtfMS5hxwGyWzSCENnbkSukQhUoIjRXryly7MQgNZ5FMX+f5n3DU
|
||||
aAEJAhBJcIEidIhFVqDkezzMcofKl3MlXWqkfTUV3vsjz6EpN1FwhpZ3prTexUcM
|
||||
9XCx9Wq1kMpjkphWETh2lSAafyIz6R/d4zWV5IWIeDh+USYT9z0Rprp4URka4Wjx
|
||||
fux0T5xDbgq5
|
||||
=eiXM
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: varken
|
||||
namespace: monitoring
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
image:
|
||||
repository: ghcr.io/boerderij/varken:nightly
|
||||
tag: develop
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
|
||||
serviceMonitor:
|
||||
main:
|
||||
enabled: true
|
||||
|
||||
labels:
|
||||
release: kube-prometheus-stack
|
||||
|
||||
endpoints:
|
||||
- port: http
|
||||
scheme: http
|
||||
path: /metrics
|
||||
interval: 1m
|
||||
scrapeTimeout: 10s
|
||||
|
||||
# resources:
|
||||
# requests:
|
||||
# cpu: 1m
|
||||
# memory: 140Mi
|
||||
# limits:
|
||||
# memory: 300Mi
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./helm-release.yaml
|
||||
|
|
@ -15,3 +15,12 @@ metadata:
|
|||
spec:
|
||||
interval: 1m
|
||||
url: https://bjw-s.github.io/helm-charts
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: grafana-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1m
|
||||
url: https://grafana.github.io/helm-charts
|
||||
Loading…
Reference in New Issue