From 0372556185f77c201fbb35da9d1c34759efe3175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=81nis=20Bebr=C4=ABtis?= Date: Wed, 13 May 2026 11:44:58 +0300 Subject: [PATCH 1/2] vm stack proxy --- vmproxy/Chart.yaml | 5 +++ vmproxy/templates/deployment.yaml | 59 +++++++++++++++++++++++++++ vmproxy/templates/ingress.yaml | 68 +++++++++++++++++++++++++++++++ vmproxy/templates/service.yaml | 15 +++++++ vmproxy/values.yaml | 49 ++++++++++++++++++++++ 5 files changed, 196 insertions(+) create mode 100644 vmproxy/Chart.yaml create mode 100644 vmproxy/templates/deployment.yaml create mode 100644 vmproxy/templates/ingress.yaml create mode 100644 vmproxy/templates/service.yaml create mode 100644 vmproxy/values.yaml diff --git a/vmproxy/Chart.yaml b/vmproxy/Chart.yaml new file mode 100644 index 00000000..65075653 --- /dev/null +++ b/vmproxy/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: vmproxy +description: A Helm chart for Victoria Metrics stack Proxy +version: 0.1.0 +appVersion: 1.0.0 \ No newline at end of file diff --git a/vmproxy/templates/deployment.yaml b/vmproxy/templates/deployment.yaml new file mode 100644 index 00000000..588f5156 --- /dev/null +++ b/vmproxy/templates/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + labels: + app: vmproxy + release: {{ .Release.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: vmproxy + release: {{ .Release.Name }} + template: + metadata: + labels: + app: vmproxy + release: {{ .Release.Name }} + spec: + containers: + - name: vmproxy + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: JWKS_URL + value: {{ .Values.proxies.jwksUrl }} + - name: METRICS_WRITE_URL + value: {{ .Values.proxies.metrics.writeUrl }} + - name: METRICS_READ_URL + value: {{ .Values.proxies.metrics.readUrl }} + - name: DEBUG_METRICS_INSERT + value: {{ .Values.proxies.metrics.debugInsert }} + - name: DEBUG_METRICS_SELECT + value: {{ .Values.proxies.metrics.debugSelect }} + - name: LOGS_WRITE_URL + value: {{ .Values.proxies.logs.writeUrl }} + - name: LOGS_READ_URL + value: {{ .Values.proxies.logs.readUrl }} + - name: DEBUG_LOGS_INSERT + value: {{ .Values.proxies.logs.debugInsert }} + - name: DEBUG_LOGS_SELECT + value: {{ .Values.proxies.logs.debugSelect }} + - name: TRACES_WRITE_URL + value: {{ .Values.proxies.traces.writeUrl }} + - name: TRACES_READ_URL + value: {{ .Values.proxies.traces.readUrl }} + - name: DEBUG_TRACES_INSERT + value: {{ .Values.proxies.traces.debugInsert }} + - name: DEBUG_TRACES_SELECT + value: {{ .Values.proxies.traces.debugSelect }} + - name: VM_PROXY_REPLICA + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - name: http + containerPort: {{ .Values.service.port }} + resources: + {{- toYaml .Values.resources | nindent 12 }} \ No newline at end of file diff --git a/vmproxy/templates/ingress.yaml b/vmproxy/templates/ingress.yaml new file mode 100644 index 00000000..52aed034 --- /dev/null +++ b/vmproxy/templates/ingress.yaml @@ -0,0 +1,68 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: {{ $.Release.Name }} + port: + number: {{ $.Values.service.port }} + path: /metrics/insert + pathType: Prefix + - backend: + service: + name: {{ $.Release.Name }} + port: + number: {{ $.Values.service.port }} + path: /metrics/select + pathType: Prefix + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: {{ $.Release.Name }} + port: + number: {{ $.Values.service.port }} + path: /logs/insert + pathType: Prefix + - backend: + service: + name: {{ $.Release.Name }} + port: + number: {{ $.Values.service.port }} + path: /logs/select + pathType: Prefix + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: {{ $.Release.Name }} + port: + number: {{ $.Values.service.port }} + path: /traces/insert + pathType: Prefix + - backend: + service: + name: {{ $.Release.Name }} + port: + number: {{ $.Values.service.port }} + path: /traces/select + pathType: Prefix + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ $.Release.Name }}-ingress-tls + {{- end }} +{{- end }} \ No newline at end of file diff --git a/vmproxy/templates/service.yaml b/vmproxy/templates/service.yaml new file mode 100644 index 00000000..11252584 --- /dev/null +++ b/vmproxy/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + labels: + app: vmproxy + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + selector: + app: vmproxy + release: {{ .Release.Name }} \ No newline at end of file diff --git a/vmproxy/values.yaml b/vmproxy/values.yaml new file mode 100644 index 00000000..fefd7ac5 --- /dev/null +++ b/vmproxy/values.yaml @@ -0,0 +1,49 @@ +replicaCount: 1 + +image: + repository: vmproxy + tag: latest + pullPolicy: IfNotPresent + +proxies: + # JWKS URL for JWT authentication. This should point to the JWKS endpoint of your identity provider (e.g., Keycloak, Auth0). + # It is used by vmproxy to validate incoming JWT tokens and extract user information for authentication and authorization purposes. + # For example, grafana query proxy checks project permissions based on the "project" claim in the JWT token, which is validated using the JWKS URL. + jwksUrl: https://example.com/realms/example/protocol/openid-connect/certs + metrics: + writeUrl: http://vm-cluster-victoria-metrics-cluster-vminsert:8480/insert/prometheus + readUrl: http://vm-cluster-victoria-metrics-cluster-vmselect:8481/select/prometheus + debugInsert: "false" + debugSelect: "false" + logs: + writeUrl: http://vl-cluster-victoria-logs-cluster-vlinsert:9481/insert/opentelemetry/v1/logs + readUrl: http://vl-cluster-victoria-logs-cluster-vlselect:9471 + debugInsert: "false" + debugSelect: "false" + traces: + writeUrl: http://vt-cluster-vtinsert:10481/insert/opentelemetry/v1/traces + readUrl: http://vt-cluster-vtselect:10471/select + debugInsert: "false" + debugSelect: "false" + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + host: vmproxy.local + tls: [] + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +affinity: {} +nodeSelector: {} +tolerations: [] \ No newline at end of file From a09cd50a9f4058f2f3d75f040461b02a0230ddf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=81nis=20Bebr=C4=ABtis?= Date: Wed, 13 May 2026 13:06:37 +0300 Subject: [PATCH 2/2] iterator removal --- vmproxy/templates/ingress.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/vmproxy/templates/ingress.yaml b/vmproxy/templates/ingress.yaml index 52aed034..4a541ea3 100644 --- a/vmproxy/templates/ingress.yaml +++ b/vmproxy/templates/ingress.yaml @@ -64,5 +64,4 @@ spec: - hosts: - {{ .Values.ingress.host }} secretName: {{ $.Release.Name }}-ingress-tls - {{- end }} {{- end }} \ No newline at end of file