Skip to content

Instantly share code, notes, and snippets.

@f41gh7

f41gh7/README.md

Last active May 3, 2022 09:05
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save f41gh7/76ed8e5fb1ebb9737fe746bae9175ee6 to your computer and use it in GitHub Desktop.
Save f41gh7/76ed8e5fb1ebb9737fe746bae9175ee6 to your computer and use it in GitHub Desktop.
Download ZIP
vmcluster tls kubernetes
Raw
README.md

generate self-signed ca with key

openssl req -x509 -sha256 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -nodes

  • ca.default.svc.cluster.local - ou

generate storage node certificates

YOU HAVE TO USE extfile -> domain.ext

storage 0

ou - mtls-vmstorage-0.mtls-vmstorage.default.svc.cluster.local

openssl req -newkey rsa:2048 -nodes -keyout vmstorage_0.key -out vmstorage_0.csr openssl x509 -sha256 -req -CA rootCA.crt -CAkey rootCA.key -in vmstorage_0.csr -out vmstorage_0.crt -days 365 -CAcreateserial -extfile domain.ext

storage 1

ou - mtls-vmstorage-1.mtls-vmstorage.default.svc.cluster.local

openssl req -newkey rsa:2048 -nodes -keyout vmstorage_1.key -out vmstorage_1.csr openssl x509 -req -sha256 -CA rootCA.crt -CAkey rootCA.key -in vmstorage_1.csr -out vmstorage_1.crt -days 365 -CAcreateserial -extfile domain.ext

Generate client certificates

vminsert

openssl req -newkey rsa:2048 -nodes -keyout vminsert.key -out vminsert.csr openssl x509 -req -sha256 -CA rootCA.crt -CAkey rootCA.key -in vminsert.csr -out vminsert.crt -days 365 -CAcreateserial

vmselect

openssl req -newkey rsa:2048 -nodes -keyout vmselect.key -out vmselect.csr openssl x509 -req -sha256 -CA rootCA.crt -CAkey rootCA.key -in vmselect.csr -out vmselect.crt -days 365 -CAcreateserial

create secret with certificates

kubectl apply -f secret.yaml

deploy cluster with following values.yaml

helm upgrade -i mtls vm/victoria-metrics-cluster

Raw
domain.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName = @alt_names
[alt_names]
DNS.1 = mtls-vmstorage-0.mtls-vmstorage.default.svc.cluster.local
DNS.2 = mtls-vmstorage-1.mtls-vmstorage.default.svc.cluster.local
Raw
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mtls
namespace: default
stringData:
ca.crt: |
-----BEGIN CERTIFICATE-----
MIIDhDCCAmwCCQC/KTTKH4GEGDANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC
RVUxCzAJBgNVBAgMAkVVMQswCQYDVQQHDAJMTjEMMAoGA1UECgwDYWRtMSUwIwYD
VQQLDBxjYS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMSUwIwYDVQQDDBxjYS5k
ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB4XDTIyMDUwMjEyMjcwOFoXDTI3MDUw
MTEyMjcwOFowgYMxCzAJBgNVBAYTAkVVMQswCQYDVQQIDAJFVTELMAkGA1UEBwwC
TE4xDDAKBgNVBAoMA2FkbTElMCMGA1UECwwcY2EuZGVmYXVsdC5zdmMuY2x1c3Rl
ci5sb2NhbDElMCMGA1UEAwwcY2EuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWewb/WB03yCvO2PkCOQSdF
gFqxKmlKFAoFEn6GJLSBnaeWez8mgZ2dj98Ztw6uEcNkC1SWCuZShEOz0JkHUxCi
6B8ofRIrYrzX5DUOEYixQ+Xkx5G+aDF0a24qTOwIz/EFqTHPc+AumwVrcBH7oh6d
mvvH2JUlHtI8TGR9lk8tMXi5X5U/FZtyRvZliiDrohaXI0BDc2Wotbw8M2wbkIrw
eOakHuA4jgE05ks7DRCW5w16soM5lTPn+Iv62faOx+q8KoEgmGF7sY9QfaR6f3td
CqF1ACW5P8kCDuFodxnPN7IgpKGBbpGmRFXxLLu4P6eyr6FSRitzK4zOOcD6HbEC
AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnTOSPoOlBaWhEHqvRJluN5u6bHFqz5hb
2lMTNkDmhZb1D3TWOqiM0hvPMIpXY3c59e6ko4QuuaM7P/3517UcyjuiYuF5pFmY
GFQx08HD4/2laZVoJVDhsmMDEmsZ2Rp8gLeyeE8Kc3E40kynBVj34vFg9htw6/6Q
M4edr85KSQg+W/AyKf4FoiMkl+N5FUBFRJHhVg4XK4u742THjyOza9vKabpW0RMK
SjNDbhAKuLGVfjRUVCsSxLlj82oPapLwJ1bB3ACIKQZNJlWrX5MC2dY3WrgFrAVB
DNQKc2Dm0/BLlnh5mAc91uYayOoGP94ZBnAMNLMq0l++0T4YnNWO/Q==
-----END CERTIFICATE-----
mtls-vmstorage-0.crt: |
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJALeTvpqBDCd4MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
VQQGEwJFVTELMAkGA1UECAwCRVUxCzAJBgNVBAcMAkxOMQwwCgYDVQQKDANhZG0x
JTAjBgNVBAsMHGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwxJTAjBgNVBAMM
HGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwwHhcNMjIwNTAyMTQwNTUwWhcN
MjMwNTAyMTQwNTUwWjCBhTELMAkGA1UEBhMCRVUxCzAJBgNVBAgMAkVVMQswCQYD
VQQHDAJFVTELMAkGA1UECgwCRVUxCzAJBgNVBAsMAkVVMUIwQAYDVQQDDDltdGxz
LXZtc3RvcmFnZS0wLm10bHMtdm1zdG9yYWdlLmRlZmF1bHQuc3ZjLmNsdXN0ZXIu
bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLXbZZ03MxnIUr
eGU3gjL2skrxG9ED1Wb+eLRcil/2cSNVvTCifX3eryu6RpvMODuXzGtJFV6f3gif
ei0oJ+2aIbjHOyzvya92EhKwqNY6qlLhyLk4lXs3cOqT+g+amZNhq9rbf8Mkyvom
QBGDjoaK62dBMLdhNEgrjHGqvKwdzthkaQylC0PDX8grTh3RQWRebod59GMg3Jx9
ms3phoMAqjMsJ55dTuCjKSCu/x/eNZNCNCRijsPsJQJ6hMPMFyHdSP3kCsqntaSY
jv9vgFpiGi2lPz6/1kL7BTP6lnXG8RLzyGXsZ5uvwCNnD76T5lQfLPZlhEQWVaPO
+loG73bvAgMBAAGjggE1MIIBMTCBogYDVR0jBIGaMIGXoYGJpIGGMIGDMQswCQYD
VQQGEwJFVTELMAkGA1UECAwCRVUxCzAJBgNVBAcMAkxOMQwwCgYDVQQKDANhZG0x
JTAjBgNVBAsMHGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwxJTAjBgNVBAMM
HGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWyCCQC/KTTKH4GEGDAJBgNVHRME
AjAAMH8GA1UdEQR4MHaCOW10bHMtdm1zdG9yYWdlLTAubXRscy12bXN0b3JhZ2Uu
ZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbII5bXRscy12bXN0b3JhZ2UtMS5tdGxz
LXZtc3RvcmFnZS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEB
CwUAA4IBAQAbOMBWAfx+4aax7ibaz+BUjzcSVA9sJdPf7uk9Iv3p0qIYhhmI+WOy
t3GijCEVUu8A9VzmCByMPsMkjJMk+HIqIJmCQFVghlMk7L7J9iIekPALnfy72S7E
wwz9a9SP8S6/Lofz0SMzk4u4roYBtDFxYK3vRm2g69ZRKWCzjgoeF7wTeFctN3Sm
dyVoFqwZQ0neZYO24t+rdpUgep8SbZAQqTh5X6iFGVmSdEqTVogaXUHFss/1c4JJ
+rSWwEmgdXCLWvIIJSGKY94y/y5/teWK9L5jqll8B8AVVfTyecHDSqJCdadsK05d
vRlw6kVlLpzoBQP2R1WlRG1huUVihzzZ
-----END CERTIFICATE-----
mtls-vmstorage-0.key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLXbZZ03MxnIUr
eGU3gjL2skrxG9ED1Wb+eLRcil/2cSNVvTCifX3eryu6RpvMODuXzGtJFV6f3gif
ei0oJ+2aIbjHOyzvya92EhKwqNY6qlLhyLk4lXs3cOqT+g+amZNhq9rbf8Mkyvom
QBGDjoaK62dBMLdhNEgrjHGqvKwdzthkaQylC0PDX8grTh3RQWRebod59GMg3Jx9
ms3phoMAqjMsJ55dTuCjKSCu/x/eNZNCNCRijsPsJQJ6hMPMFyHdSP3kCsqntaSY
jv9vgFpiGi2lPz6/1kL7BTP6lnXG8RLzyGXsZ5uvwCNnD76T5lQfLPZlhEQWVaPO
+loG73bvAgMBAAECggEAavG9Ez+/NDe7UEDf+XDenBzmjCS0pe9zWh7fukqKbG7S
xiPXj5uutYwo0qyPAbYQoKM/SA+U0z1QC42UcamNqaBSK3NTDkZhnxWh/oTLI86u
B04nGTqCsYUP1wGJcyOP/a0CSqvFU3PqWHMYwrYQyr1Ab2fPB68WxM/2dnMBkCpm
TSPUJrn9un3ThATGX9DrrUZsvt9tgTKVxz/40yKu4KQbBSnpfL2M1/U8+3MvQx/v
W/OrlLAbthtWON9JcAjdhggp3gvTIxk01pmzwUWP95y1sH6wbls4HAHx+sc6Hzkw
C2YRL00qPgujrcUocbafU2LPSHMa5wH49zny0xhnAQKBgQDq03DEBZWK4PbTzVV9
K8hi5tKEjPEqp1EO60PzdjESz1Ls9a+JPQJVAHthEfNUztqUVNNbiAoJmfpH8pSm
ILDOk2Q6oDMURKY/cl5oovKiAikazoRujuM3gx686btHOyMVUL6F1WxI9sIx8u6p
i+SibbpuTqW8naja9dAXlxG3ewKBgQDdtBLlbLmrqK67yAqdha+XOty1ooXcuA8R
EGUdVtfrS5WVTBAZl874V1AtixlDK0p1F+dD6zB2DkCBVWLoEuZX7pNaKBvNzuIO
CNhTkWqmkYa5XdQAlaWB6CM2MuW5E2Lp37mPHSyTDimqqzWYyIxh/X6iY92Nsfuz
RLOS62KqHQKBgE0UaodtbdDQVzTeyZj0rioIqkFoIiFmGm1TPFLGEQWjmAy/+IaL
yCAusFEEm2LTI1xdG6OH3AOaz1Seg7ykLmUgbF3yB9I3VnqtB+BA3HPhUazC7SV9
MYgfOg+4iQiwmKt+fYtgqtKobMYIf96XVM0cR329wxlOhwaYeV3E8MPRAoGAOQx9
UEwJ+wIM9IUlNiOQa3naEWMgzwsN1XZCjqoqJYHtm91Wxz8pIv5Uw2NnvMEHB9p+
yBtc/QPt1VoDeXRjkXzyreBkRzFVOgdMozRoHTSVVl2uj/fx/tudM/Uk59r1OPk4
5nq7XZvnXONxhz8T4KM6Us8f07ZY7mhfTQ8E9IECgYEAh+EZEjBXRoKKs7fJPFbb
zTjbO2yVYzj36NbElw1L5jlrykmh6IAqtG7VPuzZMAd46jQdOdTGB7wXXWkOq62m
ZbjzBLwazftSKbgs9OUZ5lStapB0cbIgwIskzjZrdquMUW2EYlxJRZZSuGXITDiT
fs/5s8W+h0lEK+SmUSDvUBs=
-----END PRIVATE KEY-----
mtls-vmstorage-1.crt: |
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJALeTvpqBDCd5MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
VQQGEwJFVTELMAkGA1UECAwCRVUxCzAJBgNVBAcMAkxOMQwwCgYDVQQKDANhZG0x
JTAjBgNVBAsMHGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwxJTAjBgNVBAMM
HGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwwHhcNMjIwNTAyMTQwNjE4WhcN
MjMwNTAyMTQwNjE4WjCBhTELMAkGA1UEBhMCRVUxCzAJBgNVBAgMAkVVMQswCQYD
VQQHDAJFVTELMAkGA1UECgwCRVUxCzAJBgNVBAsMAkVVMUIwQAYDVQQDDDltdGxz
LXZtc3RvcmFnZS0xLm10bHMtdm1zdG9yYWdlLmRlZmF1bHQuc3ZjLmNsdXN0ZXIu
bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8dZUUtS9zDwOz
iTpuPn3v11Oh+JJlcBydrmwwGlAK88SZhQ2t0QKSjtlaQmlIKReE8KMNOitRGayj
3iJwQXimF2U4wVWcXpJGLrF1fHfOmHCo74ha/o6G16mXuJpuOsOzWlIyPh6/Rtc5
cpOHB1QQVy+5p1y4yA3QDdRnkkArJLQJMSzcJxHUZu8Opp5nKHA7TvdIhFibt0dk
yHMgv5puUwfUQh1OvGIii/hELU4WqcBEjewSJrOTiZRZ1seKP1z8UhqC4rqjM0+c
qJIkI7/ebJpFUfWccuGxoTQL7URa0vqJ1B8Ll1QyP5HSgTk7DI00RELQK+GGObl5
5E2k4pFvAgMBAAGjggE1MIIBMTCBogYDVR0jBIGaMIGXoYGJpIGGMIGDMQswCQYD
VQQGEwJFVTELMAkGA1UECAwCRVUxCzAJBgNVBAcMAkxOMQwwCgYDVQQKDANhZG0x
JTAjBgNVBAsMHGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwxJTAjBgNVBAMM
HGNhLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWyCCQC/KTTKH4GEGDAJBgNVHRME
AjAAMH8GA1UdEQR4MHaCOW10bHMtdm1zdG9yYWdlLTAubXRscy12bXN0b3JhZ2Uu
ZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbII5bXRscy12bXN0b3JhZ2UtMS5tdGxz
LXZtc3RvcmFnZS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEB
CwUAA4IBAQBGHkcwxJ/NINTx0Z+Qz4Mf+TAxbMH+F6rQw0x9M0UCEIW8uZjOxfyG
2jyCCvEUCKyfCrwcsutaf4AqiJFTmuWys5r7Dl/BR5FMb5pctwVeGlErUK4hos9N
7voetqf+Kl/HtBC9heXJFR+coUuXDsS04p5DQXFP9hUIVyVOIfQd6M84QeDp99l2
ZfwW7c/1gx0xffu8yPzB04MWr9sMDbXQR3s5Ey+Hgrg/2hFHRwTj2yaCtV3Yfuz3
FYgG73kdalvXS0c5zLJ6dgH19w2TzFjSuJaGkr4qxkja/ZHwngjy4x5lGqWu6Z04
RCM08Zq/8RUuP+k55PWn2uvATlRwSwTL
-----END CERTIFICATE-----
mtls-vmstorage-1.key: |
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8dZUUtS9zDwOz
iTpuPn3v11Oh+JJlcBydrmwwGlAK88SZhQ2t0QKSjtlaQmlIKReE8KMNOitRGayj
3iJwQXimF2U4wVWcXpJGLrF1fHfOmHCo74ha/o6G16mXuJpuOsOzWlIyPh6/Rtc5
cpOHB1QQVy+5p1y4yA3QDdRnkkArJLQJMSzcJxHUZu8Opp5nKHA7TvdIhFibt0dk
yHMgv5puUwfUQh1OvGIii/hELU4WqcBEjewSJrOTiZRZ1seKP1z8UhqC4rqjM0+c
qJIkI7/ebJpFUfWccuGxoTQL7URa0vqJ1B8Ll1QyP5HSgTk7DI00RELQK+GGObl5
5E2k4pFvAgMBAAECggEBALSQ1C3rC3NqR1mVee524aMS5Iaj62BVcpWBsRbFnztf
JFcTLHAFejmBtK7OQqFo/afaB998hFRIDSlUhBqaIEbC07D1TFluIygrRMwUXZYM
aKT0G+lTTKvVpiBAN3a1xxvoxihtbHhIH55jMQaG9vxRDOEMgcJpqxJUrdYuQl0S
PehjRCda7dTvKwoRDm3XWdye9UkdHaIsJK3KOZGbRJJYVXGV410bka3lv03W3cLg
2GzSBggBSp00JP61t1H0ses4yPM5sSMxB3seHgHiNM/2G6j5TLvXQlP1f+ss3XKn
w3LtqWOu2NghEqeY3n3BtTEH9DKsZXT74Y543OUwzAECgYEA9i4p6XHXTeSwsaYp
nB+XscnMI9fkNLvuarMu0wnU7J9wG3dUmJYnH1DCBOZXXKELE/9MgBklnBAJITYF
j7WYfkaFRqKzfCcUgHhXF8uKtuqR2MyidL+BSNAV9dyawr48efKFHTL/4t4pvl6/
GmWnQtzJ5cWdFB3QzeDhFlhFz0ECgYEAw/oCKCNPpXlUU/DFtQSESTToanMxQIvT
JAQnmo/V8V1ljLnmvzBJZutDlfDXfnt2tJB9Y+iJQFrFGMAZqlhvaFkxfruL4yQl
rh4yQpsh/kdF+ywVeBni1GyNaY+Vh2L3rAYqIksJ8AtYOFReIPWNyXda5pISw798
88ZOSI+U5K8CgYBiUKtiVJmUvRknyWFivWc6lInXYrf7q3Ya3LZ9h7amTUJbZbu+
OHElW34wsMEA+DvRX6rwmZpgijLrNYThELf27jj5ra6ajYzthaHameorBOD8QTU8
BOMf7iJnDxQrZAgI96bbs2tn8iufoH0XkLNMy5pCDjqeNw4VupKJ9vTiQQKBgCGP
c8UZ3u7Qaz+AsOrB3kGHHPH1zg5mo368c2fFj/aobtZ9k2VUSI2mZkmMF+siC376
a26riK2LncsSQpLoWBO/inlQdrEsJIO/yg2b8WNRI0vTDc4maLDF8iWMoCeyLAW6
fIao4QfJeY8T65arVl+U3+0yQKJi7Wv1nrxQUkgjAoGBAI4tug1VSu29ZgBcqoUN
HsOr1HEQG5z0bBUrzL2Kn7nFl8uSMFYT2k6WpU5GfI56OVThohAC2l4Qbs1kC0Ct
vv7OQeZJjAT48NzTVHNd7OPdO8a+y9yWMyx80RaWxM2WvjEWZOysW0tBC0hFOVg9
FsZmAwAmsG0YUGPfpEs48X06
-----END PRIVATE KEY-----
vminsert.crt: |
-----BEGIN CERTIFICATE-----
MIIDbjCCAlYCCQC3k76agQwnejANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC
RVUxCzAJBgNVBAgMAkVVMQswCQYDVQQHDAJMTjEMMAoGA1UECgwDYWRtMSUwIwYD
VQQLDBxjYS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMSUwIwYDVQQDDBxjYS5k
ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB4XDTIyMDUwMjE0MDY1OFoXDTIzMDUw
MjE0MDY1OFowbjELMAkGA1UEBhMCRVUxCzAJBgNVBAgMAkVVMQswCQYDVQQHDAJF
VTELMAkGA1UECgwCRVUxCzAJBgNVBAsMAkVVMSswKQYDVQQDDCJ2bWluc2VydC5k
ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAzabCFlHCNUFCMkQUBhFjZPj1A7ddxy7qRfHkebLeyiBcei/c/3sJ
IYBfQy8DX21lGSWEHnwmdSRWHCMC5ewzMXlPQic2jMpz2YSKKW7gZ1YzCCb8W8kW
G38b/2ol2y7ffPCp17d3Dv2iwlb0zNhVGpa+Qbk30659voZNZ9KAeME6KceEC4g0
6+Z4fkX7i22bed27BgWhhoG5TbN/M1tsInLb7XEauMOp6uBFIqVmSRr1W6yd30mV
o6PwXsAXzuYiYzVEB+HcLGkkI2xCOJwGT0XjKlw5ZeDvOA4xmto3vb45bNCz4uvX
THIFB99i8WIphvnS6gllUilmg8kQ2fSp5QIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQBdnvWzwsfnhZPnkjg32oQ9hydmxAzyjyVyQ9pMpZQsVYfIy1b5Rl68mR0/gaaR
R/FmWkXjg9la+M6My1PrJWKl07inVJctXhRJ1UGBYIDshhqkLRD8oIjvkLhvL21E
jnzBXwlDX+DXAWnrERYia8aYn7eQFwy3aJ5V+s6uV6RwDHJ//cnPxH4vzl/cGYQE
waz/I/XLpcY6x+E8BQvUCKpBLl/HB0N8R24SMymqkCZ1GwlXQKYGwqgMi/kVGJG6
OTBvJL+NowoLogtch7CKTjg5P3LIj7/S+XDHuIAIJnqBTOgjBUgKUFmRlalz951x
GEATs8Zp3i+CRFNDo2QknGgt
-----END CERTIFICATE-----
vminsert.key: |
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNpsIWUcI1QUIy
RBQGEWNk+PUDt13HLupF8eR5st7KIFx6L9z/ewkhgF9DLwNfbWUZJYQefCZ1JFYc
IwLl7DMxeU9CJzaMynPZhIopbuBnVjMIJvxbyRYbfxv/aiXbLt988KnXt3cO/aLC
VvTM2FUalr5BuTfTrn2+hk1n0oB4wTopx4QLiDTr5nh+RfuLbZt53bsGBaGGgblN
s38zW2wictvtcRq4w6nq4EUipWZJGvVbrJ3fSZWjo/BewBfO5iJjNUQH4dwsaSQj
bEI4nAZPReMqXDll4O84DjGa2je9vjls0LPi69dMcgUH32LxYimG+dLqCWVSKWaD
yRDZ9KnlAgMBAAECggEBAMvVo753nyUl37Tu4WH6TihA0qmyUBMjHzXgwnMVpdl2
JfM+CbB4hN5d3Q48RP2K8o/wLXoB2CR3tZoB4dd/PGanNLX/JAR8jkNlKYRTz7zd
JYvJCIz5TR5H6LpKveb4GLA/4jhcMnf7Uh2KDu4S5peKHl4KdZks9JmpiIOFk60b
IKwcMtyXRU+z1zQ/L4PeD1f55jC+ueNOdtqiKKHzKe6wjxEpYvpmaJoAQx+8WX2t
E6AQRuLtb8X7BDMrPH1MBgUFKaoafeL+O8NtsxxS5tKdsqFlq9UM1s1nRg2/ngsq
+5QEHCcKp4BoG3+yndGUzRGpm4nb1nzvToGhfwu3makCgYEA9zPXuzCl6yo3UTCb
xUg2gNWswMEBKjsSYQkRtz0TV80uwMFqIscxyFFYHOvvRLiQgwyIeb/70spjuX+n
7l9+c+yF/fi5t5o+P8Z+3s5RLcwkcvkVeiytFOz/9wvyQFftf5Jc1+pYtwJKzqdR
DGg6UAcoRosBTVEnUBUB4hjtqNMCgYEA1PhcYxZSWuFfjKpvR3DyyS47Z6VS/fVy
2gaAfYgfkPrXdBkVvyuZg9VqgCE2HUzjITz1LycA0m8FlE3c0cr99G+gJzxL51Jk
yE/ulZOF7MFRUxBqQCeVZq/LmqzmAzGp84+/gJcaPtIGYFV7N9mtB4tQ1IyHcS+X
eES8QWftL2cCgYEAiL2oq+cxIHBtwP9+axaS75lCwi0BE/cxJ3P41L94H61kG0Pi
DfLZ2tEESJtJ812UsqkQJSjJh8RkfYvbvMQeEsnXJLGdKa6smGKYc271ALxXvTGD
a92isFyZCnMVQfphaZvwt47uG+2sq7tp3c8Z0oLjCIKD6dzmPiogrIzVifkCgYEA
wF4aLVKTTw213fxxCYnnc3s0I3m8zjIv7Onkk/8p7C34ASFLeGNshh121oepNqwl
mPdTzKShZHLuCjiOll2SKIHPmsEnGqpc6Gby7d7UILe5uprgLlTS6W8vLOax2P66
MYuNghx6k3XoVonABAG1/lODzomlKcLAQd1sYnP6VU8CgYAe+cm1ncv02ZbDmLiA
7HgvQNLPYYfvF6Z9ZIqQz1JwKRDahvlsMVF2QvzQetfSnOHFBVRIMUhqssVHlJZB
07NuhhNXHqRsMe2C9XfC28HW2XmNrULmpzhaXVQKtcmnhdA3/rtsStn1qFvsEz2H
X4FYuoUlFg3SCM1YwI5vxm5fng==
-----END PRIVATE KEY-----
vmselect.crt: |
-----BEGIN CERTIFICATE-----
MIIDbjCCAlYCCQC3k76agQwnezANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC
RVUxCzAJBgNVBAgMAkVVMQswCQYDVQQHDAJMTjEMMAoGA1UECgwDYWRtMSUwIwYD
VQQLDBxjYS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMSUwIwYDVQQDDBxjYS5k
ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB4XDTIyMDUwMjE0MDcwNVoXDTIzMDUw
MjE0MDcwNVowbjELMAkGA1UEBhMCRVUxCzAJBgNVBAgMAkVVMQswCQYDVQQHDAJF
VTELMAkGA1UECgwCRVUxCzAJBgNVBAsMAkVVMSswKQYDVQQDDCJ2bXNlbGVjdC5k
ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyGLfFwsoHDRRockfJuDz2E5YrCrGxDrSsCOlPUE9/7uyqpsVv/Bo
FXgzOHvZ+RhQ8AeuYHXLbh9Nx62hBPJ4uFNLn6TQCDBrDgF7BaOVtsTzuQsiwK4j
0rTffEqqIsmaBxA290D3b98s0EJPqesscl6BO2JpY1M0+2LNqpxE9J0BTrKyLCTF
gUqPe/fUOhMBpsrSuT+l6Cjubi2dgWdM99v3Eo4+NBUG5eIr2SKg0Fh+Efx7jpwT
F9UehvgGLYshMzqk1tdreBUuKJPoFRCqJqszMLfNVPnRdrJDX4JpHaZzTG8//6uq
0lPDqB/7blBmje52gjSy/BKJRxmoq86XlQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQB5kcj5cCZpyMaXYZExdDX5uCMfTtRKtJNJvnw39bbRXdcqkk4t3HsbBtdlSLx+
SGyFdRND335s5k/Xxd1mP3j8hPbZKr7lO1wuhjM+MJMOists72tu6Q/pkmJ1vLo6
YsDWudAwOopA1R0SW+ew/FF6sl6rQUQ0WwN/zKWfRGDhz8Vhrw+rREbFBfhsKRH0
9WpUQMXeIpmKXRv/D0kpMRRttbH/LsMM0wmd/pG7LvK7A+gCMcDp2tmcb7DYP6bA
NNzUodSPjkMFJEnh1c+8MmjkM57hUft+HQ6m/PhSiZhU77pVszAIsfRzqZk3S67s
a18LmP1c2UXDCXjG2CFaBfGA
-----END CERTIFICATE-----
vmselect.key: |
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIYt8XCygcNFGh
yR8m4PPYTlisKsbEOtKwI6U9QT3/u7KqmxW/8GgVeDM4e9n5GFDwB65gdctuH03H
raEE8ni4U0ufpNAIMGsOAXsFo5W2xPO5CyLAriPStN98SqoiyZoHEDb3QPdv3yzQ
Qk+p6yxyXoE7YmljUzT7Ys2qnET0nQFOsrIsJMWBSo9799Q6EwGmytK5P6XoKO5u
LZ2BZ0z32/cSjj40FQbl4ivZIqDQWH4R/HuOnBMX1R6G+AYtiyEzOqTW12t4FS4o
k+gVEKomqzMwt81U+dF2skNfgmkdpnNMbz//q6rSU8OoH/tuUGaN7naCNLL8EolH
GairzpeVAgMBAAECggEBAMKNZAXOejHwBfWq/EjWDUnMv0DhAzyP0/DZmtu/FT/O
b6g+jD5fXd7CZhCIBthW6HYzLvVOSKVxVSXyCKxx8g0cKgckkCnzQG1HuLZ/3aKm
0+6rxiEGsZcorvbQ0yCVVatX7dXfSJ1gM/U6/Hd/8hZUdOpAIQwjRARyKDZmJHjM
n+/tzHT236F5sQhezYWx9KlbKwrPCCsbNGm9fir2hM1Dhe1AqVUFfcNtwGQWYCmu
GTGDsuCYDzsRBuiwb0DYR6W69Qxkx8s/eDBl2JNW5eupdR97OAMpfNzPQZd3p+Ek
nupbUUnn4W/GGZIKAzUcZ+/DniXOTyceC4fNi/cOnZ0CgYEA/4Ua5SjT8GR9OwIA
louylPkOLoX0HhZqVmHv1v6nPq4jHK7KZot5uTeCiE0v88Lm4f2ZZA0Fm0eCM4fC
PPxaUB3H5JAPRkFnuK2p7SHG8UOzsQBaUzILgVnRcjSCWzOqGaebCD6TEI/ZvJ6d
tsPZC/xwrKQb/I+z9eQ9VW/uIoMCgYEAyMM/zyiIwA+i7ycfSRbcRN3bQ+0m8lH0
SHiCYaoRQF39gqRWQ86LFAgB0uCwKEpqi5TgWCXS9qHl0lbQAx1jyD6Xo0Zkahvd
dqOuoulHsosoArTHhJA48xKAZon5SSVrlz2zxWgSRLu3o6cIG2oM5HePDpeePzDA
RHcdHh6c4gcCgYA0n3wHf94OHxPvaB0o5AJWTeiOykWZQLKLscXMOEvHS+OtT44d
ilH6RCVc3tCmWhhkqG7DvS7PaO22oRnup2YOI+P7/XM329Z5oUJitNcc7v190X3I
roDSFeZdp9TE5aH9gJgcHY76FTYZc201q6Xyov2tgGrHG+1LEcNT6iZX8wKBgBzf
P4D6UlhUp1j/Zldrizf4M/1b0LsOoDP/6LhE7gA0xC2Slrlfrc6urBx4pbzVnub9
/RmQLvu7IsMSKw4Xnu8AWWxoxi4gXcQfHBFfvSjnLFTfTMY6u4Xxhje45fnoAMYa
YI0mP2JVIL7PWbIfmUUOEKvHkEGEMFJoUu6u9l7nAoGBAKwEgjQzzqt5kgFv5O5c
F5/hnn/vavj1t0R/BLEek3af24kwo6A8kYD6UDNxZv4iTl8JEaFNq5Xk32AS/75p
HC1kH/yq9oow3H93vGAu9w6iPFDkAh9WdpLwPKfjC93VYrDOejokPiiob+I85sFZ
9KmhAD4BsuVMnbUXJvTLy2DL
-----END PRIVATE KEY-----
Raw
values.yaml
vmstorage:
fullnameOverride: mtls-vmstorage
image:
tag: v1.76.1-enterprise-cluster
extraVolumes:
- name: mtls
secret:
secretName: mtls
extraVolumeMounts:
- name: mtls
mountPath: /etc/mtls
env:
- name: POD
valueFrom:
fieldRef:
fieldPath: metadata.name
extraArgs:
eula: "true"
cluster.tls: "true"
cluster.tlsCAFile: /etc/mtls/ca.crt
cluster.tlsCertFile: /etc/mtls/$(POD).crt
cluster.tlsKeyFile: /etc/mtls/$(POD).key
vmselect:
image:
tag: v1.76.1-enterprise-cluster
extraVolumes:
- name: mtls
secret:
secretName: mtls
extraVolumeMounts:
- name: mtls
mountPath: /etc/mtls
extraArgs:
eula: "true"
cluster.tls: "true"
cluster.tlsCAFile: /etc/mtls/ca.crt
cluster.tlsCertFile: /etc/mtls/vmselect.crt
cluster.tlsKeyFile: /etc/mtls/vmselect.key
vminsert:
image:
tag: v1.76.1-enterprise-cluster
extraVolumes:
- name: mtls
secret:
secretName: mtls
extraVolumeMounts:
- name: mtls
mountPath: /etc/mtls
extraArgs:
eula: "true"
cluster.tls: "true"
cluster.tlsCAFile: /etc/mtls/ca.crt
cluster.tlsCertFile: /etc/mtls/vminsert.crt
cluster.tlsKeyFile: /etc/mtls/vminsert.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment