loki: Use fetchcert to manage server certificate

Before going into production with Grafana Loki, I want to set it up to use TLS. To that end, I have configured _cert-manager_ to issue it a certificate, signed by _DCH CA_. In order to use said certificate, we need to configure `fetchcert` to run on the Loki server.
2024-02-17 19:37:29 -06:00
parent 29afcae52e
commit 011058aec3
6 changed files with 52 additions and 2 deletions
--- a/env/prod/fetchcert.cue
+++ b/env/prod/fetchcert.cue
@@ -27,3 +27,14 @@ fetchcert: base: f.#Fetchcert & {
 	kubernetes_url: "https://kubernetes.pyrocufflink.blue:6443"
 	namespace:      "dch-ca"
 }
+
+fetchcert: loki: fetchcert.base & {
+	secret: "loki"
+	cert:   "loki.cer"
+	key:    "loki.key"
+	postupdate: """
+		install -v -o root -g 10001 -m ugo=r /etc/fetchcert/certs/loki.cer /etc/loki/server.cer
+		install -v -o root -g 10001 -m ug=r,o= /etc/fetchcert/certs/loki.key /etc/loki/server.key
+		systemctl reload loki
+		"""
+}