gitops: add kube-prometheus
This commit is contained in:
Jan Novak
@@ -27,6 +27,19 @@ spec:
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: kube-prometheus
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
path: ./gitops/home-kubernetes/kube-prometheus
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
namespace: flux-system
|
||||
|
||||
81
gitops/home-kubernetes/kube-prometheus/helmrelease.yaml
Normal file
81
gitops/home-kubernetes/kube-prometheus/helmrelease.yaml
Normal file
@@ -0,0 +1,81 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: kube-prometheus-stack
|
||||
namespace: monitoring
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: kube-prometheus-stack
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: prometheus-community
|
||||
namespace: flux-system
|
||||
install:
|
||||
createNamespace: true
|
||||
crds: CreateReplace
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
crds: CreateReplace
|
||||
remediation:
|
||||
retries: 3
|
||||
values:
|
||||
prometheus:
|
||||
prometheusSpec:
|
||||
retention: 60d
|
||||
storageSpec:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
resources:
|
||||
requests:
|
||||
memory: 0.5Gi
|
||||
cpu: 500m
|
||||
limits:
|
||||
memory: 4Gi
|
||||
cpu: 2
|
||||
serviceMonitorSelectorNilUsesHelmValues: false
|
||||
podMonitorSelectorNilUsesHelmValues: false
|
||||
ruleSelectorNilUsesHelmValues: false
|
||||
|
||||
alertmanager:
|
||||
alertmanagerSpec:
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 3Gi
|
||||
|
||||
grafana:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
adminPassword: admin
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx # adjust if using traefik/contour/etc
|
||||
hosts:
|
||||
- grafana.lab.home.hrajfrisbee.cz
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Request-User,X-Auth-Request-Email,Authorization
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.lab.home.hrajfrisbee.cz
|
||||
/oauth2/start?rd=$scheme://$host$escaped_request_uri
|
||||
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.lab.home.hrajfrisbee.cz
|
||||
/oauth2/auth
|
||||
tls:
|
||||
- secretName: grafana-tls
|
||||
hosts:
|
||||
- grafana.lab.home.hrajfrisbee.cz
|
||||
|
||||
prometheusOperator:
|
||||
admissionWebhooks:
|
||||
certManager:
|
||||
enabled: false
|
||||
@@ -0,0 +1,8 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: prometheus-community
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1h
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
4
gitops/home-kubernetes/kube-prometheus/namespace.yaml
Normal file
4
gitops/home-kubernetes/kube-prometheus/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: monitoring
|
||||
@@ -31,6 +31,7 @@ spec:
|
||||
pass_access_token = true
|
||||
skip_provider_button = true
|
||||
upstreams = ["static://202"]
|
||||
skip_auth_routes = ["PUT=^/uploads/.*", "POST=^/uploads/.*"]
|
||||
|
||||
extraArgs:
|
||||
- --reverse-proxy=true
|
||||
@@ -38,6 +39,8 @@ spec:
|
||||
ingress:
|
||||
enabled: true
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
hosts:
|
||||
- oauth2-proxy.lab.home.hrajfrisbee.cz
|
||||
tls:
|
||||
|
||||
8
gitops/home-kubernetes/oauth-proxy/readme.md
Normal file
8
gitops/home-kubernetes/oauth-proxy/readme.md
Normal file
@@ -0,0 +1,8 @@
|
||||
```bash
|
||||
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-url: "http://oauth2-proxy.oauth2-proxy.svc.cluster.local:4180/oauth2/auth"
|
||||
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/start?rd=$scheme://$host$escaped_request_uri"
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: "X-Auth-Request-User,X-Auth-Request-Email,Authorization"
|
||||
|
||||
```
|
||||
@@ -8,4 +8,4 @@ metadata:
|
||||
stringData:
|
||||
client-id: oauth2-proxy
|
||||
client-secret: <REPLACE_WITH_KANIDM_SECRET>
|
||||
cookie-secret: <REPLACE_WITH_OPENSSL_RAND_BASE64_32>
|
||||
cookie-secret: a1f522c2394696c76e88eea54769d9e1
|
||||
@@ -34,6 +34,13 @@ spec:
|
||||
ingressClass: nginx
|
||||
ingress_annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
nginx.ingress.kubernetes.io/auth-url: "https://oauth2-proxy.lab.home.hrajfrisbee.cz /oauth2/auth"
|
||||
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2-proxy.lab.home.hrajfrisbee.cz /oauth2/start?rd=$scheme://$host$escaped_request_uri"
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: "X-Auth-Request-User,X-Auth-Request-Email,Authorization"
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
if ($request_uri ~* "^/uploads/") {
|
||||
set $auth_request_uri "";
|
||||
}
|
||||
# nginx.ingress.kubernetes.io/proxy-body-size: "10m"
|
||||
|
||||
# PostgreSQL - local stateful or external
|
||||
|
||||
Reference in New Issue
Block a user