alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity

create monitoring set

Browse Source
This commit is contained in:
Alex Lebens
2024-06-28 21:49:02 -05:00
parent 5746035091
commit 3af652a0b1
13 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/monitoring/grafana/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: grafana
version: 1.0.0
description: Grafana
keywords:
- grafana
- dashboard
- metrics
- logs
home: ""
sources:
- https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts/tree/main/charts/grafana
maintainers:
- name: alexlebens
dependencies:
- name: grafana
version: 8.0.2
repository: https://grafana.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png
appVersion: 10.4.0

62
clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-auth-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: admin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-user
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: client
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: secret

142
clusters/cl01tl/monitoring/grafana/values.yaml Normal file
View File

@@ -0,0 +1,142 @@
grafana:
deploymentStrategy:
type: Recreate
createConfigmap: true
serviceMonitor:
enabled: true
ingress:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- grafana.alexlebens.net
tls:
- secretName: grafana-secret-tls
hosts:
- grafana.alexlebens.net
persistence:
enabled: true
storageClassName: ceph-block
admin:
existingSecret: grafana-auth-secret
userKey: admin-user
passwordKey: admin-password
envFromSecret: grafana-oauth-secret
plugins:
- grafana-clock-panel
- vonage-status-panel
- grafana-worldmap-panel
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
uid: prometheus
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/
access: proxy
isDefault: true
jsonData:
timeInterval: 30s
- name: Loki
type: loki
url: http://loki.loki:3100
jsonData:
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
httpHeaderValue1: "1"
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: "default"
orgId: 1
folder: ""
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
node-exporter:
gnetId: 1860
revision: 33
datasource: Prometheus
coredns:
gnetId: 14981
revision: 2
datasource: Prometheus
loki:
gnetId: 14055
revision: 5
datasource: Prometheus
argocd:
gnetId: 14584
revision: 1
datasource: Prometheus
cert-manager:
gnetId: 11001
revision: 1
datasource: Prometheus
traefik:
gnetId: 17346
revision: 7
datasource: Prometheus
kubernetes-nodes:
gnetId: 8171
revision: 1
datasource: Prometheus
vault:
gnetId: 12904
revision: 2
datasource: Prometheus
ceph:
gnetId: 2842
revision: 17
datasource: Prometheus
alertmanager:
gnetId: 9578
revision: 4
datasource: Prometheus
sonarr:
gnetId: 12530
revision: 2
datasource: Prometheus
radarr:
gnetId: 12896
revision: 1
datasource: Prometheus
unpoller:
gnetId: 11315
revision: 9
datasource: Prometheus
etcd:
gnetId: 3070
revision: 3
datasource: Prometheus
grafana.ini:
analytics:
check_for_updates: false
server:
domain: alexlebens.net
root_url: https://grafana.alexlebens.net
users:
auto_assign_org: true
auto_assign_org_id: 1
auth:
disable_login_form: true
oauth_auto_login: true
signout_redirect_url: https://authentik.alexlebens.net/application/o/grafana/end-session/
auth.generic_oauth:
enabled: true
name: Authentik
allow_sign_up: true
scopes: openid profile email
auth_url: https://authentik.alexlebens.net/application/o/authorize/
token_url: https://authentik.alexlebens.net/application/o/token/
api_url: https://authentik.alexlebens.net/application/o/userinfo/
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'