create monitoring set

clusters/cl01tl/monitoring/kube-prometheus-stack/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: kube-prometheus-stack
+version: 1.0.0
+description: Kube Prometheus Stack
+keywords:
+  - kube-prometheus-stack
+  - prometheus
+  - alertmanager
+  - metrics
+  - alerts
+  - kubernetes
+home: ""
+sources:
+  - https://github.com/prometheus/prometheus
+  - https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: kube-prometheus-stack
+    version: 60.4.0
+    repository: https://prometheus-community.github.io/helm-charts
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prometheus.png
+appVersion: v0.74.0

clusters/cl01tl/monitoring/kube-prometheus-stack/templates/external-secret.yaml

@@ -0,0 +1,37 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: alertmanager-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: discord_webhook
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /discord/alertmanager
+        metadataPolicy: None
+        property: webhook
+    - secretKey: pushover_token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /pushover/key
+        metadataPolicy: None
+        property: alertmanager_key
+    - secretKey: user_key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /pushover/key
+        metadataPolicy: None
+        property: user_key

clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml

@@ -0,0 +1,143 @@
+kube-prometheus-stack:
+  crds:
+    enabled: false
+  defaultRules:
+    create: true
+    rules:
+      kubeControllerManager: false
+      kubeSchedulerAlerting: false
+      kubeSchedulerRecording: false
+  global:
+    rbac:
+      create: true
+      createAggregateClusterRoles: true
+  alertmanager:
+    enabled: true
+    config:
+      route:
+        group_by: ["namespace","alertname"]
+        group_wait: 30s
+        group_interval: 5m
+        repeat_interval: 24h
+        receiver: discord
+        routes:
+          - receiver: "null"
+            matchers:
+              - alertname = "Watchdog"
+          - receiver: 'pushover'
+            group_wait: 10s
+            group_interval: 5m
+            repeat_interval: 24h
+            matchers:
+              - severity = "critical"
+      receivers:
+        - name: "null"
+        - name: discord
+          discord_configs:
+            - send_resolved: true
+              webhook_url: https://discord.com/api/webhooks/1215465356315983922/CSaWG3SygslTNQo0uw07FB-0eKGl9nw2kDAqbAfH7JMe1ExVin8UvjlP4qkJoEyjDawz
+        - name: pushover
+          pushover_configs:
+            - send_resolved: true
+              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key
+              token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
+    ingress:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - alertmanager.alexlebens.net
+      tls:
+        - secretName: alertmanager-secret-tls
+          hosts:
+            - alertmanager.alexlebens.net
+    alertmanagerSpec:
+      secrets:
+        - alertmanager-config-secret
+      replicas: 1
+    externalUrl: https://alertmanager.alexlebens.net
+  grafana:
+    enabled: false
+  kubeApiServer:
+    tlsConfig:
+      insecureSkipVerify: true
+  kubeControllerManager:
+    enabled: false
+  kubeScheduler:
+    enabled: false
+  kubeProxy:
+    enabled: false
+  kube-state-metrics:
+    selfMonitor:
+      enabled: true
+  nodeExporter:
+    operatingSystems:
+      darwin:
+        enabled: false
+  prometheusOperator:
+    admissionWebhooks:
+      enabled: true
+    namespaces:
+      releaseNamespace: true
+      additional:
+        - kube-system
+        - argocd
+        - authentik
+        - cert-manager
+        - cloudnative-pg
+        - freshrss
+        - gitea
+        - grafana
+        - home-assistant
+        - kyoo
+        - lidarr2
+        - local-static-provisioner
+        - loki
+        - matrix-synapse
+        - outline
+        - penpot
+        - qbittorrent
+        - radarr5
+        - radarr5-4k
+        - readarr-books
+        - reloader
+        - rook-ceph
+        - sonarr4
+        - sonarr4-4k
+        - speedtest-exporter
+        - taiga
+        - tdarr
+        - unpoller
+        - vault
+        - vikunja
+  prometheus:
+    ingress:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - prometheus.alexlebens.net
+      tls:
+        - secretName: prometheus-secret-tls
+          hosts:
+            - prometheus.alexlebens.net
+    prometheusSpec:
+      scrapeInterval: 30s
+      retention: 30d
+      externalUrl: https://prometheus.alexlebens.net
+      serviceMonitorSelectorNilUsesHelmValues: false
+      podMonitorSelectorNilUsesHelmValues: false
+      storageSpec:
+        volumeClaimTemplate:
+          spec:
+            storageClassName: ceph-block
+            accessModes: ["ReadWriteOnce"]
+            resources:
+              requests:
+                storage: 100Gi