From 508a4970b7352fdfcc9016ef2afdbca67007d4ca Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 18 Feb 2025 17:38:41 -0600 Subject: [PATCH] add grafana --- .../monitoring/grafana/Chart.yaml | 0 .../grafana/templates/external-secret.yaml | 121 ++++++++++++++++++ .../grafana/templates/replication-source.yaml | 30 +++++ .../monitoring/grafana/values.yaml | 48 +++---- .../grafana/templates/external-secret.yaml | 121 ------------------ .../grafana/templates/replication-source.yaml | 30 ----- 6 files changed, 175 insertions(+), 175 deletions(-) rename clusters/{standby => cl01tl}/monitoring/grafana/Chart.yaml (100%) create mode 100644 clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml create mode 100644 clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml rename clusters/{standby => cl01tl}/monitoring/grafana/values.yaml (75%) delete mode 100644 clusters/standby/monitoring/grafana/templates/external-secret.yaml delete mode 100644 clusters/standby/monitoring/grafana/templates/replication-source.yaml diff --git a/clusters/standby/monitoring/grafana/Chart.yaml b/clusters/cl01tl/monitoring/grafana/Chart.yaml similarity index 100% rename from clusters/standby/monitoring/grafana/Chart.yaml rename to clusters/cl01tl/monitoring/grafana/Chart.yaml diff --git a/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml b/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml new file mode 100644 index 000000000..1a0d1f9b4 --- /dev/null +++ b/clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml @@ -0,0 +1,121 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: grafana-auth-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: admin-user + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/grafana/auth + metadataPolicy: None + property: admin-user + - secretKey: admin-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/grafana/auth + metadataPolicy: None + property: admin-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: grafana-oauth-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/grafana + metadataPolicy: None + property: client + - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/grafana + metadataPolicy: None + property: secret + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: grafana-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: grafana-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key diff --git a/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml b/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml new file mode 100644 index 000000000..04b72bd8a --- /dev/null +++ b/clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml @@ -0,0 +1,30 @@ +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: grafana-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: grafana-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: grafana +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: grafana-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# moverSecurityContext: +# runAsUser: 472 +# runAsGroup: 472 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/standby/monitoring/grafana/values.yaml b/clusters/cl01tl/monitoring/grafana/values.yaml similarity index 75% rename from clusters/standby/monitoring/grafana/values.yaml rename to clusters/cl01tl/monitoring/grafana/values.yaml index a621d324e..6387a3462 100644 --- a/clusters/standby/monitoring/grafana/values.yaml +++ b/clusters/cl01tl/monitoring/grafana/values.yaml @@ -78,55 +78,55 @@ grafana: dashboards: app-gitea: immich: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json radarr: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json sonarr: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json srv-gitea: alertmanager: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json argocd: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json authentik: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json blocky: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json cert-manager: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json cloudnativepg: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json coredns: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json descheduler: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json minio: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json speedtest-exporter: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json spegel: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json traefik: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json trivy: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json unpoller: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json vault: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json volsync: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json sys-gitea: ceph: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json etcd: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json loki: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json node-full: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json node-short: - url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json + url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json grafana.ini: analytics: check_for_updates: false diff --git a/clusters/standby/monitoring/grafana/templates/external-secret.yaml b/clusters/standby/monitoring/grafana/templates/external-secret.yaml deleted file mode 100644 index 3e4825a45..000000000 --- a/clusters/standby/monitoring/grafana/templates/external-secret.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: grafana-auth-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: admin-user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/grafana/auth - metadataPolicy: None - property: admin-user - - secretKey: admin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/grafana/auth - metadataPolicy: None - property: admin-password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: grafana-oauth-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/grafana - metadataPolicy: None - property: client - - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/grafana - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: grafana-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key diff --git a/clusters/standby/monitoring/grafana/templates/replication-source.yaml b/clusters/standby/monitoring/grafana/templates/replication-source.yaml deleted file mode 100644 index 44fade5f2..000000000 --- a/clusters/standby/monitoring/grafana/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: grafana-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: grafana - trigger: - schedule: 0 0 */3 * * - restic: - pruneIntervalDays: 14 - repository: grafana-backup-secret - retain: - hourly: 1 - daily: 1 - weekly: 1 - monthly: 2 - yearly: 4 - moverSecurityContext: - runAsUser: 472 - runAsGroup: 472 - copyMethod: Snapshot - storageClassName: ceph-block-delete - volumeSnapshotClassName: ceph-blockpool-snapshot