add grafana
This commit is contained in:
@@ -0,0 +1,121 @@
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-auth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: admin-user
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/grafana/auth
|
||||
metadataPolicy: None
|
||||
property: admin-user
|
||||
- secretKey: admin-password
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/grafana/auth
|
||||
metadataPolicy: None
|
||||
property: admin-password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-oauth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/grafana
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/grafana
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
# ---
|
||||
# apiVersion: external-secrets.io/v1beta1
|
||||
# kind: ExternalSecret
|
||||
# metadata:
|
||||
# name: grafana-backup-secret
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: grafana-backup-secret
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
# app.kubernetes.io/component: backup
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# secretStoreRef:
|
||||
# kind: ClusterSecretStore
|
||||
# name: vault
|
||||
# target:
|
||||
# template:
|
||||
# mergePolicy: Merge
|
||||
# engineVersion: v2
|
||||
# data:
|
||||
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana"
|
||||
# data:
|
||||
# - secretKey: BUCKET_ENDPOINT
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /cl01tl/volsync/restic/config
|
||||
# metadataPolicy: None
|
||||
# property: S3_BUCKET_ENDPOINT
|
||||
# - secretKey: RESTIC_PASSWORD
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /cl01tl/volsync/restic/config
|
||||
# metadataPolicy: None
|
||||
# property: RESTIC_PASSWORD
|
||||
# - secretKey: AWS_DEFAULT_REGION
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /cl01tl/volsync/restic/config
|
||||
# metadataPolicy: None
|
||||
# property: AWS_DEFAULT_REGION
|
||||
# - secretKey: AWS_ACCESS_KEY_ID
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /digital-ocean/home-infra/volsync-backups
|
||||
# metadataPolicy: None
|
||||
# property: access_key
|
||||
# - secretKey: AWS_SECRET_ACCESS_KEY
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /digital-ocean/home-infra/volsync-backups
|
||||
# metadataPolicy: None
|
||||
# property: secret_key
|
||||
@@ -0,0 +1,30 @@
|
||||
# apiVersion: volsync.backube/v1alpha1
|
||||
# kind: ReplicationSource
|
||||
# metadata:
|
||||
# name: grafana-backup-source
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: grafana-backup-source
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
# app.kubernetes.io/component: backup
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# sourcePVC: grafana
|
||||
# trigger:
|
||||
# schedule: 0 0 */3 * *
|
||||
# restic:
|
||||
# pruneIntervalDays: 14
|
||||
# repository: grafana-backup-secret
|
||||
# retain:
|
||||
# hourly: 1
|
||||
# daily: 1
|
||||
# weekly: 1
|
||||
# monthly: 2
|
||||
# yearly: 4
|
||||
# moverSecurityContext:
|
||||
# runAsUser: 472
|
||||
# runAsGroup: 472
|
||||
# copyMethod: Snapshot
|
||||
# storageClassName: ceph-block
|
||||
# volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -78,55 +78,55 @@ grafana:
|
||||
dashboards:
|
||||
app-gitea:
|
||||
immich:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
|
||||
radarr:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
|
||||
sonarr:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json
|
||||
srv-gitea:
|
||||
alertmanager:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json
|
||||
argocd:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
|
||||
authentik:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json
|
||||
blocky:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
|
||||
cert-manager:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
|
||||
cloudnativepg:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json
|
||||
coredns:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json
|
||||
descheduler:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
|
||||
minio:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json
|
||||
speedtest-exporter:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
|
||||
spegel:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
|
||||
traefik:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
|
||||
trivy:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
|
||||
unpoller:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
|
||||
vault:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json
|
||||
volsync:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
|
||||
sys-gitea:
|
||||
ceph:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
|
||||
etcd:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
|
||||
loki:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
|
||||
node-full:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
|
||||
node-short:
|
||||
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
|
||||
grafana.ini:
|
||||
analytics:
|
||||
check_for_updates: false
|
||||
@@ -1,121 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-auth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: admin-user
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/grafana/auth
|
||||
metadataPolicy: None
|
||||
property: admin-user
|
||||
- secretKey: admin-password
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/grafana/auth
|
||||
metadataPolicy: None
|
||||
property: admin-password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-oauth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/grafana
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/grafana
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: backup
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
@@ -1,30 +0,0 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: grafana-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: backup
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: grafana
|
||||
trigger:
|
||||
schedule: 0 0 */3 * *
|
||||
restic:
|
||||
pruneIntervalDays: 14
|
||||
repository: grafana-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 1
|
||||
weekly: 1
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 472
|
||||
runAsGroup: 472
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block-delete
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
Reference in New Issue
Block a user