add grafana

clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml

@@ -0,0 +1,121 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: grafana-auth-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: admin-user
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/grafana/auth
+        metadataPolicy: None
+        property: admin-user
+    - secretKey: admin-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/grafana/auth
+        metadataPolicy: None
+        property: admin-password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: grafana-oauth-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/grafana
+        metadataPolicy: None
+        property: client
+    - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/grafana
+        metadataPolicy: None
+        property: secret
+
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: grafana-backup-secret
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: grafana-backup-secret
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: backup
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   secretStoreRef:
+#     kind: ClusterSecretStore
+#     name: vault
+#   target:
+#     template:
+#       mergePolicy: Merge
+#       engineVersion: v2
+#       data:
+#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana"
+#   data:
+#     - secretKey: BUCKET_ENDPOINT
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: S3_BUCKET_ENDPOINT
+#     - secretKey: RESTIC_PASSWORD
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: RESTIC_PASSWORD
+#     - secretKey: AWS_DEFAULT_REGION
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: AWS_DEFAULT_REGION
+#     - secretKey: AWS_ACCESS_KEY_ID
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /digital-ocean/home-infra/volsync-backups
+#         metadataPolicy: None
+#         property: access_key
+#     - secretKey: AWS_SECRET_ACCESS_KEY
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /digital-ocean/home-infra/volsync-backups
+#         metadataPolicy: None
+#         property: secret_key

clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml

@@ -0,0 +1,30 @@
+# apiVersion: volsync.backube/v1alpha1
+# kind: ReplicationSource
+# metadata:
+#   name: grafana-backup-source
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: grafana-backup-source
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: backup
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   sourcePVC: grafana
+#   trigger:
+#     schedule: 0 0 */3 * *
+#   restic:
+#     pruneIntervalDays: 14
+#     repository: grafana-backup-secret
+#     retain:
+#       hourly: 1
+#       daily: 1
+#       weekly: 1
+#       monthly: 2
+#       yearly: 4
+#     moverSecurityContext:
+#       runAsUser: 472
+#       runAsGroup: 472
+#     copyMethod: Snapshot
+#     storageClassName: ceph-block
+#     volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/monitoring/grafana/values.yaml

@@ -78,55 +78,55 @@ grafana:
   dashboards:
     app-gitea:
       immich:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
       radarr:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
       sonarr:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json
     srv-gitea:
       alertmanager:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json
       argocd:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
       authentik:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json
       blocky:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
       cert-manager:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
       cloudnativepg:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json
       coredns:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json
       descheduler:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
       minio:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json
       speedtest-exporter:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
       spegel:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
       traefik:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
       trivy:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
       unpoller:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
       vault:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json
       volsync:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
     sys-gitea:
       ceph:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
       etcd:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
       loki:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
       node-full:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
       node-short:
-        url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
+        url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
   grafana.ini:
     analytics:
       check_for_updates: false

clusters/standby/monitoring/grafana/templates/external-secret.yaml

@@ -1,121 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: grafana-auth-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: admin-user
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/grafana/auth
-        metadataPolicy: None
-        property: admin-user
-    - secretKey: admin-password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/grafana/auth
-        metadataPolicy: None
-        property: admin-password
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: grafana-oauth-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/grafana
-        metadataPolicy: None
-        property: client
-    - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/grafana
-        metadataPolicy: None
-        property: secret
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: grafana-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: grafana-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: backup
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  target:
-    template:
-      mergePolicy: Merge
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana"
-  data:
-    - secretKey: BUCKET_ENDPOINT
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
-    - secretKey: RESTIC_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: RESTIC_PASSWORD
-    - secretKey: AWS_DEFAULT_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: AWS_DEFAULT_REGION
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: access_key
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: secret_key

clusters/standby/monitoring/grafana/templates/replication-source.yaml

@@ -1,30 +0,0 @@
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  name: grafana-backup-source
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: grafana-backup-source
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: backup
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  sourcePVC: grafana
-  trigger:
-    schedule: 0 0 */3 * *
-  restic:
-    pruneIntervalDays: 14
-    repository: grafana-backup-secret
-    retain:
-      hourly: 1
-      daily: 1
-      weekly: 1
-      monthly: 2
-      yearly: 4
-    moverSecurityContext:
-      runAsUser: 472
-      runAsGroup: 472
-    copyMethod: Snapshot
-    storageClassName: ceph-block-delete
-    volumeSnapshotClassName: ceph-blockpool-snapshot