add monitoring

clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml

@@ -0,0 +1,149 @@
+kube-prometheus-stack:
+  crds:
+    enabled: false
+  defaultRules:
+    create: true
+    rules:
+      kubeControllerManager: false
+      kubeSchedulerAlerting: false
+      kubeSchedulerRecording: false
+  global:
+    rbac:
+      create: true
+      createAggregateClusterRoles: true
+  alertmanager:
+    enabled: true
+    config:
+      route:
+        group_by: ["namespace", "alertname"]
+        group_wait: 30s
+        group_interval: 5m
+        repeat_interval: 24h
+        receiver: discord
+        routes:
+          - receiver: "null"
+            matchers:
+              - alertname = "Watchdog"
+          - receiver: "pushover"
+            group_wait: 10s
+            group_interval: 5m
+            repeat_interval: 24h
+            matchers:
+              - severity = "critical"
+      receivers:
+        - name: "null"
+        - name: discord
+          discord_configs:
+            - send_resolved: true
+              webhook_url_file: /etc/alertmanager/secrets/alertmanager-config-secret/discord_webhook
+        - name: pushover
+          pushover_configs:
+            - send_resolved: true
+              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key
+              token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
+    alertmanagerSpec:
+      secrets:
+        - alertmanager-config-secret
+      replicas: 1
+  grafana:
+    enabled: false
+  kubeApiServer:
+    tlsConfig:
+      insecureSkipVerify: true
+  kubeControllerManager:
+    enabled: false
+  kubeEtcd:
+    enabled: true
+  kubeScheduler:
+    enabled: false
+  kubeProxy:
+    enabled: false
+  kubeStateMetrics:
+    enabled: true
+  nodeExporter:
+    operatingSystems:
+      darwin:
+        enabled: false
+  prometheusOperator:
+    admissionWebhooks:
+      enabled: true
+    namespaces:
+      releaseNamespace: true
+      additional:
+        - kube-system
+        - kube-prometheus-stack
+        - argocd
+        - argo-workflows
+        - authentik
+        - blocky
+        - cert-manager
+        - cloudnative-pg
+        - descheduler
+        - directus
+        - external-dns
+        - freshrss
+        - generic-device-plugin
+        - gitea
+        - grafana
+        - harbor
+        - hoarder
+        - home-assistant
+        - immich
+        - jellystat
+        - komodo
+        - lidarr2
+        - linkwarden
+        - loki
+        - matrix-synapse
+        - ollama
+        - outline
+        - photoview
+        - qbittorrent
+        - radarr5
+        - radarr5-4k
+        - radarr5-anime
+        - radarr5-standup
+        - reloader
+        - rook-ceph
+        - roundcube
+        - slskd
+        - sonarr4
+        - sonarr4-4k
+        - sonarr4-anime
+        - speedtest-exporter
+        - spegel
+        - stalwart
+        - tdarr
+        - traefik
+        - trivy
+        - unpoller
+        - vault
+        - vaultwarden
+        - volsync
+  prometheus:
+    ingress:
+      enabled: true
+      ingressClassName: tailscale
+      labels:
+        tailscale.com/proxy-class: no-metrics
+      hosts:
+        - prometheus-cl01tl
+      tls:
+        - secretName: prometheus-cl01tl
+          hosts:
+            - prometheus-cl01tl
+    prometheusSpec:
+      scrapeInterval: 30s
+      retention: 30d
+      externalUrl: https://prometheus-cl01tl.boreal-beaufort.ts.net
+      serviceMonitorSelectorNilUsesHelmValues: false
+      podMonitorSelectorNilUsesHelmValues: false
+      scrapeConfigSelectorNilUsesHelmValues: false
+      storageSpec:
+        volumeClaimTemplate:
+          spec:
+            storageClassName: synology-iscsi-delete
+            accessModes: ["ReadWriteOnce"]
+            resources:
+              requests:
+                storage: 200Gi