alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

stage for rebuilt

Browse Source
This commit is contained in:
Alex Lebens
2025-02-14 22:05:52 -06:00
parent 91c1b3931d
commit 8b4eee804f
329 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/monitoring/grafana/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: grafana
version: 1.0.0
description: Grafana
keywords:
- grafana
- dashboard
- metrics
- logs
home: https://wiki.alexlebens.dev/doc/grafana-BFwY2bvVzt
sources:
- https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts/tree/main/charts/grafana
maintainers:
- name: alexlebens
dependencies:
- name: grafana
version: 8.9.0
repository: https://grafana.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png
appVersion: 11.4.0

121
clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml
View File

@@ -1,121 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-auth-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: admin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-user
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: client
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

30
clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: grafana-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: grafana
trigger:
schedule: 0 0 */3 * *
restic:
pruneIntervalDays: 14
repository: grafana-backup-secret
retain:
hourly: 1
daily: 1
weekly: 1
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 472
runAsGroup: 472
copyMethod: Snapshot
storageClassName: ceph-block-delete
volumeSnapshotClassName: ceph-blockpool-snapshot

151
clusters/cl01tl/monitoring/grafana/values.yaml
View File

@@ -1,151 +0,0 @@
grafana:
deploymentStrategy:
type: Recreate
createConfigmap: true
serviceMonitor:
enabled: true
ingress:
enabled: true
ingressClassName: tailscale
hosts:
- grafana-cl01tl
tls:
- secretName: grafana-cl01tl
hosts:
- grafana-cl01tl
persistence:
enabled: true
storageClassName: ceph-block
admin:
existingSecret: grafana-auth-secret
userKey: admin-user
passwordKey: admin-password
envFromSecret: grafana-oauth-secret
plugins:
- grafana-clock-panel
- grafana-worldmap-panel
- grafana-lokiexplore-app
- isovalent-hubble-datasource
- marcusolsson-treemap-panel
- camptocamp-prometheus-alertmanager-datasource
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
uid: prometheus
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/
access: proxy
isDefault: true
jsonData:
timeInterval: 30s
- name: Loki
type: loki
url: http://loki.loki:3100
jsonData:
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
httpHeaderValue1: "1"
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: "app-gitea"
orgId: 1
folder: "Application"
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/app-gitea
- name: "srv-gitea"
orgId: 1
folder: "Service"
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/srv-gitea
- name: "sys-gitea"
orgId: 1
folder: "System"
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/sys-gitea
dashboards:
app-gitea:
immich:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
radarr:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
sonarr:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json
srv-gitea:
alertmanager:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json
argocd:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
authentik:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json
blocky:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
cert-manager:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
cloudnativepg:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json
coredns:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json
descheduler:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
minio:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json
speedtest-exporter:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
spegel:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
traefik:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
trivy:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
unpoller:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
vault:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json
volsync:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
sys-gitea:
ceph:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
etcd:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
loki:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
node-full:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
node-short:
url: https://gitea.alexlebens.dev/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
grafana.ini:
analytics:
check_for_updates: false
server:
domain: alexlebens.net
root_url: https://grafana-cl01tl.boreal-beaufort.ts.net
users:
auto_assign_org: true
auto_assign_org_id: 1
auth:
disable_login_form: true
oauth_auto_login: true
signout_redirect_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/grafana/end-session/
auth.generic_oauth:
enabled: true
name: Authentik
allow_sign_up: true
scopes: openid profile email
auth_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/
token_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/
api_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'