alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

add grafana

Browse Source
This commit is contained in:
Alex Lebens
2025-03-03 15:08:40 -06:00
parent 8286bad028
commit da23d8092d
5 changed files with 346 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/monitoring/grafana/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: grafana
version: 1.0.0
description: Grafana
keywords:
- grafana
- dashboard
- metrics
- logs
home: https://wiki.alexlebens.dev/doc/grafana-BFwY2bvVzt
sources:
- https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts/tree/main/charts/grafana
maintainers:
- name: alexlebens
dependencies:
- name: grafana
version: 8.10.1
repository: https://grafana.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png
appVersion: 11.4.0

121
clusters/cl01tl/monitoring/grafana/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-auth-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: admin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-user
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: client
- secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: secret
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: grafana-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: grafana-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

30
clusters/cl01tl/monitoring/grafana/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-grafana
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-grafana
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- grafana.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: grafana
port: 80
weight: 100

30
clusters/cl01tl/monitoring/grafana/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,30 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: grafana-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: grafana-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: grafana
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: grafana-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 472
# runAsGroup: 472
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

144
clusters/cl01tl/monitoring/grafana/values.yaml Normal file
View File

@@ -0,0 +1,144 @@
grafana:
deploymentStrategy:
type: Recreate
createConfigmap: true
serviceMonitor:
enabled: true
ingress:
enabled: false
persistence:
enabled: true
storageClassName: ceph-block
admin:
existingSecret: grafana-auth-secret
userKey: admin-user
passwordKey: admin-password
envFromSecret: grafana-oauth-secret
plugins:
- grafana-clock-panel
- grafana-worldmap-panel
- grafana-lokiexplore-app
- isovalent-hubble-datasource
- marcusolsson-treemap-panel
- camptocamp-prometheus-alertmanager-datasource
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
uid: prometheus
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/
access: proxy
isDefault: true
jsonData:
timeInterval: 30s
- name: Loki
type: loki
url: http://loki.loki:3100
jsonData:
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
httpHeaderValue1: "1"
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: "app-gitea"
orgId: 1
folder: "Application"
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/app-gitea
- name: "srv-gitea"
orgId: 1
folder: "Service"
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/srv-gitea
- name: "sys-gitea"
orgId: 1
folder: "System"
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/sys-gitea
dashboards:
app-gitea:
immich:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
radarr:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
sonarr:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json
srv-gitea:
alertmanager:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json
argocd:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
authentik:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json
blocky:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
cert-manager:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
cloudnativepg:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json
coredns:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json
descheduler:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
minio:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json
speedtest-exporter:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
spegel:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
traefik:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
trivy:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
unpoller:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
vault:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json
volsync:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
sys-gitea:
ceph:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
etcd:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
loki:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
node-full:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
node-short:
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
grafana.ini:
analytics:
check_for_updates: false
server:
domain: alexlebens.net
root_url: https://grafana.alexlebens.net
users:
auto_assign_org: true
auto_assign_org_id: 1
auth:
disable_login_form: true
oauth_auto_login: true
signout_redirect_url: https://authentik.alexlebens.net/application/o/grafana/end-session/
auth.generic_oauth:
enabled: true
name: Authentik
allow_sign_up: true
scopes: openid profile email
auth_url: https://authentik.alexlebens.net/application/o/authorize/
token_url: https://authentik.alexlebens.net/application/o/token/
api_url: https://authentik.alexlebens.net/application/o/userinfo/
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'