alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Activity

feat: add prom
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m25s
Details
lint-test-helm / lint-helm (pull_request) Successful in 8m17s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 9m55s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-22 15:50:19 -05:00
parent 6b02b1d331
commit f99d2e89a1
5 changed files with 46 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml
View File

@@ -1,59 +1,36 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: alertmanager-config-secret name: alertmanager-ntfy-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: alertmanager-config-secret app.kubernetes.io/name: alertmanager-ntfy-config
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: ntfy_password - secretKey: ntfy_password
remoteRef: remoteRef:
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager key: / cl01tl/ntfy/users/cl01tl
property: ntfy_password property: password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: garage-metric-secret name: garage-metric-token
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: garage-metric-secret app.kubernetes.io/name: garage-metric-token
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
key: /garage/token key: /ps10rp/garage/config
property: metric property: metrics-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ntfy-alertmanager-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ntfy-alertmanager-config-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ntfy_password
remoteRef:
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
property: ntfy_password
- secretKey: config
remoteRef:
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
property: config

4
clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: kube-prometheus-stack name: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: kube-prometheus-stack app.kubernetes.io/name: {{ .Release.Namespace }}
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged

2
clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml
View File

@@ -74,4 +74,4 @@ spec:
type: Bearer type: Bearer
credentials: credentials:
key: token key: token
name: garage-metric-secret name: garage-metric-token

18
clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: ntfy-alertmanager-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ntfy-alertmanager-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: ntfy-alertmanager
objects: |
- objectName: config
fileName: config
secretPath: secret/data/cl01tl/kube-prometheus-stack/ntfy-alertmanager
secretKey: config

19
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -43,7 +43,7 @@ kube-prometheus-stack:
namespace: traefik namespace: traefik
alertmanagerSpec: alertmanagerSpec:
secrets: secrets:
- alertmanager-config-secret - alertmanager-ntfy-config
grafana: grafana:
enabled: false enabled: false
kubeApiServer: kubeApiServer:
@@ -120,11 +120,18 @@ ntfy-alertmanager:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate
serviceAccount:
name: ntfy-alertmanager
containers: containers:
main: main:
image: image:
repository: xenrox/ntfy-alertmanager repository: xenrox/ntfy-alertmanager
tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73 tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73
serviceAccount:
ntfy-alertmanager:
enabled: true
staticToken: true
service: service:
main: main:
controller: main controller: main
@@ -134,9 +141,13 @@ ntfy-alertmanager:
targetPort: 8080 targetPort: 8080
persistence: persistence:
config: config:
enabled: true type: custom
type: secret volumeSpec:
name: ntfy-alertmanager-config-secret csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: ntfy-alertmanager-config
advancedMounts: advancedMounts:
main: main:
main: main: