feat: add prom

2026-04-22 15:50:19 -05:00
parent 6b02b1d331
commit f99d2e89a1
5 changed files with 46 additions and 40 deletions
--- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml
@@ -1,59 +1,36 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: alertmanager-config-secret
+  name: alertmanager-ntfy-config
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: alertmanager-config-secret
+    app.kubernetes.io/name: alertmanager-ntfy-config
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: ntfy_password
      remoteRef:
-        key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
-        property: ntfy_password
+        key: / cl01tl/ntfy/users/cl01tl
+        property: password

 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: garage-metric-secret
+  name: garage-metric-token
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: garage-metric-secret
+    app.kubernetes.io/name: garage-metric-token
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: token
      remoteRef:
-        key: /garage/token
-        property: metric
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: ntfy-alertmanager-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: ntfy-alertmanager-config-secret
-    {{- include "custom.labels" . | nindent 4 }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ntfy_password
-      remoteRef:
-        key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
-        property: ntfy_password
-    - secretKey: config
-      remoteRef:
-        key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
-        property: config
+        key: /ps10rp/garage/config
+        property: metrics-token
--- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml
@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: kube-prometheus-stack
+  name: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: kube-prometheus-stack
+    app.kubernetes.io/name: {{ .Release.Namespace }}
    {{- include "custom.labels" . | nindent 4 }}
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
--- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml
@@ -74,4 +74,4 @@ spec:
    type: Bearer
    credentials:
      key: token
-      name: garage-metric-secret
+      name: garage-metric-token
--- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml
@@ -0,0 +1,18 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: ntfy-alertmanager-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ntfy-alertmanager-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: ntfy-alertmanager
+    objects: |
+      - objectName: config
+        fileName: config
+        secretPath: secret/data/cl01tl/kube-prometheus-stack/ntfy-alertmanager
+        secretKey: config
--- a/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
@@ -43,7 +43,7 @@ kube-prometheus-stack:
            namespace: traefik
    alertmanagerSpec:
      secrets:
-        - alertmanager-config-secret
+        - alertmanager-ntfy-config
  grafana:
    enabled: false
  kubeApiServer:
@@ -120,11 +120,18 @@ ntfy-alertmanager:
    main:
      type: deployment
      replicas: 1
+      strategy: Recreate
+      serviceAccount:
+        name: ntfy-alertmanager
      containers:
        main:
          image:
            repository: xenrox/ntfy-alertmanager
            tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73
+  serviceAccount:
+    ntfy-alertmanager:
+      enabled: true
+      staticToken: true
  service:
    main:
      controller: main
@@ -134,9 +141,13 @@ ntfy-alertmanager:
          targetPort: 8080
  persistence:
    config:
-      enabled: true
-      type: secret
-      name: ntfy-alertmanager-config-secret
+      type: custom
+      volumeSpec:
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: ntfy-alertmanager-config
      advancedMounts:
        main:
          main: