120 lines
4.0 KiB
YAML
120 lines
4.0 KiB
YAML
apiVersion: helm.cattle.io/v1
|
|
kind: HelmChart
|
|
metadata:
|
|
name: prometheus
|
|
namespace: monitoring
|
|
spec:
|
|
chart: kube-prometheus-stack
|
|
targetNamespace: monitoring
|
|
repo: https://prometheus-community.github.io/helm-charts
|
|
# https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
|
|
version: 75.9.0
|
|
valuesContent: |-
|
|
grafana:
|
|
envValueFrom:
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
|
|
secretKeyRef:
|
|
name: authentik-oauth-client-secret
|
|
key: client-secret
|
|
defaultDashboardsTimezone: "US/Eastern"
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
|
|
paths:
|
|
- path: "/"
|
|
pathType: Prefix
|
|
hosts:
|
|
- monitoring.keligrubb.com
|
|
tls:
|
|
- secretName: monitoring-tls
|
|
hosts:
|
|
- monitoring.keligrubb.com
|
|
grafana.ini:
|
|
server:
|
|
root_url: https://monitoring.keligrubb.com
|
|
auth:
|
|
signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
|
|
oauth_auto_login: true
|
|
auth.generic_oauth:
|
|
name: authentik
|
|
enabled: true
|
|
client_id: "8hpxfQs7B1BNwlHx6PrAOYc2K5PMzU9Xig1ImXU9"
|
|
scopes: "openid profile email"
|
|
auth_url: "https://login.keligrubb.com/application/o/authorize/"
|
|
token_url: "https://login.keligrubb.com/application/o/token/"
|
|
api_url: "https://login.keligrubb.com/application/o/userinfo/"
|
|
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
|
|
# additionalDataSources:
|
|
# - name: Loki
|
|
# type: loki
|
|
# access: proxy
|
|
# basicAuth: false
|
|
# url: http://loki-gateway.monitoring.svc.cluster.local
|
|
config:
|
|
auth:
|
|
signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
|
|
oauth_auto_login: true
|
|
auth.generic_oauth:
|
|
name: authentik
|
|
enabled: true
|
|
client_id: "<Client ID from above>"
|
|
client_secret: "<Client Secret from above>"
|
|
scopes: "openid profile email"
|
|
auth_url: "https://login.keligrubb.com/application/o/authorize/"
|
|
token_url: "https://login.keligrubb.com/application/o/token/"
|
|
api_url: "https://login.keligrubb.com/application/o/userinfo/"
|
|
role_attribute_path: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
|
|
|
|
kubelet:
|
|
serviceMonitor:
|
|
metricRelabelings:
|
|
- action: replace
|
|
sourceLabels:
|
|
- node
|
|
targetLabel: instance
|
|
kube-state-metrics:
|
|
selfMonitor:
|
|
enabled: true
|
|
prometheus:
|
|
selfMonitor:
|
|
metricRelabelings:
|
|
- action: replace
|
|
regex: (.*)
|
|
replacement: $1
|
|
sourceLabels:
|
|
- __meta_kubernetes_pod_node_name
|
|
targetLabel: kubernetes_node
|
|
prometheus:
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: nginx
|
|
paths:
|
|
- /
|
|
hosts:
|
|
- prometheus.keligrubb.com
|
|
prometheusSpec:
|
|
replicaExternalLabelName: "replica"
|
|
ruleSelectorNilUsesHelmValues: false
|
|
serviceMonitorSelectorNilUsesHelmValues: false
|
|
podMonitorSelectorNilUsesHelmValues: false
|
|
probeSelectorNilUsesHelmValues: fales
|
|
retention: 30d
|
|
retentionSize: "64GB"
|
|
enableAdminAPI: true
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsNonRoot: false
|
|
runAsGroup: 0
|
|
fsGroup: 65534
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
storageclassname: longhorn
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 16Gi
|