Add kube-prometheus-stack helm chart
This commit is contained in:
parent
9c2807f3ad
commit
0c916c12f8
GPG Key ID:
568F326C7EB33ACB
|
|
@ -8,3 +8,4 @@ resources:
|
|||
- ./management
|
||||
- ./tools
|
||||
- ./irc
|
||||
- ./monitoring
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: kube-prometheus-stack
|
||||
namespace: monitoring
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: kube-prometheus-stack
|
||||
version: 45.10.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: prometheus-community-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
|
||||
# Temporarily disable
|
||||
alertmanager:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||
hosts:
|
||||
- host: &alertmanager-host alertmanager.${SECRET_NEW_DOMAIN}
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
service:
|
||||
number: 9093
|
||||
tls:
|
||||
- hosts:
|
||||
- *alertmanager-host
|
||||
secretName: wildcard-main-tls
|
||||
|
||||
grafana:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||
hosts:
|
||||
- host: &grafana-host grafana.${SECRET_NEW_DOMAIN}
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
service:
|
||||
name: http-web
|
||||
tls:
|
||||
- hosts:
|
||||
- *grafana-host
|
||||
secretName: wildcard-main-tls
|
||||
|
||||
# Enable this when the cluster expands to have more than a single node
|
||||
kubeEtcd:
|
||||
enabled: false
|
||||
|
||||
prometheus:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||
hosts:
|
||||
- host: &prometheus-host metrics.${SECRET_NEW_DOMAIN}
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
service:
|
||||
port: 9090
|
||||
tls:
|
||||
- hosts:
|
||||
- *prometheus-host
|
||||
secretName: wildcard-main-tls
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: prometheus-community-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1m
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./helm-repository.yaml
|
||||
- ./helm-release.yaml
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./namespace.yaml
|
||||
- ./network_policy.yaml
|
||||
- ./kube-prometheus-stack
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: monitoring
|
||||
labels:
|
||||
name: monitoring
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: deny-most-allow-some
|
||||
namespace: monitoring
|
||||
spec:
|
||||
# Apply to all pods in this namespace
|
||||
podSelector: {}
|
||||
ingress:
|
||||
- from:
|
||||
# Allow all pods in this namespace
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: "monitoring"
|
||||
# - podSelector: {}
|
||||
|
||||
# Allow traefik pods
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: "traefik"
|
||||
|
||||
# Allow all pods with this label
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
needsMonitoring: "yes"
|
||||
Loading…
Reference in New Issue