apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: kube-prometheus-stack namespace: monitoring spec: interval: 5m chart: spec: chart: kube-prometheus-stack version: 45.10.x sourceRef: kind: HelmRepository name: prometheus-community-charts namespace: flux-system values: # Temporarily disable alertmanager: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &alertmanager-host alertmanager.${SECRET_NEW_DOMAIN} paths: - path: / pathType: Prefix service: number: 9093 tls: - hosts: - *alertmanager-host secretName: wildcard-main-tls grafana: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &grafana-host grafana.${SECRET_NEW_DOMAIN} paths: - path: / pathType: Prefix service: name: http-web tls: - hosts: - *grafana-host secretName: wildcard-main-tls # Enable this when the cluster expands to have more than a single node kubeEtcd: enabled: false prometheus: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &prometheus-host metrics.${SECRET_NEW_DOMAIN} paths: - path: / pathType: Prefix service: port: 9090 tls: - hosts: - *prometheus-host secretName: wildcard-main-tls