apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: kube-prometheus-stack namespace: monitoring spec: interval: 5m chart: spec: chart: kube-prometheus-stack version: 45.10.x sourceRef: kind: HelmRepository name: prometheus-community-charts namespace: flux-system values: namespaceOverride: "monitoring" alertmanager: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - &alertmanager-host alertmanager.${SECRET_NEW_DOMAIN} paths: - "/" tls: - hosts: - *alertmanager-host secretName: wildcard-main-tls config: receivers: - name: gotify-bridge webhook_configs: - url: http://alertmanager-gotify-bridge.monitoring:8080/gotify_webhook send_resolved: true grafana: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - &grafana-host grafana.${SECRET_NEW_DOMAIN} path: "/" tls: - hosts: - *grafana-host secretName: wildcard-main-tls # Enable this when the cluster expands to have more than a single node kubeEtcd: enabled: false prometheus: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - &prometheus-host metrics.${SECRET_NEW_DOMAIN} paths: - "/" tls: - hosts: - *prometheus-host secretName: wildcard-main-tls