apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: kube-prometheus-stack namespace: monitoring spec: interval: 5m chart: spec: chart: kube-prometheus-stack version: 45.10.x sourceRef: kind: HelmRepository name: prometheus-community-charts namespace: flux-system values: namespaceOverride: "monitoring" alertmanager: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - &alertmanager-host alertmanager.${SECRET_NEW_DOMAIN} paths: - "/" tls: - hosts: - *alertmanager-host secretName: wildcard-main-tls alertmanagerSpec: alertmanagerConfiguration: name: alertmanager-config grafana: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - &grafana-host grafana.${SECRET_NEW_DOMAIN} path: "/" tls: - hosts: - *grafana-host secretName: wildcard-main-tls prometheus: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - &prometheus-host metrics.${SECRET_NEW_DOMAIN} paths: - "/" tls: - hosts: - *prometheus-host secretName: wildcard-main-tls prometheusSpec: enableAdminAPI: false kubeControllerManager: enabled: true endpoints: - 192.168.87.29 service: enabled: true port: 10257 targetPort: 10257 serviceMonitor: enabled: true https: true insecureSkipVerify: true kubeScheduler: enabled: true endpoints: - 192.168.87.29 service: enabled: true port: 10259 targetPort: 10259 serviceMonitor: enabled: true https: true insecureSkipVerify: true kubeProxy: enabled: true endpoints: - 192.168.87.29 service: enabled: true port: 10249 targetPort: 10249 serviceMonitor: enabled: true https: false kubeEtcd: enabled: false