k3s-cluster/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: kube-prometheus-stack
  namespace: monitoring
spec:
  interval: 5m
  chart:
    spec:
      chart: kube-prometheus-stack
      version: 45.10.x
      sourceRef:
        kind: HelmRepository
        name: prometheus-community-charts
        namespace: flux-system

  values:
    namespaceOverride: "monitoring"

    alertmanager:
      ingress:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
          - &alertmanager-host alertmanager.${SECRET_NEW_DOMAIN}
        paths:
          - "/"
        tls:
          - hosts:
              - *alertmanager-host
            secretName: wildcard-main-tls

      alertmanagerSpec:
        alertmanagerConfiguration:
          name: alertmanager-config
                
    grafana:
      ingress:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - &grafana-host grafana.${SECRET_NEW_DOMAIN}
        path: "/"
        tls:
          - hosts:
              - *grafana-host
            secretName: wildcard-main-tls

      sidecar:
        datasources:
          defaultDatasourceEnabled: false
          isDefaultDatasource: false

      # Add Victoria Metrics as the default datasource
      additionalDataSources:
      - name: Victoria
        uid: victoria-metrics-server
        type: prometheus
        jsonData:
          tlsSkipVerify: true
        editable: false
        url: http://victoria-metrics-server.monitoring.svc:8428
        version: 1
        isDefault: true

    prometheus:
      ingress:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
          - &prometheus-host metrics.${SECRET_NEW_DOMAIN}
        paths:
          - "/"
        tls:
          - hosts:
              - *prometheus-host
            secretName: wildcard-main-tls

      prometheusSpec:
        enableAdminAPI: false

        retention: 1d

        remoteWrite:
        - url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write

        storageSpec:
          volumeClaimTemplate:
            spec:
              storageClassName: hostpath
              selector:
                matchLabels:
                  app.kubernetes.io/name: kube-prometheus-stack-pv
              resources:
                requests:
                  storage: 30Gi

    kubeControllerManager:
      enabled: true
      endpoints:
      - 192.168.87.29
      service:
        enabled: true
        port: 10257
        targetPort: 10257
      serviceMonitor:
        enabled: true
        https: true
        insecureSkipVerify: true

    kubeScheduler:
      enabled: true
      endpoints:
      - 192.168.87.29
      service:
        enabled: true
        port: 10259
        targetPort: 10259
      serviceMonitor:
        enabled: true
        https: true
        insecureSkipVerify: true

    kubeProxy:
      enabled: true
      endpoints:
      - 192.168.87.29
      service:
        enabled: true
        port: 10249
        targetPort: 10249
      serviceMonitor:
        enabled: true
        https: false

    kubeEtcd:
      enabled: false