193 lines
6.2 KiB
YAML
193 lines
6.2 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: kube-prometheus-stack
|
|
namespace: argocd
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
destination:
|
|
namespace: kube-prometheus-stack
|
|
server: {{ $.Values.spec.destination.server }}
|
|
project: homelab
|
|
source:
|
|
path: .
|
|
repoURL: oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
|
|
targetRevision: 81.5.0
|
|
helm:
|
|
values: |
|
|
kubeProxy:
|
|
enabled: false
|
|
grafana:
|
|
envValueFrom:
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
|
|
secretKeyRef:
|
|
name: kube-prometheus-secret
|
|
key: GENERIC_OAUTH_CLIENT_SECRET
|
|
grafana.ini:
|
|
server:
|
|
root_url: https://grafana.k8s.hnrx.net
|
|
auth.generic_oauth:
|
|
enabled: true
|
|
name: "authentik"
|
|
allow_sign_up: true
|
|
auto_login: false # Auf true setzen, wenn das Standard-Login-Formular übersprungen werden soll
|
|
client_id: "4JtTfw2apna4ZnnXgPH6mnDfLCPoW6qy5fXiC03z"
|
|
scopes: "openid profile email"
|
|
auth_url: "https://auth.hnrx.net/application/o/authorize/"
|
|
token_url: "https://auth.hnrx.net/application/o/token/"
|
|
api_url: "https://auth.hnrx.net/application/o/userinfo/"
|
|
|
|
role_attribute_path: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
|
|
adminPassword: "DeinSicheresPasswort"
|
|
sidecar:
|
|
datasources:
|
|
enabled: true
|
|
additionalDataSources:
|
|
- name: Loki
|
|
type: loki
|
|
access: proxy
|
|
# Da Grafana und Loki im gleichen Namespace sind, reicht der Service-Name
|
|
url: http://loki.kube-prometheus-stack.svc.cluster.local:3100
|
|
version: 1
|
|
editable: true
|
|
jsonData:
|
|
# Erhöht die Zeilenanzahl im Explorer (nützlich für Traefik-Logs)
|
|
maxLines: 1000
|
|
dashboards:
|
|
default: # Name des Dashboard-Providers
|
|
traefik-dashboard:
|
|
gnetId: 11462 # Die ID von grafana.com
|
|
revision: 1 # Optional: Version des Dashboards
|
|
datasource: Prometheus
|
|
traefik-2-dashboard:
|
|
gnetId: 17346 # Die ID von grafana.com
|
|
revision: 1 # Optional: Version des Dashboards
|
|
datasource: Prometheus
|
|
persistence:
|
|
enabled: true
|
|
size: 10Gi
|
|
storageClassName: nfs-csi
|
|
ingress:
|
|
enabled: false
|
|
prometheus:
|
|
prometheusSpec:
|
|
additionalScrapeConfigs:
|
|
- job_name: 'crowdsec'
|
|
static_configs:
|
|
- targets: ['192.168.200.20:6060']
|
|
- job_name: "traefik-synology"
|
|
metrics_path: /metrics
|
|
static_configs:
|
|
- targets: ["192.168.200.20:8082"]
|
|
# Optional: Labels hinzufügen, damit Traefik-Dashboards
|
|
# die Daten leichter finden
|
|
relabel_configs:
|
|
- target_label: job
|
|
replacement: traefik
|
|
- target_label: instance
|
|
replacement: synology-nas
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
resources:
|
|
requests:
|
|
storage: 20Gi
|
|
storageClassName: nfs-csi
|
|
alertmanager:
|
|
alertmanagerSpec:
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
storageClassName: nfs-csi
|
|
syncPolicy:
|
|
automated:
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ServerSideApply=true
|
|
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: grafana-route
|
|
namespace: kube-prometheus-stack
|
|
spec:
|
|
parentRefs:
|
|
- name: shared-gateway
|
|
namespace: default
|
|
hostnames:
|
|
- "grafana.k8s.hnrx.net"
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
backendRefs:
|
|
- name: kube-prometheus-stack-grafana
|
|
port: 80
|
|
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: prometheus-route
|
|
namespace: kube-prometheus-stack
|
|
spec:
|
|
parentRefs:
|
|
- name: shared-gateway
|
|
namespace: default
|
|
hostnames:
|
|
- "prometheus.k8s.hnrx.net"
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
backendRefs:
|
|
- name: prometheus-operated
|
|
port: 9090
|
|
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: alertmanager-route
|
|
namespace: kube-prometheus-stack
|
|
spec:
|
|
parentRefs:
|
|
- name: shared-gateway
|
|
namespace: default
|
|
hostnames:
|
|
- "alertmanager.k8s.hnrx.net"
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
backendRefs:
|
|
- name: alertmanager-operated
|
|
port: 9093
|
|
---
|
|
apiVersion: secrets.phase.dev/v1alpha1
|
|
kind: PhaseSecret
|
|
metadata:
|
|
name: kube-prometheus-secret
|
|
namespace: kube-prometheus-stack
|
|
spec:
|
|
phaseApp: 'prometheus-stack' # The name of your Phase application
|
|
phaseAppEnv: 'production' # OPTIONAL - The Phase App Environment to fetch secrets from
|
|
phaseAppEnvPath: '/' # OPTIONAL Path within the Phase application environment to fetch secrets from
|
|
phaseHost: 'https://phase.hnrx.net' # OPTIONAL - URL of a Phase Console instance
|
|
authentication:
|
|
serviceToken:
|
|
serviceTokenSecretReference:
|
|
secretName: 'phase-service-token' # Name of the Phase Service Token with access to your application
|
|
secretNamespace: 'default'
|
|
managedSecretReferences:
|
|
- secretName: 'kube-prometheus-secret' # Name of the Kubernetes managed secret that Phase will sync
|
|
secretNamespace: 'kube-prometheus-stack' |