rke2-single-node/09_homelab_apps/homelab-apps/templates/kube-prometheus-stack.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: kube-prometheus-stack
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: kube-prometheus-stack
    server: {{ $.Values.spec.destination.server }}
  project: homelab
  source:
    path: .
    repoURL: oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
    targetRevision: 80.14.4
    helm:
        values: |
          grafana:
            grafana.ini:
              server:
                root_url: https://grafana.k8s.hnrx.net
              auth.generic_oauth:
                enabled: true
                name: "authentik"
                allow_sign_up: true
                auto_login: false # Auf true setzen, wenn das Standard-Login-Formular übersprungen werden soll
                client_id: "4JtTfw2apna4ZnnXgPH6mnDfLCPoW6qy5fXiC03z"
                client_secret: "MI7Fsw22Fl6ruiOhG3Z55F1QhuMoQKzF2GR3qGO3x41encrmubcGeqJc0JpQIKEFiVIUiNXQkQU0FGiaTshEZx5HK8qzPBMz8VbR2gGmcNy7szHkTrBfNsosHDFndvWi" # Am besten via Secret einbinden (siehe unten)
                scopes: "openid profile email"
                auth_url: "https://auth.hnrx.net/application/o/authorize/"
                token_url: "https://auth.hnrx.net/application/o/token/"
                api_url: "https://auth.hnrx.net/application/o/userinfo/"

                role_attribute_path: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
            adminPassword: "DeinSicheresPasswort"
            persistence:
              enabled: true
              size: 10Gi
              storageClassName: nfs-csi
            ingress:
              enabled: false
          prometheus:
            prometheusSpec:
              storageSpec:
                volumeClaimTemplate:
                  spec:
                    resources:
                      requests:
                        storage: 20Gi
                    storageClassName: nfs-csi
          alertmanager:
            alertmanagerSpec:
              storageSpec:
                volumeClaimTemplate:
                  spec:
                    resources:
                      requests:
                        storage: 10Gi
                    storageClassName: nfs-csi
  syncPolicy:
    automated: 
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: grafana-route
  namespace: kube-prometheus-stack
spec:
  parentRefs:
    - name: shared-gateway
      namespace: default
  hostnames:
    - "grafana.k8s.hnrx.net"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: kube-prometheus-stack-grafana
          port: 80

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: prometheus-route
  namespace: kube-prometheus-stack
spec:
  parentRefs:
    - name: shared-gateway
      namespace: default
  hostnames:
    - "prometheus.k8s.hnrx.net"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: prometheus-operated
          port: 9090

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: alertmanager-route
  namespace: kube-prometheus-stack
spec:
  parentRefs:
    - name: shared-gateway
      namespace: default
  hostnames:
    - "alertmanager.k8s.hnrx.net"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: alertmanager-operated
          port: 9093