homelab/k8s/core/prom-stack/prom-values.yaml

alertmanager:
  config:
    global:
      telegram_api_url: "https://api.telegram.org"
    route:
      group_by: ['alertname', 'cluster', 'service']
      group_wait: 10s
      group_interval: 10s
      repeat_interval: 12h
      receiver: 'telegram'
    receivers:
      - name: 'telegram'
        telegram_configs:
          - bot_token: '${TELEGRAM_BOT_TOKEN}'
            chat_id: ${TELEGRAM_CHAT_ID}
            parse_mode: 'HTML'
            message: |
              {{ range .Alerts }}
              <b>{{ .Labels.alertname }}</b>
              {{ if .Labels.severity }}<b>Severity:</b> {{ .Labels.severity }}{{ end }}
              <b>Status:</b> {{ .Status }}
              {{ if .Annotations.summary }}<b>Summary:</b> {{ .Annotations.summary }}{{ end }}
              {{ if .Annotations.description }}<b>Description:</b> {{ .Annotations.description }}{{ end }}
              {{ end }}

  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt
      traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
    hosts:
      - prom.hexor.cy
    paths:
      - /alertmanager
    tls:
      - secretName: alertmanager-tls
        hosts:
          - prom.hexor.cy
  alertmanagerSpec:
    secrets:
      - alertmanager-telegram-secret
    externalUrl: https://prom.hexor.cy/alertmanager
    routePrefix: /alertmanager

prometheus:
  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt
      traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
    hosts:
      - prom.hexor.cy
    paths:
      - /
    tls:
      - secretName: prometheus-tls
        hosts:
          - prom.hexor.cy
  prometheusSpec:
    enableRemoteWriteReceiver: true
    additionalScrapeConfigs:
      - job_name: xray_vpn
        metrics_path: /scrape
        static_configs:
          - targets: ['cy.tail2fe2d.ts.net:9550']
            labels: {job: cy}
          - targets: ['x86.tail2fe2d.ts.net:9550']
            labels: {job: am}
          - targets: ['jp.tail2fe2d.ts.net:9550']
            labels: {job: jp}

      - job_name: cs_16_server
        static_configs:
          - targets: ['prom-a2s-exporter.counter-strike.svc:9841']
            labels: {instance: master}

    retention: "380d"
    retentionSize: "0"
    nodeSelector:
      kubernetes.io/hostname: master.tail2fe2d.ts.net
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: ""
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 400Gi

grafana:
  enabled: true
  
  serviceAccount:
    create: true
    name: "prom-grafana-sa"

  envFromSecret: grafana-admin
  nodeSelector:
    kubernetes.io/hostname: master.tail2fe2d.ts.net

  admin:
    existingSecret: grafana-admin
    userKey: username
    passwordKey: password

  grafana.ini:
    auth:
      signout_redirect_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgf.hexor.cy%2Flogin&client_id=Grafana
      oauth_allow_insecure_email_lookup: true
    auth.generic_oauth:
      name: Keycloak
      enabled: true
      scopes: "openid profile email"
      allow_sign_up: true
      auth_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/auth
      token_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/token
      api_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/userinfo
      email_attribute_path: email
      login_attribute_path: preferred_username
      name_attribute_path: name
      role_attribute_path: >-
        contains(groups[*], 'hexor-admin') && 'Admin' ||
        contains(groups[*], 'hexor-guest') && 'Viewer' ||
        'Viewer'
      role_attribute_strict: false
    log:
      level: debug
      filters: "oauth.generic_oauth:debug"
    database:
      type: postgres
      host: psql.psql.svc:5432
      name: grafana
      user: grafana
      ssl_mode: disable

  # The Loki datasource config needs to be preserved, 
  # but instead of "datasources.datasources.yaml", we define it like this for the prometheus-stack chart:
  additionalDataSources:
    - name: Loki
      type: loki
      url: http://loki-gateway.prometheus.svc:80
      access: proxy
      orgId: 1

  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt
      traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
    hosts:
      - gf.hexor.cy
    tls:
      - secretName: grafana-tls
        hosts:
          - '*.hexor.cy'

  extraConfigmapMounts:
    - name: grafana-alerting-rules
      mountPath: /etc/grafana/provisioning/alerting/rules.yaml
      configMap: grafana-alerting
      subPath: rules.yaml
      readOnly: true
    - name: grafana-alerting-contactpoints
      mountPath: /etc/grafana/provisioning/alerting/contactpoints.yaml
      configMap: grafana-alerting
      subPath: contactpoints.yaml
      readOnly: true
    - name: grafana-alerting-policies
      mountPath: /etc/grafana/provisioning/alerting/policies.yaml
      configMap: grafana-alerting
      subPath: policies.yaml
      readOnly: true

  envValueFrom:
    TELEGRAM_BOT_TOKEN:
      secretKeyRef:
        name: grafana-telegram
        key: bot-token
    TELEGRAM_CHAT_ID:
      secretKeyRef:
        name: grafana-telegram
        key: chat-id