Added prom-stack

k8s/core/prometheus/app.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prom-stack
+  namespace: prometheus
+spec:
+  project: core
+  destination:
+    namespace: prometheus
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/core/prometheus
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+

k8s/core/prometheus/external-secrets.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: grafana-admin
+  namespace: prometheus
+spec:
+  target:
+    name: grafana-admin
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        GF_SERVER_ROOT_URL: https://gf.hexor.cy
+        GF_DATABASE_USER: grafana
+        password: |-
+          {{ .password }}
+        username: |-
+          {{ .username }}
+        GF_AUTH_GENERIC_OAUTH_CLIENT_ID: |-
+          {{ .client_id }}
+        GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: |-
+          {{ .client_secret }}
+        GF_DATABASE_PASSWORD: |-
+          {{ .psql_user }}
+  data:
+    - secretKey: password
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 6a03357b-616e-4973-897a-93ccd675ddcb
+        property: login.password
+    - secretKey: username
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 6a03357b-616e-4973-897a-93ccd675ddcb
+        property: login.username
+    - secretKey: client_id
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 6a03357b-616e-4973-897a-93ccd675ddcb
+        property: fields[0].value
+    - secretKey: client_secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 6a03357b-616e-4973-897a-93ccd675ddcb
+        property: fields[1].value
+    - secretKey: psql_user
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[2].value
+

k8s/core/prometheus/grafana-values.yaml

@@ -0,0 +1,54 @@
+envFromSecret: grafana-admin
+nodeSelector:
+  kubernetes.io/hostname: master.tail2fe2d.ts.net
+
+admin:
+  existingSecret: grafana-admin
+  userKey: username
+  passwordKey: password
+
+grafana.ini:
+  auth:
+    signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/
+    oauth_auto_login: true
+  auth.generic_oauth:
+    name: authentik
+    enabled: true
+    scopes: "openid profile email"
+    auth_url: https://idm.hexor.cy/application/o/authorize/
+    token_url: https://idm.hexor.cy/application/o/token/
+    api_url: https://idm.hexor.cy/application/o/userinfo/
+    role_attribute_path: >-
+      contains(groups, 'Grafana Admin') && 'Admin' ||
+      contains(groups, 'Grafana Editors') && 'Editor' ||
+      contains(groups, 'Grafana Viewer') && 'Viewer'
+  database:
+    type: postgres
+    host: psql.psql.svc:5432
+    name: grafana
+    user: grafana
+    ssl_mode: disable
+
+datasources:
+  datasources.yaml:
+    apiVersion: 1
+    datasources:
+      - name: Prometheus Local
+        type: prometheus
+        url: http://prometheus-kube-prometheus-prometheus.prometheus.svc:9090
+        access: proxy
+        isDefault: true
+
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+  hosts:
+    - gf.hexor.cy
+  tls:
+    - secretName: grafana-tls
+      hosts:
+        - '*.hexor.cy'
+

k8s/core/prometheus/kustomization.yaml

@@ -0,0 +1,25 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app.yaml
+  - persistentVolume.yaml
+  - external-secrets.yaml
+
+helmCharts:
+  - name: prometheus
+    repo: https://prometheus-community.github.io/helm-charts
+    version: 70.4.2
+    releaseName: kube-prometheus-stack
+    namespace: prometheus
+    valuesFile: prom-values.yaml
+    includeCRDs: true
+
+  - name: grafana
+    repo: https://grafana.github.io/helm-charts
+    version: 8.11.4
+    releaseName: grafana
+    namespace: prometheus
+    valuesFile: grafana-values.yaml
+    includeCRDs: true
+

k8s/core/prometheus/persistentVolume.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prometheus-pv
+  namespace: prometheus
+spec:
+  capacity:
+    storage: 200Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /k8s/prom/tsdb-storage

k8s/core/prometheus/prom-values.yaml

@@ -0,0 +1,36 @@
+grafana:
+  enabled: false
+prometheus:
+  prometheusSpec:
+    enableRemoteWriteReceiver: true
+    additionalScrapeConfigs:
+      - job_name: outline_vpn
+        static_configs:
+          - targets: ['100.117.24.104:9095']
+            labels: {instance: cy}
+          - targets: ['100.117.24.104:9096']
+            labels: {instance: am}
+          - targets: ['100.117.24.104:9097']
+            labels: {instance: jp}
+          - targets: ['100.117.24.104:9098']
+            labels: {instance: bg}
+          - targets: ['100.117.24.104:9099']
+            labels: {instance: fi}
+
+      - job_name: term_humid_sensors
+        static_configs:
+        - targets: ['100.117.24.104:7536']
+
+    retention: "99999d"
+    retentionSize: "0"
+    nodeSelector:
+      kubernetes.io/hostname: master.tail2fe2d.ts.net
+    storageSpec:
+      volumeClaimTemplate:
+        spec:
+          storageClassName: ""
+          accessModes: ["ReadWriteOnce"]
+          resources:
+            requests:
+              storage: 200Gi
+