9ae11775 by Adam Heath

Add kube-prometheus-stack.

1 parent dfec78f8
---
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-generic-oauth-config
data:
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: "Keycloak"
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
GF_AUTH_GENERIC_OAUTH_SCOPES: profile
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/auth"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/token"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/userinfo"
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'invalid'"
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: "true"
---
apiVersion: v1
kind: Secret
metadata:
name: grafana-generic-oauth-secret
stringData:
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana-dashboard"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "REPLACEME"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana
spec:
hosts:
- "grafana.local"
gateways:
- cluster-local-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 80
host: kube-prometheus-stack-grafana.monitoring.svc.cluster.local
---
environments:
default:
values:
- namespace: monitoring
namePrefix: ""
grafana:
oauth:
enabled: false
authUrl: ""
tokenUrl: ""
userinfoUrl: ""
clientId: ""
clientSecret: ""
virtualService:
enabled: true
jsonPatches: []
strategicMergePatches: []
gateways:
- default/cluster-local-gateway
vhost: grafana.local
repositories:
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
- name: kube-state-metrics
url: https://kubernetes.github.io/kube-state-metrics
- name: grafana
url: https://grafana.github.io/helm-charts
---
releases:
- name: monitoring-config
chart: ./charts/monitoring-config
namespace: {{ .Values.namespace }}
values:
- set-common-values.yaml.gotmpl
jsonPatches:
- target:
kind: ConfigMap
name: {{ .Values.namePrefix }}grafana-generic-oauth-config
namespace: {{ .Values.namespace }}
version: v1
patch:
- op: replace
path: /data/GF_SERVER_ROOT_URL
value: https://{{ .Values.grafana.virtualService.vhost }}
{{- if .Values.grafana.oauth.enabled }}
- op: replace
path: /data/GF_AUTH_GENERIC_OAUTH_AUTH_URL
value: {{ .Values.grafana.oauth.authUrl }}
- op: replace
path: /data/GF_AUTH_GENERIC_OAUTH_TOKEN_URL
value: {{ .Values.grafana.oauth.tokenUrl }}
- op: replace
path: /data/GF_AUTH_GENERIC_OAUTH_API_URL
value: {{ .Values.grafana.oauth.userinfoUrl }}
{{- end }}
{{- if .Values.grafana.oauth.enabled }}
- target:
kind: Secret
name: {{ .Values.namePrefix }}grafana-generic-oauth-secret
namespace: {{ .Values.namespace }}
version: v1
patch:
- op: replace
path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
value: {{ .Values | get "grafana.keycloak.client-id" ""}}
- op: replace
path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
value: {{ .Values | get "grafana.keycloak.client-secret" ""}}
{{- end }}
- name: kube-prometheus-stack
chart: prometheus-community/kube-prometheus-stack
namespace: {{ .Values.namespace }}
values:
- set-common-values.yaml.gotmpl
- prometheus:
prometheusSpec:
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: false
disableValidation: true
strategicMergePatches:
- apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.namePrefix }}kube-prometheus-stack-grafana
namespace: {{ .Values.namespace }}
spec:
template:
spec:
containers:
- name: grafana
{{- if .Values.grafana.oauth.enabled }}
envFrom:
- configMapRef:
name: {{ .Values.namePrefix }}grafana-generic-oauth-config
- secretRef:
name: {{ .Values.namePrefix }}grafana-generic-oauth-secret
{{- end }}
- name: monitoring-istio
chart: ./charts/monitoring-istio
namespace: {{ .Values.namespace }}
values:
- set-common-values.yaml.gotmpl
jsonPatches:
{{- if .Values.grafana.virtualService.enabled }}
- target:
kind: VirtualService
name: {{ .Values.namePrefix }}grafana
namespace: {{ .Values.namespace }}
version: v1beta3
group: networking.istio.io
patch:
- op: replace
path: /spec/http/0/route/0/destination/host
value: {{ .Values.namePrefix }}grafana
{{- end }}
{{- if not (empty (.Values.grafana.virtualService.jsonPatches)) }}
{{- .Values.grafana.virtualService.jsonPatches | toYaml | indent 6 }}
{{- end }}
strategicMergePatches:
- apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: {{ .Values.namePrefix }}grafana
namespace: {{ .Values.namespace }}
{{- if .Values.grafana.virtualService.enabled }}
spec:
hosts:
- {{ .Values.grafana.virtualService.vhost }}
gateways:
{{- range $gateway_index, $gateway := .Values.grafana.virtualService.gateways }}
- {{ $gateway | quote }}
{{- end }}
{{- else }}
$patch: delete
{{- end }}
namePrefix: {{ .Values.namePrefix }}
namespace: {{ .Values.namespace }}