Add kube-prometheus-stack.

Adam Heath
Showing 5 changed files with 191 additions and 0 deletions
kube-prometheus-stack/charts/monitoring-config/grafana-oauth-config.yaml
kube-prometheus-stack/charts/monitoring-istio/kustomization.yaml
kube-prometheus-stack/charts/monitoring-istio/virtual-service.yaml
kube-prometheus-stack/helmfile.yaml
kube-prometheus-stack/set-common-values.yaml.gotmpl
--- a/kube-prometheus-stack/charts/monitoring-config/grafana-oauth-config.yaml 0 → 100644
View file @9ae1177
+++ b/kube-prometheus-stack/charts/monitoring-config/grafana-oauth-config.yaml 0 → 100644
View file @9ae1177
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-generic-oauth-config
+data:
+  GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+  GF_AUTH_GENERIC_OAUTH_NAME: "Keycloak"
+  GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
+  GF_AUTH_GENERIC_OAUTH_SCOPES: profile
+  GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/auth"
+  GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/token"
+  GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/userinfo"
+  GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'invalid'"
+  GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
+  GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: "true"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-generic-oauth-secret
+stringData:
+  GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana-dashboard"
+  GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "REPLACEME"
+---
--- a/kube-prometheus-stack/charts/monitoring-istio/kustomization.yaml 0 → 100644
View file @9ae1177
+++ b/kube-prometheus-stack/charts/monitoring-istio/kustomization.yaml 0 → 100644
View file @9ae1177
+resources:
+  - ./virtual-service.yaml
--- a/kube-prometheus-stack/charts/monitoring-istio/virtual-service.yaml 0 → 100644
View file @9ae1177
+++ b/kube-prometheus-stack/charts/monitoring-istio/virtual-service.yaml 0 → 100644
View file @9ae1177
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: grafana
+spec:
+  hosts:
+  - "grafana.local"
+  gateways:
+  - cluster-local-gateway
+  http:
+  - match:
+    - uri:
+        prefix: /
+    route:
+    - destination:
+        port:
+          number: 80
+        host: kube-prometheus-stack-grafana.monitoring.svc.cluster.local
+---
--- a/kube-prometheus-stack/helmfile.yaml 0 → 100644
View file @9ae1177
+++ b/kube-prometheus-stack/helmfile.yaml 0 → 100644
View file @9ae1177
+environments:
+  default:
+    values:
+      - namespace: monitoring
+        namePrefix: ""
+        grafana:
+          oauth:
+            enabled: false
+            authUrl: ""
+            tokenUrl: ""
+            userinfoUrl: ""
+            clientId: ""
+            clientSecret: ""
+          virtualService:
+            enabled: true
+            jsonPatches: []
+            strategicMergePatches: []
+            gateways:
+              - default/cluster-local-gateway
+            vhost: grafana.local
+
+repositories:
+  - name: prometheus-community
+    url: https://prometheus-community.github.io/helm-charts
+
+  - name: kube-state-metrics
+    url: https://kubernetes.github.io/kube-state-metrics
+
+  - name: grafana
+    url: https://grafana.github.io/helm-charts
+
+---
+
+releases:
+  - name: monitoring-config
+    chart: ./charts/monitoring-config
+    namespace: {{ .Values.namespace }}
+    values:
+      - set-common-values.yaml.gotmpl
+    jsonPatches:
+      - target:
+          kind: ConfigMap
+          name: {{ .Values.namePrefix }}grafana-generic-oauth-config
+          namespace: {{ .Values.namespace }}
+          version: v1
+        patch:
+          - op: replace
+            path: /data/GF_SERVER_ROOT_URL
+            value: https://{{ .Values.grafana.virtualService.vhost }}
+      {{- if .Values.grafana.oauth.enabled }}
+          - op: replace
+            path: /data/GF_AUTH_GENERIC_OAUTH_AUTH_URL
+            value: {{ .Values.grafana.oauth.authUrl }}
+          - op: replace
+            path: /data/GF_AUTH_GENERIC_OAUTH_TOKEN_URL
+            value: {{ .Values.grafana.oauth.tokenUrl }}
+          - op: replace
+            path: /data/GF_AUTH_GENERIC_OAUTH_API_URL
+            value: {{ .Values.grafana.oauth.userinfoUrl }}
+      {{- end }}
+      {{- if .Values.grafana.oauth.enabled }}
+      - target:
+          kind: Secret
+          name: {{ .Values.namePrefix }}grafana-generic-oauth-secret
+          namespace: {{ .Values.namespace }}
+          version: v1
+        patch:
+          - op: replace
+            path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
+            value: {{ .Values | get "grafana.keycloak.client-id" ""}}
+          - op: replace
+            path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
+            value: {{ .Values | get "grafana.keycloak.client-secret" ""}}
+      {{- end }}
+
+  - name: kube-prometheus-stack
+    chart: prometheus-community/kube-prometheus-stack
+    namespace: {{ .Values.namespace }}
+    values:
+      - set-common-values.yaml.gotmpl
+      - prometheus:
+          prometheusSpec:
+            serviceMonitorSelectorNilUsesHelmValues: false
+            podMonitorSelectorNilUsesHelmValues: false
+            probeSelectorNilUsesHelmValues: false
+    disableValidation: true
+    strategicMergePatches:
+      - apiVersion: apps/v1
+        kind: Deployment
+        metadata:
+          name: {{ .Values.namePrefix }}kube-prometheus-stack-grafana
+          namespace: {{ .Values.namespace }}
+        spec:
+          template:
+            spec:
+              containers:
+                - name: grafana
+      {{- if .Values.grafana.oauth.enabled }}
+                  envFrom:
+                    - configMapRef:
+                        name: {{ .Values.namePrefix }}grafana-generic-oauth-config
+                    - secretRef:
+                        name: {{ .Values.namePrefix }}grafana-generic-oauth-secret
+      {{- end }}
+
+  - name: monitoring-istio
+    chart: ./charts/monitoring-istio
+    namespace: {{ .Values.namespace }}
+    values:
+      - set-common-values.yaml.gotmpl
+    jsonPatches:
+      {{- if .Values.grafana.virtualService.enabled }}
+      - target:
+          kind: VirtualService
+          name: {{ .Values.namePrefix }}grafana
+          namespace: {{ .Values.namespace }}
+          version: v1beta3
+          group: networking.istio.io
+        patch:
+          - op: replace
+            path: /spec/http/0/route/0/destination/host
+            value: {{ .Values.namePrefix }}grafana
+      {{- end }}
+      {{- if not (empty (.Values.grafana.virtualService.jsonPatches)) }}
+      {{- .Values.grafana.virtualService.jsonPatches | toYaml | indent 6 }}
+      {{- end }}
+    strategicMergePatches:
+      - apiVersion: networking.istio.io/v1alpha3
+        kind: VirtualService
+        metadata:
+          name: {{ .Values.namePrefix }}grafana
+          namespace: {{ .Values.namespace }}
+      {{- if .Values.grafana.virtualService.enabled }}
+        spec:
+          hosts:
+            - {{ .Values.grafana.virtualService.vhost }}
+          gateways:
+            {{- range $gateway_index, $gateway := .Values.grafana.virtualService.gateways }}
+            - {{ $gateway | quote }}
+            {{- end }}
+      {{- else }}
+        $patch: delete
+      {{- end }}
--- a/kube-prometheus-stack/set-common-values.yaml.gotmpl 0 → 100644
View file @9ae1177
+++ b/kube-prometheus-stack/set-common-values.yaml.gotmpl 0 → 100644
View file @9ae1177
+namePrefix: {{ .Values.namePrefix }}
+namespace: {{ .Values.namespace }}