Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
9ae11775 by Adam Heath
Options

Add kube-prometheus-stack.

1 parent dfec78f8
Inline Side-by-side
Showing 5 changed files with 191 additions and 0 deletions
1 ---
2 apiVersion: v1
3 kind: ConfigMap
4 metadata:
5 name: grafana-generic-oauth-config
6 data:
7 GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
8 GF_AUTH_GENERIC_OAUTH_NAME: "Keycloak"
9 GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
10 GF_AUTH_GENERIC_OAUTH_SCOPES: profile
11 GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/auth"
12 GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/token"
13 GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/userinfo"
14 GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'invalid'"
15 GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
16 GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: "true"
17 ---
18 apiVersion: v1
19 kind: Secret
20 metadata:
21 name: grafana-generic-oauth-secret
22 stringData:
23 GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana-dashboard"
24 GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "REPLACEME"
25 ---
1 apiVersion: networking.istio.io/v1alpha3
2 kind: VirtualService
3 metadata:
4 name: grafana
5 spec:
6 hosts:
7 - "grafana.local"
8 gateways:
9 - cluster-local-gateway
10 http:
11 - match:
12 - uri:
13 prefix: /
14 route:
15 - destination:
16 port:
17 number: 80
18 host: kube-prometheus-stack-grafana.monitoring.svc.cluster.local
19 ---
1 environments:
2 default:
3 values:
4 - namespace: monitoring
5 namePrefix: ""
6 grafana:
7 oauth:
8 enabled: false
9 authUrl: ""
10 tokenUrl: ""
11 userinfoUrl: ""
12 clientId: ""
13 clientSecret: ""
14 virtualService:
15 enabled: true
16 jsonPatches: []
17 strategicMergePatches: []
18 gateways:
19 - default/cluster-local-gateway
20 vhost: grafana.local
21
22 repositories:
23 - name: prometheus-community
24 url: https://prometheus-community.github.io/helm-charts
25
26 - name: kube-state-metrics
27 url: https://kubernetes.github.io/kube-state-metrics
28
29 - name: grafana
30 url: https://grafana.github.io/helm-charts
31
32 ---
33
34 releases:
35 - name: monitoring-config
36 chart: ./charts/monitoring-config
37 namespace: {{ .Values.namespace }}
38 values:
39 - set-common-values.yaml.gotmpl
40 jsonPatches:
41 - target:
42 kind: ConfigMap
43 name: {{ .Values.namePrefix }}grafana-generic-oauth-config
44 namespace: {{ .Values.namespace }}
45 version: v1
46 patch:
47 - op: replace
48 path: /data/GF_SERVER_ROOT_URL
49 value: https://{{ .Values.grafana.virtualService.vhost }}
50 {{- if .Values.grafana.oauth.enabled }}
51 - op: replace
52 path: /data/GF_AUTH_GENERIC_OAUTH_AUTH_URL
53 value: {{ .Values.grafana.oauth.authUrl }}
54 - op: replace
55 path: /data/GF_AUTH_GENERIC_OAUTH_TOKEN_URL
56 value: {{ .Values.grafana.oauth.tokenUrl }}
57 - op: replace
58 path: /data/GF_AUTH_GENERIC_OAUTH_API_URL
59 value: {{ .Values.grafana.oauth.userinfoUrl }}
60 {{- end }}
61 {{- if .Values.grafana.oauth.enabled }}
62 - target:
63 kind: Secret
64 name: {{ .Values.namePrefix }}grafana-generic-oauth-secret
65 namespace: {{ .Values.namespace }}
66 version: v1
67 patch:
68 - op: replace
69 path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
70 value: {{ .Values | get "grafana.keycloak.client-id" ""}}
71 - op: replace
72 path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
73 value: {{ .Values | get "grafana.keycloak.client-secret" ""}}
74 {{- end }}
75
76 - name: kube-prometheus-stack
77 chart: prometheus-community/kube-prometheus-stack
78 namespace: {{ .Values.namespace }}
79 values:
80 - set-common-values.yaml.gotmpl
81 - prometheus:
82 prometheusSpec:
83 serviceMonitorSelectorNilUsesHelmValues: false
84 podMonitorSelectorNilUsesHelmValues: false
85 probeSelectorNilUsesHelmValues: false
86 disableValidation: true
87 strategicMergePatches:
88 - apiVersion: apps/v1
89 kind: Deployment
90 metadata:
91 name: {{ .Values.namePrefix }}kube-prometheus-stack-grafana
92 namespace: {{ .Values.namespace }}
93 spec:
94 template:
95 spec:
96 containers:
97 - name: grafana
98 {{- if .Values.grafana.oauth.enabled }}
99 envFrom:
100 - configMapRef:
101 name: {{ .Values.namePrefix }}grafana-generic-oauth-config
102 - secretRef:
103 name: {{ .Values.namePrefix }}grafana-generic-oauth-secret
104 {{- end }}
105
106 - name: monitoring-istio
107 chart: ./charts/monitoring-istio
108 namespace: {{ .Values.namespace }}
109 values:
110 - set-common-values.yaml.gotmpl
111 jsonPatches:
112 {{- if .Values.grafana.virtualService.enabled }}
113 - target:
114 kind: VirtualService
115 name: {{ .Values.namePrefix }}grafana
116 namespace: {{ .Values.namespace }}
117 version: v1beta3
118 group: networking.istio.io
119 patch:
120 - op: replace
121 path: /spec/http/0/route/0/destination/host
122 value: {{ .Values.namePrefix }}grafana
123 {{- end }}
124 {{- if not (empty (.Values.grafana.virtualService.jsonPatches)) }}
125 {{- .Values.grafana.virtualService.jsonPatches | toYaml | indent 6 }}
126 {{- end }}
127 strategicMergePatches:
128 - apiVersion: networking.istio.io/v1alpha3
129 kind: VirtualService
130 metadata:
131 name: {{ .Values.namePrefix }}grafana
132 namespace: {{ .Values.namespace }}
133 {{- if .Values.grafana.virtualService.enabled }}
134 spec:
135 hosts:
136 - {{ .Values.grafana.virtualService.vhost }}
137 gateways:
138 {{- range $gateway_index, $gateway := .Values.grafana.virtualService.gateways }}
139 - {{ $gateway | quote }}
140 {{- end }}
141 {{- else }}
142 $patch: delete
143 {{- end }}
1 namePrefix: {{ .Values.namePrefix }}
2 namespace: {{ .Values.namespace }}