Add kube-prometheus-stack.
Showing
5 changed files
with
191 additions
and
0 deletions
1 | --- | ||
2 | apiVersion: v1 | ||
3 | kind: ConfigMap | ||
4 | metadata: | ||
5 | name: grafana-generic-oauth-config | ||
6 | data: | ||
7 | GF_AUTH_GENERIC_OAUTH_ENABLED: "true" | ||
8 | GF_AUTH_GENERIC_OAUTH_NAME: "Keycloak" | ||
9 | GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true" | ||
10 | GF_AUTH_GENERIC_OAUTH_SCOPES: profile | ||
11 | GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/auth" | ||
12 | GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/token" | ||
13 | GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.local/auth/realms/example.com/protocol/openid-connect/userinfo" | ||
14 | GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'invalid'" | ||
15 | GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true" | ||
16 | GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: "true" | ||
17 | --- | ||
18 | apiVersion: v1 | ||
19 | kind: Secret | ||
20 | metadata: | ||
21 | name: grafana-generic-oauth-secret | ||
22 | stringData: | ||
23 | GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana-dashboard" | ||
24 | GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "REPLACEME" | ||
25 | --- |
1 | apiVersion: networking.istio.io/v1alpha3 | ||
2 | kind: VirtualService | ||
3 | metadata: | ||
4 | name: grafana | ||
5 | spec: | ||
6 | hosts: | ||
7 | - "grafana.local" | ||
8 | gateways: | ||
9 | - cluster-local-gateway | ||
10 | http: | ||
11 | - match: | ||
12 | - uri: | ||
13 | prefix: / | ||
14 | route: | ||
15 | - destination: | ||
16 | port: | ||
17 | number: 80 | ||
18 | host: kube-prometheus-stack-grafana.monitoring.svc.cluster.local | ||
19 | --- |
kube-prometheus-stack/helmfile.yaml
0 → 100644
1 | environments: | ||
2 | default: | ||
3 | values: | ||
4 | - namespace: monitoring | ||
5 | namePrefix: "" | ||
6 | grafana: | ||
7 | oauth: | ||
8 | enabled: false | ||
9 | authUrl: "" | ||
10 | tokenUrl: "" | ||
11 | userinfoUrl: "" | ||
12 | clientId: "" | ||
13 | clientSecret: "" | ||
14 | virtualService: | ||
15 | enabled: true | ||
16 | jsonPatches: [] | ||
17 | strategicMergePatches: [] | ||
18 | gateways: | ||
19 | - default/cluster-local-gateway | ||
20 | vhost: grafana.local | ||
21 | |||
22 | repositories: | ||
23 | - name: prometheus-community | ||
24 | url: https://prometheus-community.github.io/helm-charts | ||
25 | |||
26 | - name: kube-state-metrics | ||
27 | url: https://kubernetes.github.io/kube-state-metrics | ||
28 | |||
29 | - name: grafana | ||
30 | url: https://grafana.github.io/helm-charts | ||
31 | |||
32 | --- | ||
33 | |||
34 | releases: | ||
35 | - name: monitoring-config | ||
36 | chart: ./charts/monitoring-config | ||
37 | namespace: {{ .Values.namespace }} | ||
38 | values: | ||
39 | - set-common-values.yaml.gotmpl | ||
40 | jsonPatches: | ||
41 | - target: | ||
42 | kind: ConfigMap | ||
43 | name: {{ .Values.namePrefix }}grafana-generic-oauth-config | ||
44 | namespace: {{ .Values.namespace }} | ||
45 | version: v1 | ||
46 | patch: | ||
47 | - op: replace | ||
48 | path: /data/GF_SERVER_ROOT_URL | ||
49 | value: https://{{ .Values.grafana.virtualService.vhost }} | ||
50 | {{- if .Values.grafana.oauth.enabled }} | ||
51 | - op: replace | ||
52 | path: /data/GF_AUTH_GENERIC_OAUTH_AUTH_URL | ||
53 | value: {{ .Values.grafana.oauth.authUrl }} | ||
54 | - op: replace | ||
55 | path: /data/GF_AUTH_GENERIC_OAUTH_TOKEN_URL | ||
56 | value: {{ .Values.grafana.oauth.tokenUrl }} | ||
57 | - op: replace | ||
58 | path: /data/GF_AUTH_GENERIC_OAUTH_API_URL | ||
59 | value: {{ .Values.grafana.oauth.userinfoUrl }} | ||
60 | {{- end }} | ||
61 | {{- if .Values.grafana.oauth.enabled }} | ||
62 | - target: | ||
63 | kind: Secret | ||
64 | name: {{ .Values.namePrefix }}grafana-generic-oauth-secret | ||
65 | namespace: {{ .Values.namespace }} | ||
66 | version: v1 | ||
67 | patch: | ||
68 | - op: replace | ||
69 | path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET | ||
70 | value: {{ .Values | get "grafana.keycloak.client-id" ""}} | ||
71 | - op: replace | ||
72 | path: /stringData/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET | ||
73 | value: {{ .Values | get "grafana.keycloak.client-secret" ""}} | ||
74 | {{- end }} | ||
75 | |||
76 | - name: kube-prometheus-stack | ||
77 | chart: prometheus-community/kube-prometheus-stack | ||
78 | namespace: {{ .Values.namespace }} | ||
79 | values: | ||
80 | - set-common-values.yaml.gotmpl | ||
81 | - prometheus: | ||
82 | prometheusSpec: | ||
83 | serviceMonitorSelectorNilUsesHelmValues: false | ||
84 | podMonitorSelectorNilUsesHelmValues: false | ||
85 | probeSelectorNilUsesHelmValues: false | ||
86 | disableValidation: true | ||
87 | strategicMergePatches: | ||
88 | - apiVersion: apps/v1 | ||
89 | kind: Deployment | ||
90 | metadata: | ||
91 | name: {{ .Values.namePrefix }}kube-prometheus-stack-grafana | ||
92 | namespace: {{ .Values.namespace }} | ||
93 | spec: | ||
94 | template: | ||
95 | spec: | ||
96 | containers: | ||
97 | - name: grafana | ||
98 | {{- if .Values.grafana.oauth.enabled }} | ||
99 | envFrom: | ||
100 | - configMapRef: | ||
101 | name: {{ .Values.namePrefix }}grafana-generic-oauth-config | ||
102 | - secretRef: | ||
103 | name: {{ .Values.namePrefix }}grafana-generic-oauth-secret | ||
104 | {{- end }} | ||
105 | |||
106 | - name: monitoring-istio | ||
107 | chart: ./charts/monitoring-istio | ||
108 | namespace: {{ .Values.namespace }} | ||
109 | values: | ||
110 | - set-common-values.yaml.gotmpl | ||
111 | jsonPatches: | ||
112 | {{- if .Values.grafana.virtualService.enabled }} | ||
113 | - target: | ||
114 | kind: VirtualService | ||
115 | name: {{ .Values.namePrefix }}grafana | ||
116 | namespace: {{ .Values.namespace }} | ||
117 | version: v1beta3 | ||
118 | group: networking.istio.io | ||
119 | patch: | ||
120 | - op: replace | ||
121 | path: /spec/http/0/route/0/destination/host | ||
122 | value: {{ .Values.namePrefix }}grafana | ||
123 | {{- end }} | ||
124 | {{- if not (empty (.Values.grafana.virtualService.jsonPatches)) }} | ||
125 | {{- .Values.grafana.virtualService.jsonPatches | toYaml | indent 6 }} | ||
126 | {{- end }} | ||
127 | strategicMergePatches: | ||
128 | - apiVersion: networking.istio.io/v1alpha3 | ||
129 | kind: VirtualService | ||
130 | metadata: | ||
131 | name: {{ .Values.namePrefix }}grafana | ||
132 | namespace: {{ .Values.namespace }} | ||
133 | {{- if .Values.grafana.virtualService.enabled }} | ||
134 | spec: | ||
135 | hosts: | ||
136 | - {{ .Values.grafana.virtualService.vhost }} | ||
137 | gateways: | ||
138 | {{- range $gateway_index, $gateway := .Values.grafana.virtualService.gateways }} | ||
139 | - {{ $gateway | quote }} | ||
140 | {{- end }} | ||
141 | {{- else }} | ||
142 | $patch: delete | ||
143 | {{- end }} |
-
Please register or sign in to post a comment