Install Prometheus

README.md

@@ -1,2 +1,5 @@
 # Kubernetes configuration
 [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config)
+
+# CRD hooks
+I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. 

badhouseplants/helmfile.yaml

@@ -52,6 +52,11 @@ releases:
     namespace: mailu-application
     createNamespace: true
 
+  - <<: *prometheus
+    installed: true
+    namespace: monitoring-system
+    createNamespace: true
+
 bases:
   - ../environments.yaml
   - ../repositories.yaml

badhouseplants/values/.decrypted~secrets.prometheus.yaml

@@ -0,0 +1,6 @@
+grafana:
+    adminPassword: h*Ct9g!k&SQQjs%i!7SrMrv^9
+    adminUser: overlord
+    grafana.ini:
+        auth.generic_oauth:
+            client_secret: gto_mpc5pzjnjysab37kqjouwrexkayubxdlrgv75vjamwyrrtkv6zzq

badhouseplants/values/secrets.prometheus.yaml

@@ -0,0 +1,26 @@
+grafana:
+    adminPassword: ENC[AES256_GCM,data:gxI2S/KxstCmLKTeAqRESo4p9sMImVqUDA==,iv:/5aKhPxCeEN22juQPwLBaM8n3AAjV9axxuZ1NZbZ9IM=,tag:PmCtctTjZIXlgXyDA7G4yQ==,type:str]
+    adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str]
+    grafana.ini:
+        auth.generic_oauth:
+            client_secret: ENC[AES256_GCM,data:7/PqroaClfcd6kTHm+oljOA/r6FGq5EXnv5BRsrMRsaHhX0AzPLMk7Z/sc6SuP5iR+Xysa8/Y/o=,iv:vdZKOA4MsQjMnmKsAT0QA+E3WaAQXoIItVsznlbXZ68=,tag:sbuDV8RkAcZiGuxkytu3XQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeTlhQ2xpK0dvMU00ejh4
+            bjZxZVMvMEFobGFqYU55a3dxcTlnRitkS2wwCmJVNHhQNHJHTVBxbk4xQ1RWbkFv
+            TUNGY3YvQUIyTUJYNEZmOWRYd3JaUHcKLS0tIHJ5STVXV0hxRUdYQmNXSFR2U0Vv
+            NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/
+            QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-05-28T06:39:30Z"
+    mac: ENC[AES256_GCM,data:21m+X5uMwQSBEVsV+x+flobNlcPJRXF50IfbfzVoW4C/Tt+77gasD+Lq9A4q+U3lbRm59FO0R0u8puONM0MfM7QFTJyevZKGVGQFOMEnOHwv4s9w5WNMTZszPopcWRFuM+6rRvoWypr0hTVGKFpIQ/asfGdqxHGPf8Rdq5OPU9M=,iv:BtU0CckuX9F/MJe+31TA3oLAGOZlZis5AIKY40uYRgc=,tag:nDZI0kaXx7alFU3qEafQmA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

badhouseplants/values/values.prometheus.yaml

@@ -0,0 +1,57 @@
+---
+# ------------------------------------------
+# -- Istio extenstion. Just because I'm
+# --  not using ingress nginx
+# ------------------------------------------
+istio:
+  enabled: true
+  istio:
+    - name: grafana-https
+      gateway: badhouseplants-net
+      kind: http
+      hostname: "grafana.badhouseplants.net"
+      service: prometheus-grafana
+      port: 80
+prometheus:
+  prometheusSpec:
+    podMonitorNamespaceSelector:
+      any: true
+    podMonitorSelector: {}
+    podMonitorSelectorNilUsesHelmValues: false
+    ruleNamespaceSelector:
+      any: true
+    ruleSelector: {}
+    ruleSelectorNilUsesHelmValues: false
+    serviceMonitorNamespaceSelector:
+      any: true
+    serviceMonitorSelector: {}
+    serviceMonitorSelectorNilUsesHelmValues: false
+    storageSpec: 
+     volumeClaimTemplate:
+       spec:
+         accessModes: ["ReadWriteOnce"]
+         resources:
+           requests:
+             storage: 5Gi
+grafana:
+  persistence:
+    enabled: true
+    size: 2Gi
+  grafana.ini:
+    server:
+      root_url: https://grafana.badhouseplants.net
+    auth.generic_oauth:
+      name: Gitea
+      icon: signin
+      enabled: true
+      allow_sign_up: true
+      auto_login: false
+      client_id: 0ce70a7d-f267-44cc-9686-71048277e51d
+      scopes: openid profile email groups
+      empty_scopes: false
+      auth_url: https://git.badhouseplants.net/login/oauth/authorize
+      token_url: https://git.badhouseplants.net/login/oauth/access_token
+      api_url: https://git.badhouseplants.net/login/oauth/userinfo
+      tls_skip_verify_insecure: false
+      use_pkce: true
+      role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer'

helmfile.yaml

@@ -35,7 +35,7 @@ releases:
     installed: true
     namespace: minio-service
     createNamespace: false
-  
+
   - <<: *openvpn
     installed: true
     namespace: openvpn-service

releases.yaml

@@ -10,7 +10,10 @@ templates:
         command: "sh"
         args:
           - -c
-          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }}| kubectl apply -f -"
+          - | 
+            helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f  - \
+            || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f  - \
+            || true
       - events: ["prepare"]
         showlogs: true
         command: "sh"
@@ -22,13 +25,13 @@ templates:
         command: "sh"
         args:
           - -c
-          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -"
+          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
   # ----------------------------
   # -- Configs
   # ----------------------------
   default-common-values:
     values:
-      - '{{ requiredEnv "PWD" }}/commmon/values.{{ .Release.Name }}.yaml'
+      - '{{ requiredEnv "PWD" }}/common/values.{{ .Release.Name }}.yaml'
   default-env-values:
     values:
       - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml'
@@ -65,8 +68,9 @@ templates:
       - chart: bedag/raw
         version: 2.0.0
         alias: ns
-    values:
-      - '{{ requiredEnv "PWD" }}/common/values.ns.yaml'
+    inherit:
+      - template: default-common-values
+      - template: default-env-values
   # ----------------------------
   # -- Releases
   # ----------------------------
@@ -106,6 +110,16 @@ templates:
       - template: default-env-values
       - template: default-env-secrets
       - template: ext-istio-resource
+
+  prometheus: &prometheus
+    name: prometheus
+    chart: prometheus-community/kube-prometheus-stack
+    version: 46.4.1
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: crd-management-hook
+      - template: ext-istio-resource
   # ----------------------------
   # -- Istio
   # ----------------------------
@@ -188,7 +202,6 @@ templates:
       - template: default-env-secrets
       - template: ext-istio-resource
 
-
   minio: &minio
     name: minio
     chart: minio/minio
@@ -198,7 +211,6 @@ templates:
       - template: default-env-secrets
       - template: ext-istio-resource
 
-
   minecraft: &minecraft
     name: minecraft
     chart: minecraft-server-charts/minecraft
@@ -207,7 +219,6 @@ templates:
       - template: default-env-values
       - template: ext-istio-resource
 
-
   gitea: &gitea
     name: gitea
     chart: gitea/gitea

repositories.yaml

@@ -26,7 +26,9 @@ repositories:
     url: https://argoproj.github.io/argo-helm
   - name: bedag
     url: https://bedag.github.io/helm-charts/
-  - name: mailu
-    url: https://mailu.github.io/helm-charts/
+  # - name: mailu
+    # url: https://mailu.github.io/helm-charts/
   - name: metallb
     url: https://metallb.github.io/metallb
+  - name: prometheus-community
+    url: https://prometheus-community.github.io/helm-charts