Install grafana

installations/applications/helmfile.yaml

@@ -21,7 +21,8 @@ repositories:
     url: https://charts.min.io/
   - name: bedag
     url: https://bedag.github.io/helm-charts/
-
+  - name: grafana 
+    url: https://grafana.github.io/helm-charts
 
 releases:
   - name: authentik
@@ -45,7 +46,7 @@ releases:
     
   - name: gitea
     chart: gitea/gitea
-    version: 10.3.0
+    version: 10.4.0
     namespace: applications
     inherit:
       - template: default-env-values
@@ -133,8 +134,16 @@ releases:
   - name: mealie
     chart: softplayer-oci/mealie
     namespace: applications
-    version: 0.1.0
+    version: 0.3.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
       - template: ext-database
+  
+  - name: grafana
+    chart: grafana/grafana
+    namespace: applications
+    version: 8.3.6
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets

installations/development/helmfile.yaml

@@ -0,0 +1,12 @@
+{{ readFile "../../common/templates.yaml" }}
+
+bases:
+  - ../../common/environments.yaml
+
+repositories:
+  - name: argo
+    url: https://argoproj.github.io/argo-helm
+
+releases:
+  - name: badhouseplants
+    namespace: platform

installations/monitoring/helmfile.yaml

@@ -0,0 +1,21 @@
+{{ readFile "../../common/templates.yaml" }}
+
+bases:
+  - ../../common/environments.yaml
+
+repositories:
+  - name: bedag
+    url: https://bedag.github.io/helm-charts/
+  - name: prometheus-community
+    url: https://prometheus-community.github.io/helm-charts
+
+
+releases:
+  - name: prometheus
+    chart: prometheus-community/kube-prometheus-stack
+    namespace: monitoring
+    version: 61.3.2
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: crd-management-hook

values/badhouseplants/secrets.grafana.yaml

@@ -0,0 +1,23 @@
+grafana.ini:
+    auth.generic_oauth:
+        client_secret: ENC[AES256_GCM,data:HZ7FEe5zCU8wBVqCNtWZbJmJOp9QY4/z0B/FRPm76cSb1zsmbDkPS8dKxF8SYYtR+v1UWdCfe8NZp0RtqV6MQx9HQRMIHwwbHQ/b2BvEs9Q/Q+V+6/uwdIMWYu7+uFwVs9c5OUdRmA3jJgGy6mV5ZBxdiBI6NGHJk4WpT6AXn+E=,iv:o8DHlwqywfyr+FHTh8J0N67xixX2dIgxgsOYYKiLAFo=,tag:unKLJUZbI11pfOJjXgbu7w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eFpXVi9PeWVvdlQ5cEJS
+            Yyt0L1F6UTQveVVpbXBnZE0xQ3hsb1Y3NG53ClRncVFtRVo1UHZjaDJyWkNoK1hZ
+            OStkM3ZmOU5SY3hFZ3lPOGtyakZBdlEKLS0tIFpuZVdMS1VVRmg5MDRIVzhISTJs
+            MUZJeDdqeUJrTVkvZ0NKZ0tvd0doaXcKZ2b/Gatfw4GlX3N1FDwziBvTrM3g+asd
+            92IVTZ5BGht2MbfcKAPJFcMr0KQKo8rVejDvYunkAZB94ICNr36MVQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-25T11:05:53Z"
+    mac: ENC[AES256_GCM,data:m0JDoCSmvktNHIHb6DrDiB7Zecv8wwn4y4UN51IHnYQRuL5qdqHq9ntWiozDy2KQO5Xw7bSHB2Yb3XN5Byt5cUy7I3BIYYn7MiQjIzOWcjIJJvN2YzDzLeA+wieizM5anEgwCuhRsvGUkWs/OUylHOaSbX6ma2fBPtvMqieCa1s=,iv:lpKiI9y8AQfhfWc3KmSdyDEFks+i8FeZ/QedC7Ai35w=,tag:VhRsg1FIct4V1+jSxBKmKg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0

values/badhouseplants/secrets.postgres.yaml

@@ -1,7 +1,7 @@
 global:
     postgresql:
         auth:
-            postgresPassword: ENC[AES256_GCM,data:NopZyPWiTKPPVzLcvVLN3JgMQjQ=,iv:rWVhR2wChvQSIa7eBPrvnWO2ydLZ2D8oF87INiy8NX4=,tag:Xb0qbED6QXu5QBgHY6hrOA==,type:str]
+            postgresPassword: ENC[AES256_GCM,data:5u1PvGD7qiNp+fKRKd0k1NZ9Cmg=,iv:QD1xBqO1v4pKoQn+PpVVn/9gfgiQcVIOC+iwykS1fU8=,tag:/sZyLhKlSXQgq9NaE9SeAA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -11,14 +11,14 @@ sops:
         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibDUrRXlidmtidDBqQlFF
-            VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
+            eU5ibmpFR003bmtOQTZ1R1VoSi90b3hVQUZnCjEwS0pkYWtWVzBjZjVBY3h6R2xx
-            bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
+            d1cxbldsay9UVG1zODF5VUp2NExzcVUKLS0tIC8vdDB2M0YxTWpqQnl2RjJmZUxv
-            Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
+            U1hxODZZdzRQZFZrVElSNW1oU21GMkEKGorPMRXGZp3RD95/CPUiNqjEArUH4ZYj
-            OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
+            5UTYtScymvZ5zCPGsMYqmjGFPTg/HiEBAhVed03Smd7z/FmwdCchlA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-21T12:58:01Z"
+    lastmodified: "2024-07-25T15:16:56Z"
-    mac: ENC[AES256_GCM,data:ShHWH9RIL4rJ5X0IvThOtyM28AC+1bJLr4PJJdYSLtV9T7Wcs2LbmWxtM2tpRyzMeZjYKJrsstGYgxBevr1BpfGBIeR4+JCwrbdK4AOq2VbLMpH7nMOU/huuUpxOopweRBTwZOEMRBkSkEk4qPvebLHEqUi6aNGdtxOINmHv/fA=,iv:C/iJOSshanbhSQ9Be712aSN2B8aXndPpP4655SQONeQ=,tag:BAJIzrYfh8a59OzkxDOrbw==,type:str]
+    mac: ENC[AES256_GCM,data:uYaO2/51oCs1/ZZfWMwID+gv9XZetDZWyfG94KvCjn+2uMRNc9GgZok30CKFaDmi2D6oipoXyV3uz7BXgqHSk9rA/GTKoNzq8AEiSADXwnBneoQ8ftGZcGdr0V1R1gcsCtlu65kXsROksEK1pS0XQEMq5/zIftcL8wcOe7brnvA=,iv:UlCPOm4tEPqLW2Z5r6lcSZzF5nrRWmOdfz4z0J2mtww=,tag:o/bhbNe1/Gi+KWx1/xEg7Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.9.0

values/badhouseplants/values.argo-badhouseplants.net

@@ -0,0 +1,87 @@
+applications: {}
+#  guestbook:
+#    namespace: argocd
+#    additionalLabels: {}
+#    additionalAnnotations: {}
+#    finalizers:
+#    - resources-finalizer.argocd.argoproj.io
+#    project: guestbook
+#    source:
+#      repoURL: https://github.com/argoproj/argocd-example-apps.git
+#      targetRevision: HEAD
+#      path: guestbook
+#      directory:
+#        recurse: true
+#    # ArgoCD v2.6 or later
+#    sources:
+#    - chart: elasticsearch
+#      repoURL: https://helm.elastic.co
+#      targetRevision: 8.5.1
+#    - repoURL: https://github.com/argoproj/argocd-example-apps.git
+#      path: guestbook
+#      targetRevision: HEAD
+#    destination:
+#      server: https://kubernetes.default.svc
+#      namespace: guestbook
+#    syncPolicy:
+#      automated:
+#        prune: false
+#        selfHeal: false
+#      syncOptions:
+#      - CreateNamespace=true
+#    revisionHistoryLimit: null
+#    ignoreDifferences:
+#    - group: apps
+#      kind: Deployment
+#      jsonPointers:
+#      - /spec/replicas
+#    info:
+#    - name: url
+#      value: https://argoproj.github.io/
+
+# -- Deploy Argo CD Projects within this helm release
+# @default -- `{}` (See [values.yaml])
+## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
+projects: {}
+#  guestbook:
+#    namespace: argocd
+#    additionalLabels: {}
+#    additionalAnnotations: {}
+#    permitOnlyProjectScopedClusters: false
+#    finalizers:
+#    - resources-finalizer.argocd.argoproj.io
+#    description: Example Project
+#    sourceRepos:
+#    - '*'
+#    destinations:
+#    - namespace: guestbook
+#      server: https://kubernetes.default.svc
+#    clusterResourceWhitelist: []
+#    clusterResourceBlacklist: []
+#    namespaceResourceBlacklist:
+#    - group: ''
+#      kind: ResourceQuota
+#    - group: ''
+#      kind: LimitRange
+#    - group: ''
+#      kind: NetworkPolicy
+#      orphanedResources: {}
+#      roles: []
+#    namespaceResourceWhitelist:
+#    - group: 'apps'
+#      kind: Deployment
+#    - group: 'apps'
+#      kind: StatefulSet
+#    orphanedResources: {}
+#    roles: []
+#    syncWindows:
+#    - kind: allow
+#      schedule: '10 1 * * *'
+#      duration: 1h
+#      applications:
+#      - '*-prod'
+#      manualSync: true
+#    signatureKeys:
+#    - keyID: ABCDEF1234567890
+#    sourceNamespaces:
+#    - argocd

values/badhouseplants/values.grafana.yaml

@@ -0,0 +1,44 @@
+assertNoLeakedSecrets: false
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  annotations: 
+    kubernetes.io/ingress.class: traefik
+    kubernetes.io/tls-acme: "true"
+    kubernetes.io/ingress.allow-http: "false"
+    kubernetes.io/ingress.global-static-ip-name: ""
+    cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+  path: /
+  pathType: Prefix
+  hosts:
+    - grafana.badhouseplants.net
+  tls:
+    - secretName: grafana.badhouseplants.net
+      hosts:
+        - grafana.badhouseplants.net
+datasources:
+  datasources.yaml:
+    apiVersion: 1
+    datasources:
+      - name: Prometheus
+        type: prometheus
+        url: http://prometheus-operated.monitoring.svc.cluster.local:9090
+        access: proxy
+        isDefault: true
+grafana.ini:
+    server:
+      root_url: https://grafana.badhouseplants.net
+    auth:
+        signout_redirect_url: "https://authentik.badhouseplants.net/application/o/grafana/end-session/"
+        oauth_auto_login: true
+    auth.generic_oauth:
+        name: authentik
+        enabled: true
+        client_id: "grafana"
+        scopes: "openid profile email"
+        auth_url: "https://authentik.badhouseplants.net/application/o/authorize/"
+        token_url: "https://authentik.badhouseplants.net/application/o/token/"
+        api_url: "https://authentik.badhouseplants.net/application/o/userinfo/"
+        # Optionally map user groups to Grafana roles
+        role_attribute_path: contains(groups, 'Admins') && 'Admin' || contains(groups, 'DevOps') && 'Editor' || 'Viewer'

values/badhouseplants/values.namespaces.yaml

@@ -1,5 +1,5 @@
 namespaces:
-  - name: longhorn-system
+  - name: monitoring
   - name: databases
   - name: applications
   - name: development

values/badhouseplants/values.prometheus.yaml

@@ -3,24 +3,16 @@
 # -- Istio extenstion. Just because I'm
 # --  not using ingress nginx
 # ------------------------------------------
-istio:
-  enabled: true
-  istio:
-    - name: grafana-https
-      gateway: istio-system/badhouseplants-net
-      kind: http
-      hostname: "grafana.badhouseplants.net"
-      service: prometheus-grafana
-      port: 80
-
 coreDns:
   enabled: false
 kubeEtcd:
   enabled: false
 kubelet:
-  enabled: false
+  enabled: true
 kubeApiServer:
   enabled: false
+grafana:
+  enabled: false
 
 prometheus-node-exporter:
   prometheus:
@@ -85,64 +77,3 @@ prometheus:
           resources:
             requests:
               storage: 12Gi
-
-grafana:
-  assertNoLeakedSecrets: false
-  persistence:
-    enabled: true
-    size: 2Gi
-  grafana.ini:
-    server:
-      root_url: https://grafana.badhouseplants.net
-    auth.generic_oauth:
-      name: Gitea
-      icon: signin
-      enabled: true
-      allow_sign_up: true
-      auto_login: false
-      client_id: 0ce70a7d-f267-44cc-9686-71048277e51d
-      scopes: openid profile email groups
-      empty_scopes: false
-      auth_url: https://git.badhouseplants.net/login/oauth/authorize
-      token_url: https://git.badhouseplants.net/login/oauth/access_token
-      api_url: https://git.badhouseplants.net/login/oauth/userinfo
-      tls_skip_verify_insecure: false
-      use_pkce: true
-      role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer'
-  
-  dashboardProviders:
-    dashboardproviders.yaml:
-      apiVersion: 1
-      providers:
-        - name: 'default'
-          orgId: 1
-          folder: ''
-          type: file
-          disableDeletion: true
-          editable: false
-          options:
-            path: /var/lib/grafana/dashboards/default
-  
-  dashboards:
-    default:
-      gitea-dashboard:
-        gnetId: 13192
-        revision: 1
-        datasource: Prometheus
-      argo-dashboard:
-        gnetId: 14584
-        revision: 1
-        datasource: Prometheus
-  
-  datasources:
-    loki.yaml:
-      apiVersion: 1
-      datasources:
-      - name: Loki
-        type: loki
-        access: proxy
-        uid: loki
-        editable: false
-        url: http://loki.monitoring-system:3100/
-        jsonData:
-          maxLines: 1000