Install grafana

This commit is contained in:
Nikolai Rodionov 2024-07-26 15:06:05 +02:00
parent ba2da1d48b
commit 618210e26a
No known key found for this signature in database
GPG Key ID: B874DEE37A0C17DB
10 changed files with 212 additions and 85 deletions

0
helmfile.yaml Normal file
View File

View File

@ -21,7 +21,8 @@ repositories:
url: https://charts.min.io/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: grafana
url: https://grafana.github.io/helm-charts
releases:
- name: authentik
@ -45,7 +46,7 @@ releases:
- name: gitea
chart: gitea/gitea
version: 10.3.0
version: 10.4.0
namespace: applications
inherit:
- template: default-env-values
@ -133,8 +134,16 @@ releases:
- name: mealie
chart: softplayer-oci/mealie
namespace: applications
version: 0.1.0
version: 0.3.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: grafana
chart: grafana/grafana
namespace: applications
version: 8.3.6
inherit:
- template: default-env-values
- template: default-env-secrets

View File

@ -0,0 +1,12 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

View File

@ -0,0 +1,21 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
releases:
- name: prometheus
chart: prometheus-community/kube-prometheus-stack
namespace: monitoring
version: 61.3.2
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook

View File

@ -0,0 +1,23 @@
grafana.ini:
auth.generic_oauth:
client_secret: ENC[AES256_GCM,data:HZ7FEe5zCU8wBVqCNtWZbJmJOp9QY4/z0B/FRPm76cSb1zsmbDkPS8dKxF8SYYtR+v1UWdCfe8NZp0RtqV6MQx9HQRMIHwwbHQ/b2BvEs9Q/Q+V+6/uwdIMWYu7+uFwVs9c5OUdRmA3jJgGy6mV5ZBxdiBI6NGHJk4WpT6AXn+E=,iv:o8DHlwqywfyr+FHTh8J0N67xixX2dIgxgsOYYKiLAFo=,tag:unKLJUZbI11pfOJjXgbu7w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eFpXVi9PeWVvdlQ5cEJS
Yyt0L1F6UTQveVVpbXBnZE0xQ3hsb1Y3NG53ClRncVFtRVo1UHZjaDJyWkNoK1hZ
OStkM3ZmOU5SY3hFZ3lPOGtyakZBdlEKLS0tIFpuZVdMS1VVRmg5MDRIVzhISTJs
MUZJeDdqeUJrTVkvZ0NKZ0tvd0doaXcKZ2b/Gatfw4GlX3N1FDwziBvTrM3g+asd
92IVTZ5BGht2MbfcKAPJFcMr0KQKo8rVejDvYunkAZB94ICNr36MVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-25T11:05:53Z"
mac: ENC[AES256_GCM,data:m0JDoCSmvktNHIHb6DrDiB7Zecv8wwn4y4UN51IHnYQRuL5qdqHq9ntWiozDy2KQO5Xw7bSHB2Yb3XN5Byt5cUy7I3BIYYn7MiQjIzOWcjIJJvN2YzDzLeA+wieizM5anEgwCuhRsvGUkWs/OUylHOaSbX6ma2fBPtvMqieCa1s=,iv:lpKiI9y8AQfhfWc3KmSdyDEFks+i8FeZ/QedC7Ai35w=,tag:VhRsg1FIct4V1+jSxBKmKg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

View File

@ -1,7 +1,7 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:NopZyPWiTKPPVzLcvVLN3JgMQjQ=,iv:rWVhR2wChvQSIa7eBPrvnWO2ydLZ2D8oF87INiy8NX4=,tag:Xb0qbED6QXu5QBgHY6hrOA==,type:str]
postgresPassword: ENC[AES256_GCM,data:5u1PvGD7qiNp+fKRKd0k1NZ9Cmg=,iv:QD1xBqO1v4pKoQn+PpVVn/9gfgiQcVIOC+iwykS1fU8=,tag:/sZyLhKlSXQgq9NaE9SeAA==,type:str]
sops:
kms: []
gcp_kms: []
@ -11,14 +11,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibDUrRXlidmtidDBqQlFF
eU5ibmpFR003bmtOQTZ1R1VoSi90b3hVQUZnCjEwS0pkYWtWVzBjZjVBY3h6R2xx
d1cxbldsay9UVG1zODF5VUp2NExzcVUKLS0tIC8vdDB2M0YxTWpqQnl2RjJmZUxv
U1hxODZZdzRQZFZrVElSNW1oU21GMkEKGorPMRXGZp3RD95/CPUiNqjEArUH4ZYj
5UTYtScymvZ5zCPGsMYqmjGFPTg/HiEBAhVed03Smd7z/FmwdCchlA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-21T12:58:01Z"
mac: ENC[AES256_GCM,data:ShHWH9RIL4rJ5X0IvThOtyM28AC+1bJLr4PJJdYSLtV9T7Wcs2LbmWxtM2tpRyzMeZjYKJrsstGYgxBevr1BpfGBIeR4+JCwrbdK4AOq2VbLMpH7nMOU/huuUpxOopweRBTwZOEMRBkSkEk4qPvebLHEqUi6aNGdtxOINmHv/fA=,iv:C/iJOSshanbhSQ9Be712aSN2B8aXndPpP4655SQONeQ=,tag:BAJIzrYfh8a59OzkxDOrbw==,type:str]
lastmodified: "2024-07-25T15:16:56Z"
mac: ENC[AES256_GCM,data:uYaO2/51oCs1/ZZfWMwID+gv9XZetDZWyfG94KvCjn+2uMRNc9GgZok30CKFaDmi2D6oipoXyV3uz7BXgqHSk9rA/GTKoNzq8AEiSADXwnBneoQ8ftGZcGdr0V1R1gcsCtlu65kXsROksEK1pS0XQEMq5/zIftcL8wcOe7brnvA=,iv:UlCPOm4tEPqLW2Z5r6lcSZzF5nrRWmOdfz4z0J2mtww=,tag:o/bhbNe1/Gi+KWx1/xEg7Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.9.0

View File

@ -0,0 +1,87 @@
applications: {}
# guestbook:
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# finalizers:
# - resources-finalizer.argocd.argoproj.io
# project: guestbook
# source:
# repoURL: https://github.com/argoproj/argocd-example-apps.git
# targetRevision: HEAD
# path: guestbook
# directory:
# recurse: true
# # ArgoCD v2.6 or later
# sources:
# - chart: elasticsearch
# repoURL: https://helm.elastic.co
# targetRevision: 8.5.1
# - repoURL: https://github.com/argoproj/argocd-example-apps.git
# path: guestbook
# targetRevision: HEAD
# destination:
# server: https://kubernetes.default.svc
# namespace: guestbook
# syncPolicy:
# automated:
# prune: false
# selfHeal: false
# syncOptions:
# - CreateNamespace=true
# revisionHistoryLimit: null
# ignoreDifferences:
# - group: apps
# kind: Deployment
# jsonPointers:
# - /spec/replicas
# info:
# - name: url
# value: https://argoproj.github.io/
# -- Deploy Argo CD Projects within this helm release
# @default -- `{}` (See [values.yaml])
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
projects: {}
# guestbook:
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# permitOnlyProjectScopedClusters: false
# finalizers:
# - resources-finalizer.argocd.argoproj.io
# description: Example Project
# sourceRepos:
# - '*'
# destinations:
# - namespace: guestbook
# server: https://kubernetes.default.svc
# clusterResourceWhitelist: []
# clusterResourceBlacklist: []
# namespaceResourceBlacklist:
# - group: ''
# kind: ResourceQuota
# - group: ''
# kind: LimitRange
# - group: ''
# kind: NetworkPolicy
# orphanedResources: {}
# roles: []
# namespaceResourceWhitelist:
# - group: 'apps'
# kind: Deployment
# - group: 'apps'
# kind: StatefulSet
# orphanedResources: {}
# roles: []
# syncWindows:
# - kind: allow
# schedule: '10 1 * * *'
# duration: 1h
# applications:
# - '*-prod'
# manualSync: true
# signatureKeys:
# - keyID: ABCDEF1234567890
# sourceNamespaces:
# - argocd

View File

@ -0,0 +1,44 @@
assertNoLeakedSecrets: false
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
pathType: Prefix
hosts:
- grafana.badhouseplants.net
tls:
- secretName: grafana.badhouseplants.net
hosts:
- grafana.badhouseplants.net
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://prometheus-operated.monitoring.svc.cluster.local:9090
access: proxy
isDefault: true
grafana.ini:
server:
root_url: https://grafana.badhouseplants.net
auth:
signout_redirect_url: "https://authentik.badhouseplants.net/application/o/grafana/end-session/"
oauth_auto_login: true
auth.generic_oauth:
name: authentik
enabled: true
client_id: "grafana"
scopes: "openid profile email"
auth_url: "https://authentik.badhouseplants.net/application/o/authorize/"
token_url: "https://authentik.badhouseplants.net/application/o/token/"
api_url: "https://authentik.badhouseplants.net/application/o/userinfo/"
# Optionally map user groups to Grafana roles
role_attribute_path: contains(groups, 'Admins') && 'Admin' || contains(groups, 'DevOps') && 'Editor' || 'Viewer'

View File

@ -1,5 +1,5 @@
namespaces:
- name: longhorn-system
- name: monitoring
- name: databases
- name: applications
- name: development

View File

@ -3,24 +3,16 @@
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: grafana-https
gateway: istio-system/badhouseplants-net
kind: http
hostname: "grafana.badhouseplants.net"
service: prometheus-grafana
port: 80
coreDns:
enabled: false
kubeEtcd:
enabled: false
kubelet:
enabled: false
enabled: true
kubeApiServer:
enabled: false
grafana:
enabled: false
prometheus-node-exporter:
prometheus:
@ -85,64 +77,3 @@ prometheus:
resources:
requests:
storage: 12Gi
grafana:
assertNoLeakedSecrets: false
persistence:
enabled: true
size: 2Gi
grafana.ini:
server:
root_url: https://grafana.badhouseplants.net
auth.generic_oauth:
name: Gitea
icon: signin
enabled: true
allow_sign_up: true
auto_login: false
client_id: 0ce70a7d-f267-44cc-9686-71048277e51d
scopes: openid profile email groups
empty_scopes: false
auth_url: https://git.badhouseplants.net/login/oauth/authorize
token_url: https://git.badhouseplants.net/login/oauth/access_token
api_url: https://git.badhouseplants.net/login/oauth/userinfo
tls_skip_verify_insecure: false
use_pkce: true
role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer'
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
gitea-dashboard:
gnetId: 13192
revision: 1
datasource: Prometheus
argo-dashboard:
gnetId: 14584
revision: 1
datasource: Prometheus
datasources:
loki.yaml:
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
uid: loki
editable: false
url: http://loki.monitoring-system:3100/
jsonData:
maxLines: 1000