diff --git a/infra/monitoring/grafana-admin-secret.enc.yaml b/infra/monitoring/grafana-admin-secret.enc.yaml new file mode 100644 index 0000000..2dce7ff --- /dev/null +++ b/infra/monitoring/grafana-admin-secret.enc.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: grafana-admin-secret + namespace: monitoring +stringData: + username: ENC[AES256_GCM,data:RkIDsoo=,iv:zhtzS1LDaV9z1/q5tqZUZekj5Klu1THqCc36Weuvkxs=,tag:8g5ni2U5HnkC1mNYI6hBXw==,type:str] + password: ENC[AES256_GCM,data:fGHm8MiItddLLzKo53JJfQ==,iv:VyABi3WbNNh9k43GyR4P+3LO+ByqtTAvPU+i1tT2Ds4=,tag:N/n4rI4CM2C+UFI2nfrayw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y1FDS3Z4N085RkVtS3ZO + RXhmRG5GZTdEbmFuYzJOUE1BQzZUTWhtcVJVCmJkZGZOYm1POVF3T1lHbUxjSkg2 + OG1yellJR1ZWazZhbjVLaVBxdzBEMGcKLS0tIGFlZEtNamk3TThMQktJWjl2bWVZ + dzh3RmhjVUlvZWVKU1d4UlN5a0pIOVkK9oq3mDBQXTvFiSD0RBmpYq/D2IMItuCF + Q8ej7e1tqItjeZMz1V/LEm4jGoBuqSaeOVSNz5OqvGT0TmqZ5ehQNw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-03T20:00:26Z" + mac: ENC[AES256_GCM,data:wEu8fF3j5EUBC1vFzoXuhZxglNtWAYKAfhkywf9Zaz54xTrrNdR5Ambzeykz8y4bQi6rI0eki2PGXJzdOFQi3rJjCrGl+9C11le3hhC0J++j9/wwYViHL/fb7c4dLALa9g/qcM4I688tmUBoH+3Q7LlxLLAkLbB/m98i0YAqCJI=,iv:5r75pUqEIYx8ROVIzW4lGUz6OqtL2iZJsOES8M3YBCo=,tag:w7W76vIABxBAvhzalwYe8A==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/infra/monitoring/grafana-ingress.yaml b/infra/monitoring/grafana-ingress.yaml index d630560..ec81068 100755 --- a/infra/monitoring/grafana-ingress.yaml +++ b/infra/monitoring/grafana-ingress.yaml @@ -9,8 +9,6 @@ spec: routes: - match: Host(`monitoring.namesny.com`) kind: Rule - middlewares: - - name: "auth-authelia@kubernetescrd" services: - name: kube-prometheus-stack-grafana port: 80 diff --git a/infra/monitoring/kustomization.yaml b/infra/monitoring/kustomization.yaml index a0c6805..2b980e8 100644 --- a/infra/monitoring/kustomization.yaml +++ b/infra/monitoring/kustomization.yaml @@ -7,8 +7,8 @@ resources: - namespace.yaml - grafana-ingress.yaml - #generators: - #- ./secret-generator.yaml +generators: +- ./secret-generator.yaml helmCharts: - name: kube-prometheus-stack diff --git a/infra/monitoring/secret-generator.yaml b/infra/monitoring/secret-generator.yaml new file mode 100644 index 0000000..2afb73e --- /dev/null +++ b/infra/monitoring/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: monitoring-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: +- ./grafana-admin-secret.enc.yaml diff --git a/infra/monitoring/values.yaml b/infra/monitoring/values.yaml index 711ae42..270bbb8 100644 --- a/infra/monitoring/values.yaml +++ b/infra/monitoring/values.yaml @@ -10,3 +10,8 @@ kubeControllerManager: kubeScheduler: enabled: false +grafana: + admin: + existingSecret: grafana-admin-secret + userKey: username + passwordKey: password