From 9f0910e31c88e8d7f0f9e7a2012a44a4c0132408 Mon Sep 17 00:00:00 2001
From: Mathis <matus@namesny.com>
Date: Sat, 27 Apr 2024 14:53:40 +0000
Subject: [PATCH] Change monitoring solution

---
 .../monitoring/grafana-admin-secret.enc.yaml  | 28 ---------
 infra/monitoring/grafana-ingress.yaml         | 14 -----
 infra/monitoring/kustomization.yaml           | 10 ++--
 infra/monitoring/loki-secret.enc.yaml         | 29 ++++++++++
 infra/monitoring/prometheus-secret.enc.yaml   | 29 ++++++++++
 infra/monitoring/secret-generator.yaml        |  3 +-
 infra/monitoring/values.yaml                  | 57 ++++++++++++++-----
 7 files changed, 106 insertions(+), 64 deletions(-)
 delete mode 100644 infra/monitoring/grafana-admin-secret.enc.yaml
 delete mode 100755 infra/monitoring/grafana-ingress.yaml
 create mode 100644 infra/monitoring/loki-secret.enc.yaml
 create mode 100644 infra/monitoring/prometheus-secret.enc.yaml

diff --git a/infra/monitoring/grafana-admin-secret.enc.yaml b/infra/monitoring/grafana-admin-secret.enc.yaml
deleted file mode 100644
index 2dce7ff..0000000
--- a/infra/monitoring/grafana-admin-secret.enc.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: grafana-admin-secret
-    namespace: monitoring
-stringData:
-    username: ENC[AES256_GCM,data:RkIDsoo=,iv:zhtzS1LDaV9z1/q5tqZUZekj5Klu1THqCc36Weuvkxs=,tag:8g5ni2U5HnkC1mNYI6hBXw==,type:str]
-    password: ENC[AES256_GCM,data:fGHm8MiItddLLzKo53JJfQ==,iv:VyABi3WbNNh9k43GyR4P+3LO+ByqtTAvPU+i1tT2Ds4=,tag:N/n4rI4CM2C+UFI2nfrayw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y1FDS3Z4N085RkVtS3ZO
-            RXhmRG5GZTdEbmFuYzJOUE1BQzZUTWhtcVJVCmJkZGZOYm1POVF3T1lHbUxjSkg2
-            OG1yellJR1ZWazZhbjVLaVBxdzBEMGcKLS0tIGFlZEtNamk3TThMQktJWjl2bWVZ
-            dzh3RmhjVUlvZWVKU1d4UlN5a0pIOVkK9oq3mDBQXTvFiSD0RBmpYq/D2IMItuCF
-            Q8ej7e1tqItjeZMz1V/LEm4jGoBuqSaeOVSNz5OqvGT0TmqZ5ehQNw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-03T20:00:26Z"
-    mac: ENC[AES256_GCM,data:wEu8fF3j5EUBC1vFzoXuhZxglNtWAYKAfhkywf9Zaz54xTrrNdR5Ambzeykz8y4bQi6rI0eki2PGXJzdOFQi3rJjCrGl+9C11le3hhC0J++j9/wwYViHL/fb7c4dLALa9g/qcM4I688tmUBoH+3Q7LlxLLAkLbB/m98i0YAqCJI=,iv:5r75pUqEIYx8ROVIzW4lGUz6OqtL2iZJsOES8M3YBCo=,tag:w7W76vIABxBAvhzalwYe8A==,type:str]
-    pgp: []
-    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.8.1
diff --git a/infra/monitoring/grafana-ingress.yaml b/infra/monitoring/grafana-ingress.yaml
deleted file mode 100755
index ec81068..0000000
--- a/infra/monitoring/grafana-ingress.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: grafana-ingress
-  namespace: monitoring
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`monitoring.namesny.com`)
-    kind: Rule
-    services:
-    - name: kube-prometheus-stack-grafana
-      port: 80
diff --git a/infra/monitoring/kustomization.yaml b/infra/monitoring/kustomization.yaml
index 8a8dfef..a5d42d5 100644
--- a/infra/monitoring/kustomization.yaml
+++ b/infra/monitoring/kustomization.yaml
@@ -5,16 +5,14 @@ generatorOptions:
 namespace: monitoring
 resources:
 - namespace.yaml
-- grafana-ingress.yaml
 
 generators:
 - ./secret-generator.yaml
 
 helmCharts:
-- name: kube-prometheus-stack
-  releaseName: kube-prometheus-stack
-  version: 58.2.2
-  repo: https://prometheus-community.github.io/helm-charts
+- name: k8s-monitoring
+  releaseName: grafana-k8s-monitoring
+  version: 1.0.3
+  repo: https://grafana.github.io/helm-charts 
   namespace: monitoring
   valuesFile: values.yaml
-
diff --git a/infra/monitoring/loki-secret.enc.yaml b/infra/monitoring/loki-secret.enc.yaml
new file mode 100644
index 0000000..356b229
--- /dev/null
+++ b/infra/monitoring/loki-secret.enc.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: loki-secret
+    namespace: monitoring
+stringData:
+    host: ENC[AES256_GCM,data:rVMcsxS2yzOC+SeqPlVOVLlg/FviDoT79Z00NTi9nKHu,iv:vKZvn0b9lLMWsBbAvBIfAf/fkQ1KSIkXMJi4hTr+tHY=,tag:PIAZm1O/QbH6Ad3yMRmEvQ==,type:str]
+    username: ENC[AES256_GCM,data:HViufT0S,iv:g4LldPUsiALA6KUXn6xg1dxO1PaEx7PqKbpaTFbtcoQ=,tag:Asad1eWQKJOFCulm3xJBYg==,type:str]
+    password: ENC[AES256_GCM,data:KzafvYQ9hLeZcwTAJpE9z0ZDpGQL0lVMk7tSRKp6yQFZBl+u0V4u4leBtUDPm80605dP0BidHKL9MQ5c+2iayxjoBoBDDH6YDLjytN+2TnTU8fabY1wRYiAInOPxitcdoPLVzcw1/1DH9qiPJu7pdMWoz/JdM2PbHILW4G0uY/T9HERAwA28FX0R5sfQnfRPfaxSoea4HAMB2IG3lXn5wvwwsc2JZ+1KkInZ3XYg/vv0KwLD,iv:aWrgu6B2O9Is7tYqnSgTlz1fhYQEB5TIS4xl9PKoFwc=,tag:KLYaUsF6fDxHzXJdjnwHwQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcGE2VTZPcmpPQVNLbW5s
+            U3ZNaVZnMkRhOCtpYk1KdUpSalArRXI3VTFrClJORVVDRXBCM01lQVlnbjQ1RVhT
+            aFJEdk5oOHBVK1VJWTFwRXI5YXZmeUUKLS0tIEcwWmp5aHRDMHVrNFg0bnhVV2FI
+            UGpPaU54QjM4Y0pIQ0I3elVXakl0Uk0KXqd8LjaLjwzcgzi0WBAHBJLjNaP8yqKB
+            zQsrvGJvSIo3TdEVaRGvM9F/4nsLmQC6mYfENwtlyV4IWn0w8psMyw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-27T14:02:57Z"
+    mac: ENC[AES256_GCM,data:kkWKaG6+dobfZjr7xlKyJs5FOOSP8UXRci2wOhVKoa9BnWONdeKHIP8L4+xFvxXGs69EAUK0242ZM+cpPge8XtTFCbq9z+23OcFZej0nlO9yQxEOwTEE/zmOqnh8s3j3hmOUlyQPzgnLubbwiMEdhtHky/YdffziM8K1b+u4EPc=,iv:JpD6gj9vRp8Iap1+wH6zaewDUAubRJlUaicupoeVQkc=,tag:S+IG9K+wgkazgLi7tUIbSw==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.8.1
diff --git a/infra/monitoring/prometheus-secret.enc.yaml b/infra/monitoring/prometheus-secret.enc.yaml
new file mode 100644
index 0000000..7dd195a
--- /dev/null
+++ b/infra/monitoring/prometheus-secret.enc.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: prometheus-secret
+    namespace: monitoring
+stringData:
+    host: ENC[AES256_GCM,data:2GDOS1737kJ2xTjloQolicFSyalglzI3qlUl2mZo1rIvYLwrHipetqjEkYHQSiA096jvtsU=,iv:bUfdSzfnEqXwv4eozpepwabPiSH792aW0GOtTChORKw=,tag:j8pPRVIvqLkjUBcMUV4poQ==,type:str]
+    username: ENC[AES256_GCM,data:0ZQu0t4iJw==,iv:stS/U68x0ZglXPAa3eICmzlEtCEd1nnO2B+hwPzOvHE=,tag:vWVe2D8cpL4BKn9odjP+ZQ==,type:str]
+    password: ENC[AES256_GCM,data:VuugS5hwdaFE81ig8INkvLzO0M/81cvSenMuEUeOgcDL9b1H58YT65WFu/ouO1cCd3hF6SWChcLmfw2Z9wCTqhDnUiQ/JnLOriBqDeQFBK9qY5rPnHX/efvXRcNfwNUoQqlPAjUfubyjduPmHxtYHw62Ov0KSo3sG9ExWdNWEVkTUgXp662Al6E24njxMTSFssy4zY75Cwz0a9Uw9ILPnLnRwe1XIPdXL9PhAzUEVuRWycqC,iv:BO9HdE+Ql1TQ1j+0MF0NdiW5DVTbShLEduEFbMMIR8U=,tag:GA/u1MBBJaaWFF93N0i37A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdFhzSDEwdjZDVTRxN3Yx
+            OExHd3BYekx4TllPVi96c2JHamdQTlpaUHdrCi90dXBjaFBTSTA4c0JsbWt2WTBm
+            anB5NXkxeS9IbU9TT3dseGRjME1PeEUKLS0tIGhLUi9GQUNvczhId2k5RExNQ2lk
+            S3ZLUVNvd1BKWjZhRXVrR2NJV3FrMDAKxvoeNeR+mYBCEd4JtU+L52M0Lhj1W07H
+            UbD0+Bi8KTJWGWPVPm4prPA2jqk7zKhZ7BeSkZtwp1QQ+tVJF52fAA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-27T14:03:01Z"
+    mac: ENC[AES256_GCM,data:i02frS7UI//prqlbCnFF9D+mpcUnshgZ7YCeJwk5/SCZh9QJEDDAgANpz5V8rnp4v3NQlQt1mT6JWvi/N6MgfeePvwvNT85Hewo1iH2wPbyB4IMA2n4qJ8oK5lAYy/7WR/Cvi9LD/4FedTQ0xvNsj/GECwbI8YMmvUz3EUo3W3Y=,iv:ywp0ojCYd1rahm8Ltk821bLcofynCjv5mEv6QR9RDTs=,tag:UxKEpd09IB1H8GlZbXqhPw==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.8.1
diff --git a/infra/monitoring/secret-generator.yaml b/infra/monitoring/secret-generator.yaml
index 2afb73e..90651c5 100644
--- a/infra/monitoring/secret-generator.yaml
+++ b/infra/monitoring/secret-generator.yaml
@@ -7,4 +7,5 @@ metadata:
         exec:
           path: ksops
 files:
-- ./grafana-admin-secret.enc.yaml
+- ./loki-secret.enc.yaml
+- ./prometheus-secret.enc.yaml
diff --git a/infra/monitoring/values.yaml b/infra/monitoring/values.yaml
index 270bbb8..8d3236e 100644
--- a/infra/monitoring/values.yaml
+++ b/infra/monitoring/values.yaml
@@ -1,17 +1,44 @@
-defaultRules:
-  rules:
-    etcd: false
-    kubeControllerManager: true 
-
-kubeEtcd:
+cluster:
+  name: auberon
+externalServices:
+  prometheus:
+    secret:
+      create: false
+      name: prometheus-secret
+      namespace: monitoring
+  loki:
+    secret:
+      create: false
+      name: loki-secret
+      namespace: monitoring
+metrics:
+  enabled: true
+  cost:
+    enabled: false
+  node-exporter:
+    enabled: true
+logs:
+  enabled: true
+  pod_logs:
+    enabled: true
+  cluster_events:
+    enabled: true
+traces:
   enabled: false
-kubeControllerManager:
+receivers:
+  grpc:
+    enabled: false
+  http:
+    enabled: false
+  zipkin:
+    enabled: false
+opencost:
   enabled: false
-kubeScheduler:
-  enabled: false
-
-grafana:
-  admin:
-    existingSecret: grafana-admin-secret
-    userKey: username
-    passwordKey: password
+kube-state-metrics:
+  enabled: true
+prometheus-node-exporter:
+  enabled: true
+prometheus-operator-crds:
+  enabled: true
+alloy: {}
+alloy-logs: {}