Compare commits

...

2 Commits

7 changed files with 106 additions and 64 deletions

View File

@ -1,28 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: grafana-admin-secret
namespace: monitoring
stringData:
username: ENC[AES256_GCM,data:RkIDsoo=,iv:zhtzS1LDaV9z1/q5tqZUZekj5Klu1THqCc36Weuvkxs=,tag:8g5ni2U5HnkC1mNYI6hBXw==,type:str]
password: ENC[AES256_GCM,data:fGHm8MiItddLLzKo53JJfQ==,iv:VyABi3WbNNh9k43GyR4P+3LO+ByqtTAvPU+i1tT2Ds4=,tag:N/n4rI4CM2C+UFI2nfrayw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y1FDS3Z4N085RkVtS3ZO
RXhmRG5GZTdEbmFuYzJOUE1BQzZUTWhtcVJVCmJkZGZOYm1POVF3T1lHbUxjSkg2
OG1yellJR1ZWazZhbjVLaVBxdzBEMGcKLS0tIGFlZEtNamk3TThMQktJWjl2bWVZ
dzh3RmhjVUlvZWVKU1d4UlN5a0pIOVkK9oq3mDBQXTvFiSD0RBmpYq/D2IMItuCF
Q8ej7e1tqItjeZMz1V/LEm4jGoBuqSaeOVSNz5OqvGT0TmqZ5ehQNw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-03T20:00:26Z"
mac: ENC[AES256_GCM,data:wEu8fF3j5EUBC1vFzoXuhZxglNtWAYKAfhkywf9Zaz54xTrrNdR5Ambzeykz8y4bQi6rI0eki2PGXJzdOFQi3rJjCrGl+9C11le3hhC0J++j9/wwYViHL/fb7c4dLALa9g/qcM4I688tmUBoH+3Q7LlxLLAkLbB/m98i0YAqCJI=,iv:5r75pUqEIYx8ROVIzW4lGUz6OqtL2iZJsOES8M3YBCo=,tag:w7W76vIABxBAvhzalwYe8A==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View File

@ -1,14 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: grafana-ingress
namespace: monitoring
spec:
entryPoints:
- websecure
routes:
- match: Host(`monitoring.namesny.com`)
kind: Rule
services:
- name: kube-prometheus-stack-grafana
port: 80

View File

@ -5,16 +5,14 @@ generatorOptions:
namespace: monitoring
resources:
- namespace.yaml
- grafana-ingress.yaml
generators:
- ./secret-generator.yaml
helmCharts:
- name: kube-prometheus-stack
releaseName: kube-prometheus-stack
version: 58.2.2
repo: https://prometheus-community.github.io/helm-charts
- name: k8s-monitoring
releaseName: grafana-k8s-monitoring
version: 1.0.3
repo: https://grafana.github.io/helm-charts
namespace: monitoring
valuesFile: values.yaml

View File

@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
metadata:
name: loki-secret
namespace: monitoring
stringData:
host: ENC[AES256_GCM,data:rVMcsxS2yzOC+SeqPlVOVLlg/FviDoT79Z00NTi9nKHu,iv:vKZvn0b9lLMWsBbAvBIfAf/fkQ1KSIkXMJi4hTr+tHY=,tag:PIAZm1O/QbH6Ad3yMRmEvQ==,type:str]
username: ENC[AES256_GCM,data:HViufT0S,iv:g4LldPUsiALA6KUXn6xg1dxO1PaEx7PqKbpaTFbtcoQ=,tag:Asad1eWQKJOFCulm3xJBYg==,type:str]
password: ENC[AES256_GCM,data:KzafvYQ9hLeZcwTAJpE9z0ZDpGQL0lVMk7tSRKp6yQFZBl+u0V4u4leBtUDPm80605dP0BidHKL9MQ5c+2iayxjoBoBDDH6YDLjytN+2TnTU8fabY1wRYiAInOPxitcdoPLVzcw1/1DH9qiPJu7pdMWoz/JdM2PbHILW4G0uY/T9HERAwA28FX0R5sfQnfRPfaxSoea4HAMB2IG3lXn5wvwwsc2JZ+1KkInZ3XYg/vv0KwLD,iv:aWrgu6B2O9Is7tYqnSgTlz1fhYQEB5TIS4xl9PKoFwc=,tag:KLYaUsF6fDxHzXJdjnwHwQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcGE2VTZPcmpPQVNLbW5s
U3ZNaVZnMkRhOCtpYk1KdUpSalArRXI3VTFrClJORVVDRXBCM01lQVlnbjQ1RVhT
aFJEdk5oOHBVK1VJWTFwRXI5YXZmeUUKLS0tIEcwWmp5aHRDMHVrNFg0bnhVV2FI
UGpPaU54QjM4Y0pIQ0I3elVXakl0Uk0KXqd8LjaLjwzcgzi0WBAHBJLjNaP8yqKB
zQsrvGJvSIo3TdEVaRGvM9F/4nsLmQC6mYfENwtlyV4IWn0w8psMyw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-27T14:02:57Z"
mac: ENC[AES256_GCM,data:kkWKaG6+dobfZjr7xlKyJs5FOOSP8UXRci2wOhVKoa9BnWONdeKHIP8L4+xFvxXGs69EAUK0242ZM+cpPge8XtTFCbq9z+23OcFZej0nlO9yQxEOwTEE/zmOqnh8s3j3hmOUlyQPzgnLubbwiMEdhtHky/YdffziM8K1b+u4EPc=,iv:JpD6gj9vRp8Iap1+wH6zaewDUAubRJlUaicupoeVQkc=,tag:S+IG9K+wgkazgLi7tUIbSw==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View File

@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
metadata:
name: prometheus-secret
namespace: monitoring
stringData:
host: ENC[AES256_GCM,data:2GDOS1737kJ2xTjloQolicFSyalglzI3qlUl2mZo1rIvYLwrHipetqjEkYHQSiA096jvtsU=,iv:bUfdSzfnEqXwv4eozpepwabPiSH792aW0GOtTChORKw=,tag:j8pPRVIvqLkjUBcMUV4poQ==,type:str]
username: ENC[AES256_GCM,data:0ZQu0t4iJw==,iv:stS/U68x0ZglXPAa3eICmzlEtCEd1nnO2B+hwPzOvHE=,tag:vWVe2D8cpL4BKn9odjP+ZQ==,type:str]
password: ENC[AES256_GCM,data:VuugS5hwdaFE81ig8INkvLzO0M/81cvSenMuEUeOgcDL9b1H58YT65WFu/ouO1cCd3hF6SWChcLmfw2Z9wCTqhDnUiQ/JnLOriBqDeQFBK9qY5rPnHX/efvXRcNfwNUoQqlPAjUfubyjduPmHxtYHw62Ov0KSo3sG9ExWdNWEVkTUgXp662Al6E24njxMTSFssy4zY75Cwz0a9Uw9ILPnLnRwe1XIPdXL9PhAzUEVuRWycqC,iv:BO9HdE+Ql1TQ1j+0MF0NdiW5DVTbShLEduEFbMMIR8U=,tag:GA/u1MBBJaaWFF93N0i37A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdFhzSDEwdjZDVTRxN3Yx
OExHd3BYekx4TllPVi96c2JHamdQTlpaUHdrCi90dXBjaFBTSTA4c0JsbWt2WTBm
anB5NXkxeS9IbU9TT3dseGRjME1PeEUKLS0tIGhLUi9GQUNvczhId2k5RExNQ2lk
S3ZLUVNvd1BKWjZhRXVrR2NJV3FrMDAKxvoeNeR+mYBCEd4JtU+L52M0Lhj1W07H
UbD0+Bi8KTJWGWPVPm4prPA2jqk7zKhZ7BeSkZtwp1QQ+tVJF52fAA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-27T14:03:01Z"
mac: ENC[AES256_GCM,data:i02frS7UI//prqlbCnFF9D+mpcUnshgZ7YCeJwk5/SCZh9QJEDDAgANpz5V8rnp4v3NQlQt1mT6JWvi/N6MgfeePvwvNT85Hewo1iH2wPbyB4IMA2n4qJ8oK5lAYy/7WR/Cvi9LD/4FedTQ0xvNsj/GECwbI8YMmvUz3EUo3W3Y=,iv:ywp0ojCYd1rahm8Ltk821bLcofynCjv5mEv6QR9RDTs=,tag:UxKEpd09IB1H8GlZbXqhPw==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View File

@ -7,4 +7,5 @@ metadata:
exec:
path: ksops
files:
- ./grafana-admin-secret.enc.yaml
- ./loki-secret.enc.yaml
- ./prometheus-secret.enc.yaml

View File

@ -1,17 +1,44 @@
defaultRules:
rules:
etcd: false
kubeControllerManager: true
kubeEtcd:
cluster:
name: auberon
externalServices:
prometheus:
secret:
create: false
name: prometheus-secret
namespace: monitoring
loki:
secret:
create: false
name: loki-secret
namespace: monitoring
metrics:
enabled: true
cost:
enabled: false
node-exporter:
enabled: true
logs:
enabled: true
pod_logs:
enabled: true
cluster_events:
enabled: true
traces:
enabled: false
kubeControllerManager:
receivers:
grpc:
enabled: false
http:
enabled: false
zipkin:
enabled: false
opencost:
enabled: false
kubeScheduler:
enabled: false
grafana:
admin:
existingSecret: grafana-admin-secret
userKey: username
passwordKey: password
kube-state-metrics:
enabled: true
prometheus-node-exporter:
enabled: true
prometheus-operator-crds:
enabled: true
alloy: {}
alloy-logs: {}