From 422fa5b27620c09e7b6bc0cb8a73b193d96e378d Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Wed, 8 May 2024 11:13:32 +0200
Subject: [PATCH] feat(prometheus): migrate from infra repo

---
 kube-prometheus/.gitattributes                |   1 +
 kube-prometheus/config/values.prometheus.yaml | 128 ++++++++++++++++++
 kube-prometheus/kustomization.yaml            |  18 +++
 kube-prometheus/resources/secret.auth.yaml    | Bin 0 -> 549 bytes
 kube-prometheus/resources/secret.db.yaml      |   9 ++
 .../resources/secret.grafana-admin.yaml       |  10 ++
 6 files changed, 166 insertions(+)
 create mode 100644 kube-prometheus/.gitattributes
 create mode 100644 kube-prometheus/config/values.prometheus.yaml
 create mode 100644 kube-prometheus/kustomization.yaml
 create mode 100644 kube-prometheus/resources/secret.auth.yaml
 create mode 100644 kube-prometheus/resources/secret.db.yaml
 create mode 100644 kube-prometheus/resources/secret.grafana-admin.yaml

diff --git a/kube-prometheus/.gitattributes b/kube-prometheus/.gitattributes
new file mode 100644
index 0000000..0016a56
--- /dev/null
+++ b/kube-prometheus/.gitattributes
@@ -0,0 +1 @@
+secret.*.yaml filter=age diff=age merge=age -text
diff --git a/kube-prometheus/config/values.prometheus.yaml b/kube-prometheus/config/values.prometheus.yaml
new file mode 100644
index 0000000..e1cf9ac
--- /dev/null
+++ b/kube-prometheus/config/values.prometheus.yaml
@@ -0,0 +1,128 @@
+commonLabels:
+  prometheus: default
+
+admin:
+  existingSecret: grafana-admin-credentials
+  userKey: user
+  passwordKey: password
+
+defaultRules:
+  rules:
+    etcd: false
+
+prometheus:
+  prometheusSpec:
+    retention: 7d
+    serviceMonitorNamespaceSelector:
+      matchLabels:
+        prometheus: default
+    serviceMonitorSelector:
+      matchLabels:
+        prometheus: default
+    ruleSelector:
+      matchLabels:
+        prometheus: default
+    ruleNamespaceSelector:
+      matchLabels:
+        prometheus: default
+    podMonitorSelector:
+      matchLabels:
+        prometheus: default
+    podMonitorNamespaceSelector:
+      matchLabels:
+        prometheus: default
+    resources:
+      requests:
+        memory: 3Gi
+        cpu: 500m
+      limits:
+        memory: 4Gi
+        cpu:  800m
+    storageSpec:
+      volumeClaimTemplate:
+        spec:
+          storageClassName: hcloud-volumes
+          resources:
+            requests:
+              storage: 15Gi
+
+alertmanager:
+  enabled: false
+
+kubeEtcd:
+  enabled: false
+
+kubeControllerManager:
+  enabled: true
+  endpoints: ['172.23.2.10']
+  service:
+    enabled: true
+    port: 10257
+    targetPort: 10257
+  serviceMonitor:
+    enabled: true
+    https: true
+
+kubeScheduler:
+  enabled: false
+  endpoints: ['172.23.2.10']
+  service:
+    enabled: true
+    port: 10259
+    targetPort: 10259
+  serviceMonitor:
+    enabled: true
+    https: true
+
+kubeProxy:
+  enabled: false
+  endpoints: ['172.23.2.10']
+  service:
+    enabled: true
+    port: 10249
+    targetPort: 10249
+
+grafana:
+  ingress:
+    enabled: false
+  envFromSecrets:
+    - name: grafana-auth
+    - name: grafana-db
+  grafana.ini:
+    server:
+      domain: grafana.icb4dc0.de
+      root_url: "https://%(domain)s"
+    database:
+      type: postgres
+      host: default-cluster-primary.postgres.svc:5432
+      name: grafana
+      user: "${GF_DB_USER}"
+      password: "${GF_DB_PASSWORD}"
+      ssl_mode: require
+    auth:
+      disable_login_form: true
+    auth.generic_oauth:
+        name: Forgejo
+        icon: signin
+        enabled: "true"
+        client_id: "${GF_OAUTH_CLIENT_ID}"
+        client_secret: "${GF_OAUTH_CLIENT_SECRET}"
+        empty_scopes: true
+        auth_url: https://code.icb4dc0.de/login/oauth/authorize
+        token_url: https://code.icb4dc0.de/login/oauth/access_token
+        api_url: https://code.icb4dc0.de/login/oauth/userinfo
+  persistence:
+    enabled: false
+    storageClassName: hcloud-volumes
+
+prometheus-node-exporter:
+  prometheus:
+    monitor:
+      additionalLabels:
+        prometheus: default
+
+kube-state-metrics:
+  prometheus:
+    monitor:
+      additionalLabels:
+        prometheus: default
\ No newline at end of file
diff --git a/kube-prometheus/kustomization.yaml b/kube-prometheus/kustomization.yaml
new file mode 100644
index 0000000..510980f
--- /dev/null
+++ b/kube-prometheus/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: observability-system
+
+resources:
+  - resources/secret.grafana-admin.yaml
+  - resources/secret.auth.yaml
+  - resources/secret.db.yaml
+
+helmCharts:
+  - name: kube-prometheus-stack
+    repo: https://prometheus-community.github.io/helm-charts
+    includeCRDs: true
+    namespace: observability-system
+    releaseName: prometheus
+    version: "58.4.0"
+    valuesFile: config/values.prometheus.yaml
\ No newline at end of file
diff --git a/kube-prometheus/resources/secret.auth.yaml b/kube-prometheus/resources/secret.auth.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1dc6c50125d0506f9a37aa99eb0879bf2fe07b54
GIT binary patch
literal 549
zcmV+=0^0pyXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zV;a(GNyN;o+)P&HOC
zY*9@^S894vHBNC^a6xWxF?DM-LpDuTdN)EbZB+_LGgfw3dRak8b!c^TFk~w;WO!zE
zPE<-ZZ*+G`V^w8DcX)0qVPa%3ctr{=J|I{!H8n9gATw%hH!)H&Y;JK>S$8ivHZXHl
zYiws>I74Yrb~AHnZ*fssS!ZQJLo_i#3RX)nQ)NhaF>*{yZA3U!F+odDN@8wLa#&|>
zFj+8JYD8{RcWP={LUCqm3N0-yAXIR5QDsMCSZQ}@QbAToa%xmcaCuWOM@d#tV@_yG
zFl|~yb97B_D`7=v3YR|s&n>1y5jneVTC>sN?+ElV_0p0feF+d{uO$%x<vzci;b*Di
z6k$<z!Hsu2hLip0Xmyp;0Fm#v49nkVf(%NnYfoxgG-`2IVsvUeFyP2s*vVS0L7tf6
zIwk7mY6I*tF>79f<ZFQ`T4%s|%3Cwq>gSAI)L)OzG$-awTwVo90dJq?Be2V5;NvwT
zmUawEKGB9Kw03oHTb-mitQwszf1-h%z#7ZLdipn_4<6K6k%@o8Bqt}1N)%B8{IfKu
zNd<vZ6F&AWNNkBa47><q!Ja0)xCY2^@j35=8A>*ydzJZF0ig6|8M<D6!Rd=N_(#so
nqVcnq8nI!hTNd<#-t#eJ0y)cC+pT?v#~9~{1xv(wzolk8y;I(f

literal 0
HcmV?d00001

diff --git a/kube-prometheus/resources/secret.db.yaml b/kube-prometheus/resources/secret.db.yaml
new file mode 100644
index 0000000..0fba219
--- /dev/null
+++ b/kube-prometheus/resources/secret.db.yaml
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 rn+hSd2Wfsx4K1247+sw7zQ4xEyqos0TZlaChsb6Lw0
+7Z4MYesYB/tCeXfxX9TEM7RboK1WLuw0DblrZ0OyTOQ
+-> X25519 7emTMGrRAFGJABeK+SRKIt8otQjpRclQjkKl713izDQ
+2sydwj4FJugdisAD5YMdEHyOgbqYZamWA2mltUMnQ7E
+--- kSZgDff/Yk27eTxSW0dFXwZbgPUEEorPFp6MLltW3LY
+ù²†xbr˜hO<ÕøùüˆkS‚–—5*W/àóÖ[ùÒ)¦œ¼sC°	}ËßÚ·„çðFiS!ä4HŸŒ³¡›0öAÔ†ý}p¢q¬y8Ÿqèu—ÜXXó·#%tµ÷zÙ·/Bü\qpòî0ŸHxY¦¹„ùÊµœàÚ++û‘Ùó=.²üB¦Šè|
+[*»RºDŽuÃ¬$PöÇËVÂ!Ÿå-Xn³ô»	‘w_
+SOª
\ No newline at end of file
diff --git a/kube-prometheus/resources/secret.grafana-admin.yaml b/kube-prometheus/resources/secret.grafana-admin.yaml
new file mode 100644
index 0000000..728cd7f
--- /dev/null
+++ b/kube-prometheus/resources/secret.grafana-admin.yaml
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 TB5CkVKWXtgIjRx2SogIoW8tlrujheK7Awz1p4uQEgw
+Kshy+UCwlvJy5MCHWaQKMDYtVkCg4IcbD4IrDCufogo
+-> X25519 Vw++EMzh3zlyw4CuUHMxIeqWYll8zSelk8JSeMZulww
+a8pkLwi07VXY78pa5P5xtJ6b+CK6rGRl4Uk9scpOktw
+--- 9lY1JXzQk9DlqfWGi12HVDvdGEp7KVyoSeY4k5AZBtE
+u¹Ì>ð:SxæsëPT@ØEÀMŠ¯S^uýfümÊÖµZ%™C.·¬­	R3‡j¤Í~º³câq[ùüúT}‡gîÿâgÎô•­.~™7í¯IŠªû†gkŽÞº0ÒÿÖkNp­’ª÷fADH~ŸE•+óö¤ö=´®¦zXc•ó¾ˆc|Æ
+Ùf€ B¶JñW
+Lœ{¶DÆ)¼™Ö~
+³àœ/DÕ›ó®X¼Ì¢MA
\ No newline at end of file