diff --git a/projects/grafana/project.yml b/projects/grafana/project.yml index 4fcfab55..c0afc771 100644 --- a/projects/grafana/project.yml +++ b/projects/grafana/project.yml @@ -6,3 +6,8 @@ apps: repoURL: https://prometheus-community.github.io/helm-charts chart: kube-prometheus-stack targetRevision: 34.7.1 + secrets: + - name: grafana + keys: + - admin-password + - admin-user diff --git a/projects/grafana/values/kube-prometheus-stack.yaml b/projects/grafana/values/kube-prometheus-stack.yaml index a4825dd4..c0fb8043 100644 --- a/projects/grafana/values/kube-prometheus-stack.yaml +++ b/projects/grafana/values/kube-prometheus-stack.yaml @@ -218,37 +218,39 @@ alertmanager: # {{ end }} ingress: - enabled: false + enabled: true # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: ingress-internal-traefik - annotations: {} + annotations: + cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' labels: {} ## Hosts must be provided if Ingress is enabled. ## - hosts: [] - # - alertmanager.domain.com + hosts: + - alertmanager.dc ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix ## - paths: [] - # - / + paths: + - / ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific + pathType: ImplementationSpecific ## TLS configuration for Alertmanager Ingress ## Secret must be manually created in the namespace ## - tls: [] - # - secretName: alertmanager-general-tls - # hosts: - # - alertmanager.example.com + tls: + - secretName: alertmanager-general-tls + hosts: + - alertmanager.dc ## Configuration for Alertmanager secret ## @@ -650,6 +652,10 @@ grafana: enabled: true namespaceOverride: "grafana" + image: + repository: grafana/grafana + tag: 8.4.5 + ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled ## forceDeployDatasources: false @@ -667,7 +673,7 @@ grafana: ## defaultDashboardsTimezone: utc - #adminPassword: prom-operator + adminPassword: prom-operator rbac: ## If true, Grafana PSPs will be created @@ -715,6 +721,9 @@ grafana: hosts: - grafana.dc + admin: + existingSecret: "grafana" + sidecar: dashboards: enabled: true @@ -1755,13 +1764,31 @@ prometheusOperator: ## Deploy a Prometheus instance ## prometheus: - enabled: true + image: + repository: quay.io/prometheus/prometheus + tag: v2.34.0 + + strategy: + type: Recreate + + sidecarContainers: + smartctl: + name: smartctl-exporter + image: matusnovak/prometheus-smartctl:latest + securityContext: + runAsNonRoot: false + privileged: true + ports: + - name: metrics + containerPort: 9902 + ## Annotations for Prometheus ## annotations: {} + ## Service account for Prometheuses to use. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @@ -2477,7 +2504,66 @@ prometheus: ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes ## - additionalScrapeConfigs: [] + additionalScrapeConfigs: + # This scrapes all services/pods with prometheus.io/scrape annotation: + - job_name: 'smartctl' + scrape_interval: 60s + static_configs: + - targets: ['127.0.0.1:9902'] + - job_name: 'openwrt' + scrape_interval: 30s + static_configs: + - targets: ['192.168.1.1:9100'] + - job_name: 'kubernetes-services' + kubernetes_sd_configs: + - role: service + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_service_name + + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + # - job_name: kube-etcd # kubernetes_sd_configs: # - role: node