loki: image: tag: 2.3.0 enabled: true promtail: enabled: true fluent-bit: enabled: true grafana: enabled: true image: tag: 8.1.2 admin: existingSecret: "loki-stack-grafana" ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer kubernetes.io/ingress.class: nginx hosts: - grafana.dc tls: - secretName: grafana-tls hosts: - grafana.dc sidecar: datasources: enabled: true dashboards: enabled: true label: grafana_dashboard persistence: enabled: true plugins: - grafana-piechart-panel dashboards: default: traefik: gnetId: 11462 revision: 1 # For OAUTH Secret Token envFromSecret: grafana-env grafana.ini: paths: data: /var/lib/grafana/data logs: /var/log/grafana plugins: /var/lib/grafana/plugins provisioning: /etc/grafana/provisioning analytics: check_for_updates: false log: mode: console grafana_net: url: https://grafana.net server: root_url: https://grafana.dc auth.generic_oauth: name: Authentik enabled: true allow_sign_up: true client_id: 779461ddc18a79dba69cf2eef895a20d59b21d59 #client_secret: IN ENV scopes: "openid profile email" #email_attribute_name: email:primary role_attribute_path: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" auth_url: https://auth.dc/application/o/authorize/ token_url: https://auth.dc/application/o/token/ api_url: https://auth.dc/application/o/userinfo/ # meh.. but for now... tls_skip_verify_insecure: true prometheus: enabled: false image: tag: v2.26.0 extraScrapeConfigs: | - job_name: 'openwrt' scrape_interval: 10s static_configs: - targets: ['192.168.1.1:9100'] - job_name: 'borg' scrape_interval: 10s static_configs: - targets: ['192.168.1.111:9942'] podSecurityPolicy: enabled: true server: extraArgs: #storage.local.retention: 720h nodeexporter: # image: # repository: quay.io/prometheus/node-exporter # tag: v1.1.2 extraHostPathMounts: - name: textfile-dir mountPath: /srv/txt_collector hostPath: /var/lib/node-exporter readOnly: true mountPropagation: HostToContainer securityContext: fsGroup: 65534 runAsGroup: 65534 runAsNonRoot: false runAsUser: 0