Skip to content

Commit

Permalink
Prod certs
Browse files Browse the repository at this point in the history
  • Loading branch information
@odininon
odininon committed Dec 13, 2023
1 parent fa2d92f commit 5a20255
Show file tree
Hide file tree
Showing 21 changed files with 490 additions and 77 deletions.
16 changes: 8 additions & 8 deletions ansible/inventory/host_vars/k3s-new-01.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ansible_become_pass: ENC[AES256_GCM,data:Oclc85l9rKkbu3y06kI=,iv:289D9q1jDtnRctO8gwQ8VAHRMjdtpoR+MoyJbVkLf78=,tag:UvHcBnxuGyKkCWaZzx9G2g==,type:str]
ansible_become_pass: ENC[AES256_GCM,data:bDfijHxoPuqDfevSKic=,iv:5W2wn5AhdJf3rl2BZkWAQUznWY0Omr3UrEif7hCTldU=,tag:9r4bUTPSe/bV/NK4sx0z6w==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -8,14 +8,14 @@ sops:
- recipient: age1xet7mguda7d2gt4f6re7nsv4cdr7tmqeh4lvfyhxeg66sjtghv2q9xd44n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSGl6aUF6VVE2UnJjNHBS
YVdMWStWcGl0czc3N0loR0tVdWhiMmNzMEhJCmhoaGcxYWZkOThKTkM2TndoUGlY
eHZUSDR1MmlvZ1FTTjZqTmRId0plWTAKLS0tIDB5U2NnTmdLekJYT0kzTFphWHV2
SWd0NisrbWhxc1VNOTNjWXo5WTkxczQK3eX3ap5GL4ZD/+k7beSemRuqR+Bdtfjc
OeFjQ1gWTrECRhZmT84OtXlAJ14I45rW0TP5hiZxct7hKCWU7DE4Vw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaTkzWHozWnFlYjRTNjVB
L1Y1MjZtbTliMUhIQjdFR2JxdmFjR1FTUHpJClUyQ01xcEFpUldGc0N0N1BNamht
YmVZNmhqb1FETjFKWU9Vd3BaV2NoL1kKLS0tIERncDBoVFpJcVFLK0lGMXFyRWRJ
Y3NaQWlOSk9mRVBrTkFqa2ttM2k2Qm8KlayoZ1XZHaiqgvHDU9yCzM9h7snQ5dMh
PNCGXOB/uV7rLtkHIU6w74L5DcrBYzMDLhOGBVi8kMTyEsjliATc6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-13T14:41:10Z"
mac: ENC[AES256_GCM,data:SBmXenTFBYq6uz0fnHW/uaB7PDdr/zktu184sK9eTkRKQjsI8hH5G0a6gDA8y/3mNbT8MsoSOoj/aEeZhphRCxhrev7TtgufIZyx9QuOteog5DWYsTi+8cDWHpXKKplOhrlglXtb51+x3c5XZ5jOPlVXPdFo1GQwREqvtYScx/s=,iv:CZ0E7EiR3I7RAQbB+VJuAsnEvpPYfBWON4nc+396AOg=,tag:T7Ix4iLqxNEzXNd2HDdSWw==,type:str]
lastmodified: "2023-12-13T15:21:41Z"
mac: ENC[AES256_GCM,data:qhV+IQ7FV7+qkozTYqR2g/mkpG4Yg1NYtwnFuJ6CnRx8ThkAhZRcliM9K66ZqRjrttXmb1EIt4cObouAOLlFprZsdbTEDhxZsLN4tC63hrOHH/Y/mYLGnz8XEQNc6mbFGdoxo6SeUJnVLWOr3iszlxOkQtqpTMFhuxOVuwOeH1o=,iv:EmV3TYkqtR4drvxGvLw0kHdxRGGnIoTt/wDD+n+rVtM=,tag:T7lCL/YrEwVwSwtDAeeEPw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
16 changes: 8 additions & 8 deletions ansible/inventory/host_vars/k3s-new-02.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ansible_become_pass: ENC[AES256_GCM,data:bAN8kwOH9nwNPjlMB/I=,iv:y7JVMtCl7NZI04QBDLgAaTPHxmYhQym/LHmg4CsDypQ=,tag:i63Yq0E0oo0Lr6FGFEBgvg==,type:str]
ansible_become_pass: ENC[AES256_GCM,data:rmg0WScw5HpN8l9sxwI=,iv:rOgArITdwrnQklBpE+m/yWVp7hINQzAZ3K8UsZTeDsM=,tag:iNXVtcLxRCwDq+yNkIUJTA==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -8,14 +8,14 @@ sops:
- recipient: age1xet7mguda7d2gt4f6re7nsv4cdr7tmqeh4lvfyhxeg66sjtghv2q9xd44n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYncvNmR3ZndKU2pKWm5p
SE9WUkdtMUhlVGdxUEhTVkZRbTkvOHE3czBjCnZITVRyU284bzJydWlnbCtyMGRZ
aGRYTU53eWFRT1JqeTUwWS9HQUNKN1kKLS0tIGpHWUdrb0FvUk0rb2ZNMFFwUTlr
L3ZacnBxSTNuQjlvTmhOTFd0RGJZNjQKCldQVQoP534L+ugkt9NWE1Qm8jjKFz+4
xyWZRr74n1Gi6GK8LNG2mF7r8/EUTricVJANqR6xcDAmpUOZWqwAeg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZzcrcW9qekExWUlmQVoz
SDVXUHlySnFaVnozMGx1MDdTejVOM0JWOWo0CnhQUTdmd2FYb21uUTkxd01RZW1o
a1dSYWxWdW95RjIxbDVTTFU2R1I0UG8KLS0tIEdkT09nS2JHdlZocTQwZkdrMy9n
WnpaVlJqbElIRUFWYUowMVBBRHBubTgKXo4vyRcfWk7ABsWRAwPwRE5DlF8JBTnM
RC35/cr0T6kewr8ASkhcq2BIhLC6XSRiykWGh5PoatCChKhgTiyndw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-13T14:41:10Z"
mac: ENC[AES256_GCM,data:s6bFJrE2eCzICmg0ZW2TjhcJ6obdYK0Fne5yOhJP+DoPPw5EcxBDB+yrVTGFIYdTsIKHCz/W8Ggy3o21wYGwciPCIT75rPnKNduVBA8OuvXzwrrw+k/AQSX9cWXi7b+89bB4FAFNqNor/9TQazh30Y6ElQFswDurmgMWTpLiu9E=,iv:tPrAXJ2zeKsUUpvkjU8kZ8bs4lJZkS4LWSysi+rnkqw=,tag:kqUhwHquTuL0GHabmXeJ1g==,type:str]
lastmodified: "2023-12-13T15:21:41Z"
mac: ENC[AES256_GCM,data:3k2LYVS9yajd03Z0qIxvtQR+I0qN3nzTJ3X4QsXG6I8cmGh18e4vs8HuyqvNadt5EMv/oxArrxFfkLjF7Q7PnDSg5SEismTC4dj4iNSXPLN0zhGe0bk38glU49FiiH98XqO0Xpl72PkWKlyiiFkErVM2QUC+h4J11hdOWfnNo+I=,iv:LFO4b1yjRqCh1xVHR0rNilOYELoEPAURkqwHOCm/3eU=,tag:l9Lyp5knTCmW6o1/BbB1/g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
16 changes: 8 additions & 8 deletions kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ kind: Secret
metadata:
name: cert-manager-secret
stringData:
api-token: ENC[AES256_GCM,data:ilQj4JcZuEaVjXK52quZ0Js2K/mDmeR/DYGNxHJJvzRXXK/XM+CszQ==,iv:t5B3kltnjxJWTKYWwlmZ5jLJAiwf84lJOBBd3Yph2lg=,tag:LpMksSWo7KUCZqiFHjDnFg==,type:str]
api-token: ENC[AES256_GCM,data:vdww5GO1zDKlcID95Sxv3jzdPpFgiIqE9FFvhlT076a8ZZR706/ypg==,iv:IU7DOUxmv1HLk6l3uMRhNFIQFROX0Dyfiqx9lv97OCg=,tag:8s74q4aOlXdMqPuaJ6TD1g==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -13,14 +13,14 @@ sops:
- recipient: age1xet7mguda7d2gt4f6re7nsv4cdr7tmqeh4lvfyhxeg66sjtghv2q9xd44n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWlNhaVZuWGZmcVpFU1Vh
VXpDZzRiYXZXUmlWT3cwOFJaWmJYT1BLVzFJCkR1ZnpkTGlLWVE4cWlhVDQ1WTQx
Z040TVIrQTk4Rk9zcDkxcWRIR3NMTjAKLS0tIDg0WHZyM0NpNzZLRTAyTkhWK2Rh
UDZZK3hvMWlXMWx6aW41NVAxbkdKYXcKODZ+81G3dF60ZV/+RY07HcuuogtG+5qV
jqrJCYpOC/6DJD4VUW3xANxngrzOLvDonZQpV/pSmKwgNswv8DtQXQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBueEZYMUZBOE9qdVdHc2R2
aWNMMDI1L0NOQ1JHREZXQjJVb2t2VTR0RUFNCjgzaG9zOW91WWtQRkQ5WFVxWTVP
MzZuQXF6cnJGbWlvekpRbFhzakM4bU0KLS0tIGRUbVdsNXY2T2NROGI5bFhueksz
U1VjN2FCWURvelhRQ0ZINHB1bFIySEEKdv+TDZIrPpIEcJDT9GlW3rmLU25HaYY6
9dZDc3BfaSICEV0raMLTVNILIPkQK/CWcFufcdfgfpODHYDrCKFznw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-13T14:41:49Z"
mac: ENC[AES256_GCM,data:dG1DeU/v3lUyW1izqpZOPsOQTGMWZ7I3ESg4El4w/iE2tOU4fPbbuPYBpU4LTwKPpQViGNQYxiGfWG2UzU1Jeq10Kz4IlWhdkjTdcITx+Pr5Lc2bRGa4Y4YM8I58qpecoEzSW8yG8PFebhcPycgIEDkIzVrMcN9/dlMgQlkvM28=,iv:rY8qd1JDvYbc1j5Ld/+/szAzGOMpqFU1RbVg2JbCtHY=,tag:WQ8WKXc9VnCVpmAC2y66sQ==,type:str]
lastmodified: "2023-12-13T15:22:19Z"
mac: ENC[AES256_GCM,data:fsclpYEXf1sWmmtedDl05na4C+1jB+/AzrFWak9wQcYeLZF7zZvtqseVfzPHJ3Ol0DD6uFbyBkgRd3ACue1xZHp3qeSwnuuoGWm5pEW0kePMrpbO9WGTbeBQttA18tZD+KGWv3mu4fMUfzhFOSUhLB5LLnmxKkwwBu/IpW2N5wY=,iv:yDjMa0l+MFEuz8MYhEWGvohKotwjoly2fBNq9yYjo9E=,tag:5L+AOs/MoaUX/ysJQbB7eg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
16 changes: 8 additions & 8 deletions kubernetes/apps/default/discord-template-notifier/app/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ kind: Secret
metadata:
name: discord-template-notifier-secret
stringData:
config.toml: ENC[AES256_GCM,data:4FGSWxFMf8Aucnt7GpX3YO0KbDo7zwO2BZFOqWWN/Y5teYUx+H3UfWHBhJ/GgBMsgABqZufkirmeMdExstj0dxJoheLnP5xabMDEoThs6/rD+SfCN04D+N7CQOeNXZKOfak6aOE7pJLnipxLZshVogMptChQxk/9K/Js4PDa7DIRDQBpVGmba3RPLsPghHtxX/AqOt06EdeqYQYWGgCaxZPED0tR9RNQD5vpMTwZQzj3G9tRxfX4YwQDewwb3Gy+OG5Ggb8GVbQ2VRE4V3i+2sZmWH906oGQTmhjmkjbx7qiCEmnwExgppPpkxnC1y66i8GKv9IxUkYCT0BnAJQp/3XySES7nN3ULRVRb7wgxdjhA4gOx/0hUGHkGGVCZhrupA==,iv:I6pxoZzMrZZmK4nTxUs1q7JWBrhuIuQzrfbaozp94hM=,tag:0ONoNhJMP65y/bYVOgEIjw==,type:str]
config.toml: ENC[AES256_GCM,data:8wFD4D5olewTGMl8s/r/XfZD7/6etsyyNxe89c7OdPt3RIspt3aFG33L1LtClBGRDykSfO2kdEeDO4QQFmYcmAKsd90Z9s8HpiH7c4PDCMFuphJyQNLFe+vYmiqlEGL6tbwwustfx9Eo2cwAlBaVnr5ZrBcJJkWLdgUwFxaZEASnBS4ocCzmpdsh8KOQOBB0MKWQ2TNU95rQvwid+w0HL54BKynfK8KPQoR9yFOhVEK63z1bPU9ADtUXisiyqYppm5T9b+ko33z/xvWWgWrBZoc66gTe38AyFO2LmZoxBZR6p20bz7NMKqbrCgzMK7KlLrfYmLduqjeNY+Spz3MjD7kBbI1iGvLp+RLPnzumsdg0K0B+kjDGyPpw5JLBmI9thg==,iv:s+YRr02bQWZSXyEmQeRtJG1EzbI/VhQ4NEkPnr4ELiI=,tag:lGwttsu0B2w6WTUBtwfr0A==,type:str]
type: Opaque
sops:
kms: []
Expand All @@ -14,14 +14,14 @@ sops:
- recipient: age1xet7mguda7d2gt4f6re7nsv4cdr7tmqeh4lvfyhxeg66sjtghv2q9xd44n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYaVBVV0FiYmpGSUMzMWNF
RjVaRzRpb3h4RDNnamtaeFlYZWJqdjlIaVRJCjNQa1h0NisvZHoyMDFTd3RCaU4y
b0hCT2VwTExXNS8veVJ1cXdIb2lya1kKLS0tIDV1a2FudHh6Y1l2UkhLL1JBSVJx
YlRiY0xGSTA1M3dRYk1seHVJdS9JOE0KuLlvNKTEOc298eFQPdxRnTkPAevLso5u
Htp2hfakFQz+b+JZh9vmjZoJsf8R7pR+t9FTaOPK/Bs7ttkTgRG4NA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UWF3THRrTzV6NUdDZFMz
T1J6U1RSTFRVSVo5UHQ4MjNkVkVLZzI3UVVjCkFzV2x5NmlCOHdvRjVXdXJGdmdr
UHg4TXJLM29OUm1lajBYZWtpR05tNTgKLS0tIHlVMVpZZVVLblJqYTdEbno4aUR2
by9BWnJiVkZ3NFpDMEtBRGpDUXB6UlEKhR4NQ+mRC7XdkLmi/XLTX9g/scjjcUiX
Ya9027mJEJhhZE6plbEaF/49TmxNLacmWd6i6qxd75ekagWUswiHhg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-13T14:41:53Z"
mac: ENC[AES256_GCM,data:snkeWkpD7Tek/vN0Z9BILOgAkLXWOy/aHUNzOtxGFo8AvbhIjYKCDUZOHTZ6qf46TLwI+82rxorlRq8JlEkrNsBkh2/JCqbBTB6oM6aPYpv3mJOUttiPguvA2mTaSX6IqDYocc018qqB8CEa42OAM74qWbPSB84prm/XIsiTZSg=,iv:YRe04SLXHhemxt+YJunUDZw84tES9fJCw+eoeBlBiLs=,tag:qdZ/nCQtbEbPMfgaiqAQEQ==,type:str]
lastmodified: "2023-12-13T15:22:25Z"
mac: ENC[AES256_GCM,data:ig4HIY0gXgN+xwV18qRgS4PlzIFH8UmpC34U91OwjRI7ZVTfWVnl/wM0KdyZDQsbmaaAzaUp54IAAEm5Fcg2/1ZHmhP+Jmjl/6LXpT4KmHXiEuG2rUlVq0XF8H9PJwiJqtGlclDMuT5DqCn6pedp3Wi7DvdgLgKNbl+FDgh3aTU=,iv:vlR1gzpFspITmu7MN27or3kj8tshDAciZp6LzwkZB+4=,tag:2ju5TWvVMUgHwI8ZJGnKJA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
16 changes: 8 additions & 8 deletions kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ kind: Secret
metadata:
name: github-webhook-token-secret
stringData:
token: ENC[AES256_GCM,data:TXqWB16iEL+CGG72A6HYygy0dnotchW0,iv:sEaxbOGMcxUJURm68ujd+gXES+q3YwcBMcyRuWTFhjU=,tag:hXzWxkXkX0kxaNixZf6cSA==,type:str]
token: ENC[AES256_GCM,data:+algh3L/T4nT7p07znWLF+dRv4iBj5cE,iv:KL9rJU5iwqm220imcuZi+3b9QMeA4y7nnOCN9VrsGhs=,tag:2HEDCL8kTmVM20FJskWVZQ==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -13,14 +13,14 @@ sops:
- recipient: age1xet7mguda7d2gt4f6re7nsv4cdr7tmqeh4lvfyhxeg66sjtghv2q9xd44n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUEI1MlREWS9LZXBTbktj
eFA3Z3JOS2xBaSs1T3IzQ3RtcnZwRDRESXlNCllrVXNoR2h1c1RwUFVJNjdiMXYx
MUJob2hQeVNJZ29LcHUrSDN6N25uS3MKLS0tIFEzbDMvSTg0b1hybEJsUlFZT1BW
akRtcFphRG94VlVJTGpqNEoxQzdFQ28KpfAr4X3AkX877Z0nhNSCPwZo7T8XReO7
t/DPddk706flgC8Pr48syi40pPAVzCakjxzLt7aesUwVxQs2Xx2lDw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbkMreEhDYnRlMkMvT1Zm
TDRUQWdzOWVSODVwZEcwRUlpa2NrMW5kZVQ4CmJJbDZZN0tzV2JqRTI1dno4bUhW
SDU4aXlZOG56V0p1UnJweVUrbGdiYTQKLS0tIFpRVmlCeHhiWW56cjc2amZJZ3ZQ
V1hYa0FzbllKdTU3NU1oT2Y1ZkZjTVkKsuTkTYHzA6agrv0zmCz7iafA9nyzEhRL
Bhk80tkAw3K9hx5u8lux+zh23dtaxNDc9BZWuD9HCtjm7nESxFHp9w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-13T14:41:48Z"
mac: ENC[AES256_GCM,data:Cf/lYT+mmOo0PbEJkb9ED8708L4I1XB5/e+QUWgTycL6Goh6PVQ7jLpLuAxVBC3cxVnqb4NKLv0tqmNy6gs1scvs7E5VCKj+iczpFOZYrzHoYRrCxfEoJwPQzVbyACvQo4DFf29F9p9MRRdd1PbIA2HYCMz15sjDSFzVFWt4bbg=,iv:1eK0Y3PUnJp168p9yv052Wv1vSg3zK89NSArrBfKqhc=,tag:Z0fMe08f9fY2e8T4tjpQ/A==,type:str]
lastmodified: "2023-12-13T15:22:18Z"
mac: ENC[AES256_GCM,data:EqwGpeSrJNH53eLF9LcyPRcchj7rFDAhpvDZWyOYCH/q4Lt+kc6Bomjd5X1ngtUDbkcR3KXn9204yt0xzohJe3dGqNIrvykGB3TQ95Y5jyiQ0alD3Zs0Upy+0TTa3YJH2I2EvtddoelgtVw0UPfYzfDo10RJqssaAdW6HzCtZkQ=,iv:8YcS8xxxu4VBAY2oRV+XnZcxmnU5YubSQB3ESTe9gwo=,tag:c25GuoZsCi8lXCEbK2fmNg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
173 changes: 173 additions & 0 deletions kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: grafana
spec:
interval: 30m
chart:
spec:
chart: grafana
version: 7.0.17
sourceRef:
kind: HelmRepository
name: grafana
namespace: flux-system
maxHistory: 2
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: local-path-provisioner
namespace: kube-system
values:
deploymentStrategy:
type: Recreate
admin:
existingSecret: grafana-admin-secret
env:
GF_EXPLORE_ENABLED: true
GF_SERVER_ROOT_URL: "https://grafana.${SECRET_DOMAIN}"
grafana.ini:
analytics:
check_for_updates: false
check_for_plugin_updates: false
reporting_enabled: false
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: default
orgId: 1
folder: ""
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
- name: flux
orgId: 1
folder: Flux
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/flux
- name: kubernetes
orgId: 1
folder: Kubernetes
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/kubernetes
- name: nginx
orgId: 1
folder: Nginx
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/nginx
datasources:
datasources.yaml:
apiVersion: 1
deleteDatasources:
- { name: Prometheus, orgId: 1 }
datasources:
- name: Prometheus
type: prometheus
uid: prometheus
access: proxy
url: http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090
jsonData:
prometheusType: Prometheus
isDefault: true
dashboards:
default:
cloudflared:
gnetId: 17457 # https://grafana.com/grafana/dashboards/17457?tab=revisions
revision: 6
datasource:
- { name: DS_PROMETHEUS, value: Prometheus }
external-dns:
gnetId: 15038 # https://grafana.com/grafana/dashboards/15038?tab=revisions
revision: 1
datasource: Prometheus
cert-manager:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/cert-manager/dashboards/cert-manager.json
datasource: Prometheus
node-exporter-full:
gnetId: 1860 # https://grafana.com/grafana/dashboards/1860?tab=revisions
revision: 31
datasource: Prometheus
flux:
flux-cluster:
url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json
datasource: Prometheus
flux-control-plane:
url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/control-plane.json
datasource: Prometheus
kubernetes:
kubernetes-api-server:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json
datasource: Prometheus
kubernetes-coredns:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json
datasource: Prometheus
kubernetes-global:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json
datasource: Prometheus
kubernetes-namespaces:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json
datasource: Prometheus
kubernetes-nodes:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json
datasource: Prometheus
kubernetes-pods:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json
datasource: Prometheus
nginx:
nginx:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json
datasource: Prometheus
nginx-request-handling-performance:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json
datasource: Prometheus
sidecar:
dashboards:
enabled: true
searchNamespace: ALL
labelValue: ""
label: grafana_dashboard
folderAnnotation: grafana_folder
provider:
disableDelete: true
foldersFromFilesStructure: true
datasources:
enabled: true
searchNamespace: ALL
labelValue: ""
serviceMonitor:
enabled: true
ingress:
enabled: true
ingressClassName: internal
annotations:
hajimari.io/icon: simple-icons:grafana
hosts:
- &host "grafana.${SECRET_DOMAIN}"
tls:
- hosts:
- *host
persistence:
enabled: true
storageClassName: local-path
testFramework:
enabled: false
6 changes: 6 additions & 0 deletions kubernetes/apps/monitoring/grafana/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
27 changes: 27 additions & 0 deletions kubernetes/apps/monitoring/grafana/app/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: v1
kind: Secret
metadata:
name: grafana-admin-secret
stringData:
admin-password: ENC[AES256_GCM,data:SVapmts=,iv:l6Rio4fOA2HZC4UF8+wxLyfSChB6KKlY+VRPQhjKZ5s=,tag:M5Q/fIXm13NFvRQHr+6g1w==,type:str]
admin-user: ENC[AES256_GCM,data:WWrVLc8=,iv:Vm2ppcijILsuuKjipo92+DNSWJ/xgKKFIwItBDR8Qt4=,tag:GdE/710hkW6X18RLwGSkCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1xet7mguda7d2gt4f6re7nsv4cdr7tmqeh4lvfyhxeg66sjtghv2q9xd44n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcFQ3QUh3NkxZc2F4c3Ux
Q1BKMEZ3ciszMC9XUVhPN1EyOS9EbVYybVZRClQ0MjB0YkRPeDZYaFUxVy80QjlP
MFJ0aWtKNFhPQk4vZlhXTFlXSWtLczAKLS0tIG54VERZRmtnMndPdmgvTGdzeEpP
NzFQcXhVdkhSVUFDRmhvLzJLNHl6SFUKfGsLLkCIhRISK4Ox5WzK8T5bddDvdG1c
s6uiooBHY1FTvAzMhqQqfy0pSqIezgr4lw7Ineb3BKd2f5gr7VCnfw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-13T15:22:22Z"
mac: ENC[AES256_GCM,data:BafTgc0dAc/qCcLJZlY2L8qC348mGmW+7FjtPxLvRbO9YQvHvRZMD+PXJ/cmnuRFLl+/TsJb7oGNowKKTRe7Vp6Kt0pbkeH3J5KvYYw3NPnElFG3d6BhiXpa+bpiO1P3TSJ8Sa6jpc4bnR9E7nQbqH5DfFUA4eZL5HYs02hA/Bc=,iv:wHdQ3U4Nm1pWTY3ZsnEpg32STuiX/gQ6DW9G92bHrQc=,tag:uuLhsbNEIVAN/ok7mXEmdw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
20 changes: 20 additions & 0 deletions kubernetes/apps/monitoring/grafana/ks.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app grafana
namespace: flux-system
spec:
targetNamespace: monitoring
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/monitoring/grafana/app
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
Loading

0 comments on commit 5a20255

Please sign in to comment.