From c1566f2077be9e4a6658a88d0af5b3b85c3001f1 Mon Sep 17 00:00:00 2001 From: Jazzlyn <9011011+jazzlyn@users.noreply.github.com> Date: Wed, 3 Apr 2024 22:18:50 +0200 Subject: [PATCH] feat(grafana): refinement --- .../grafana/app/config/contactpoints.yaml | 2 +- .../apps/observability/grafana/app/config/grafana.ini | 6 +++--- .../observability/grafana/app/grafana-admin.sops.yaml | 5 ++--- .../grafana/app/grafana-auth-google.sops.yaml | 5 ++--- .../apps/observability/grafana/app/helm-release.yaml | 11 ++--------- 5 files changed, 10 insertions(+), 19 deletions(-) diff --git a/kubernetes/talos-flux/apps/observability/grafana/app/config/contactpoints.yaml b/kubernetes/talos-flux/apps/observability/grafana/app/config/contactpoints.yaml index 6b2c2aa34..768cc3ae2 100644 --- a/kubernetes/talos-flux/apps/observability/grafana/app/config/contactpoints.yaml +++ b/kubernetes/talos-flux/apps/observability/grafana/app/config/contactpoints.yaml @@ -9,4 +9,4 @@ contactPoints: type: prometheus-alertmanager disableResolveMessage: false settings: - url: $ALERTMANAGER_URL + url: http://prometheus-alertmanager.observability.svc.cluster.local:9093 diff --git a/kubernetes/talos-flux/apps/observability/grafana/app/config/grafana.ini b/kubernetes/talos-flux/apps/observability/grafana/app/config/grafana.ini index 497e8891b..a783672eb 100644 --- a/kubernetes/talos-flux/apps/observability/grafana/app/config/grafana.ini +++ b/kubernetes/talos-flux/apps/observability/grafana/app/config/grafana.ini @@ -4,7 +4,7 @@ check_for_updates = false [auth.google] enabled = true allow_sign_up = true -allowed_domains = ${SECRET_DOMAIN} +allowed_domains = techtales.io auth_url = https://accounts.google.com/o/oauth2/auth scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email token_url = https://accounts.google.com/o/oauth2/token @@ -23,7 +23,7 @@ logs = /var/log/grafana plugins = /var/lib/grafana/plugins provisioning = /etc/grafana/provisioning [server] -domain = grafana.${SECRET_DOMAIN} -root_url = https://grafana.${SECRET_DOMAIN} +domain = grafana.techtales.io +root_url = https://grafana.techtales.io [users] auto_assign_org_role = Admin diff --git a/kubernetes/talos-flux/apps/observability/grafana/app/grafana-admin.sops.yaml b/kubernetes/talos-flux/apps/observability/grafana/app/grafana-admin.sops.yaml index af1318c10..d9a65e44d 100644 --- a/kubernetes/talos-flux/apps/observability/grafana/app/grafana-admin.sops.yaml +++ b/kubernetes/talos-flux/apps/observability/grafana/app/grafana-admin.sops.yaml @@ -1,7 +1,6 @@ # yamllint disable apiVersion: v1 kind: Secret -type: Opaque metadata: name: grafana-admin stringData: @@ -22,8 +21,8 @@ sops: TTcwSDlkQ3VPM1NTWFdoTzZ5MVBEeDAKXeIe9FM/ZenGa8kVJjMIC9hcAwktLR/U T5O1xTcVAhgBUDYbKdrexWuFIAsqhXVMAh0xhQEs3m9gdygDPAL6Mw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-02T22:00:12Z" - mac: ENC[AES256_GCM,data:EGShcemEHAQOZ58+2fS1kt416dUUROQ0RTgbxZsfM7TQ+ueDGHPybePhPauYn/V6AeirrU7soNY0Es3BcjfG/pKNcKS/OYXCpKOWaQzE0m+r/PCPPHtdSMemb9Jvky/7wRVI9OgU+SFtOrVslQS/gVjsXgeVsC3mpILX2l7dx+Y=,iv:STI/yC8BWa+V/z7hpqNRSJa+tqJXhYi4LDGn+5XjaiA=,tag:mqdeAmh8U4J9fPhJqkGC9g==,type:str] + lastmodified: "2024-04-03T20:17:49Z" + mac: ENC[AES256_GCM,data:+XnUw8M+hyNs8DHsR2juJKhfLV+mNGbeBlJ07j8RmQVYAuDrpVlneRWAtx6yxrC44z4C5+Jao61MkXqz+NClf2UX+dEnRIoYr15O9LPk9pBTcpEU0crb7VcJVSGxKQf8SulurCTdErGj6umdJeXyn43xebkE0QRV2F/46VavGT8=,iv:v9lnYP96v12HvaCucAXcsIerIyFVqwhUiYZVELP8hlQ=,tag:zTkjsfQrJC1v8m1DgalnMQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1 diff --git a/kubernetes/talos-flux/apps/observability/grafana/app/grafana-auth-google.sops.yaml b/kubernetes/talos-flux/apps/observability/grafana/app/grafana-auth-google.sops.yaml index 61e83d19a..4667f50aa 100644 --- a/kubernetes/talos-flux/apps/observability/grafana/app/grafana-auth-google.sops.yaml +++ b/kubernetes/talos-flux/apps/observability/grafana/app/grafana-auth-google.sops.yaml @@ -1,7 +1,6 @@ # yamllint disable apiVersion: v1 kind: Secret -type: Opaque metadata: name: grafana-auth-google stringData: @@ -22,8 +21,8 @@ sops: eUQwcWJxQWZIUkRsb291SHpGSDhqT1EKgTQ1qSb4D0VNoXTiTkz9sHrHFPNHcPCW IQ8/QYEA6iWVt+v8s+ATb2OaLZhha5FgwCOGVyIv6GJLP1kBlz8RwQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-02T21:27:47Z" - mac: ENC[AES256_GCM,data:oZqVunsLWCslIaZlRUOX3FHd66bIfhmHLuywVnQeda8ZrQX13LEJmbvEvApUrJGtoY5Zi8qFKank/NIwskNVGZpaOLcrGEm2tlLPuNn7e5ViLdjcqZu095zIEKQbx2wTeSZPMGe1wRbsjhivuHXmewEfAiQlmpuMu5ni2jE6nI8=,iv:LOGm+ROa6KYR+sD+aVgJWW3ifkA5Xx/893scQPryclw=,tag:yszeKmOf73y8311FI8fkAA==,type:str] + lastmodified: "2024-04-03T20:17:40Z" + mac: ENC[AES256_GCM,data:JQr1hrOpDMRAuxbA/7I6aJgQ5ReLfwqPW3SvgVvUVcJXeWTPt9xvYRUrUBzqunfiJ6wZKRCkuSZ5uRthlDwR2fAVqxbFjAhUxWuld7P5fZs6u63Qx/+cgd8WkLZZ8ikNI249eDn0rzTo1UfGSI4eAozejvCufyuGh/L+o2MCKQc=,iv:o557kvzdsWv+3VkT+WH1i0iyhxFc2sR1FIO8hlzSfIU=,tag:lzVtBxhbs5aRA7XhCnfS/Q==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1 diff --git a/kubernetes/talos-flux/apps/observability/grafana/app/helm-release.yaml b/kubernetes/talos-flux/apps/observability/grafana/app/helm-release.yaml index c45af8f4e..37f385eb3 100644 --- a/kubernetes/talos-flux/apps/observability/grafana/app/helm-release.yaml +++ b/kubernetes/talos-flux/apps/observability/grafana/app/helm-release.yaml @@ -29,8 +29,6 @@ spec: env: TZ: ${SETTING_TZ} - VAR_BLOCKY_URL: http://blocky.networking.svc.cluster.local:4000 # for dashboard - ALERTMANAGER_URL: http://prometheus-alertmanager.observability.svc.cluster.local:9093 envFromSecrets: - name: grafana-auth-google @@ -47,11 +45,6 @@ spec: gnetId: 11074 revision: 9 datasource: Prometheus - # Ref: https://grafana.com/grafana/dashboards/13768 - blocky: - gnetId: 13768 - revision: 3 - datasource: Prometheus sidecar: dashboards: @@ -81,12 +74,12 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure external-dns.alpha.kubernetes.io/target: "${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com" hosts: - - "grafana.${SECRET_DOMAIN}" + - &host grafana.techtales.io path: / tls: - secretName: grafana-cert hosts: - - "grafana.${SECRET_DOMAIN}" + - *host serviceAccount: create: true