homelab/values/kube-prometheus-stack.yaml

# kube-prometheus-stack
# Chart: 82.10.2 / App: v0.89.0
#
# helm upgrade --install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
#   --namespace monitoring --create-namespace \
#   -f values/kube-prometheus-stack.yaml

grafana:
  admin:
    existingSecret: grafana-admin-secret
    userKey: admin-user
    passwordKey: admin-password
  "grafana.ini":
    server:
      root_url: https://grafana.nik4nao.com
    auth.generic_oauth:
      enabled: true
      name: Authentik
      allow_sign_up: true
      client_id: $__file{/etc/secrets/authentik-grafana-oauth/client-id}
      client_secret: $__file{/etc/secrets/authentik-grafana-oauth/client-secret}
      scopes: openid email profile
      auth_url: https://auth.nik4nao.com/application/o/authorize/
      token_url: https://auth.nik4nao.com/application/o/token/
      api_url: https://auth.nik4nao.com/application/o/userinfo/
      role_attribute_path: contains(groups, 'authentik Admins') && 'Admin' || 'Viewer'
    auth:
      disable_login_form: true
    auth.basic:
      enabled: false
  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
      cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
      - grafana.nik4nao.com
    tls:
      - secretName: grafana-tls
        hosts:
          - grafana.nik4nao.com
  extraSecretMounts:
    - name: authentik-grafana-oauth
      secretName: authentik-grafana-oauth
      mountPath: /etc/secrets/authentik-grafana-oauth
      readOnly: true
  persistence:
    enabled: true
    size: 2Gi
    initChownData: true
  securityContext:
    runAsNonRoot: false
    runAsUser: 0
    fsGroup: 472

prometheus:
  prometheusSpec:
    retention: 15d
    storageSpec:
      volumeClaimTemplate:
        metadata:
          annotations:
            helm.sh/resource-policy: keep
        spec:
          storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 20Gi
          volumeName: prometheus-pv

alertmanager:
  alertmanagerSpec:
    storage:
      volumeClaimTemplate:
        spec:
          storageClassName: local-path
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 1Gi