Nik Afiq
83f46c9748
feat(gitea): create PersistentVolume and PersistentVolumeClaim for Gitea feat(gitea): add script to create Gitea runner registration token secret feat(gitea): deploy Gitea Actions runner with Docker socket access feat(media): deploy JDownloader with Ingress configuration feat(media): set up Jellyfin media server with NFS and Ingress feat(media): configure qBittorrent deployment with Ingress feat(monitoring): add Grafana Loki datasource ConfigMap feat(monitoring): create Grafana admin credentials secret feat(monitoring): define PersistentVolumes for monitoring stack feat(network): implement DDNS CronJob for Porkbun DNS updates feat(network): create secret for Porkbun DDNS API credentials feat(network): set up Glances service and Ingress for Debian node fix(network): patch Pi-hole DNS services with external IPs feat(network): configure Traefik dashboard Ingress with Authentik auth feat(network): set up Watch Party service and Ingress for Mac Mini refactor(values): update Helm values files for various services
81 lines
2.4 KiB
YAML
81 lines
2.4 KiB
YAML
# Apply: helm upgrade --install kube-prometheus-stack prometheus-community/kube-prometheus-stack -f values/kube-prometheus-stack.yaml -n monitoring --create-namespace
|
|
# Description: Helm values for Prometheus, Grafana, and Alertmanager monitoring stack
|
|
|
|
grafana:
|
|
admin:
|
|
existingSecret: grafana-admin-secret
|
|
userKey: admin-user
|
|
passwordKey: admin-password
|
|
"grafana.ini":
|
|
server:
|
|
root_url: https://grafana.nik4nao.com
|
|
auth.generic_oauth:
|
|
enabled: true
|
|
name: Authentik
|
|
allow_sign_up: true
|
|
client_id: $__file{/etc/secrets/authentik-grafana-oauth/client-id}
|
|
client_secret: $__file{/etc/secrets/authentik-grafana-oauth/client-secret}
|
|
scopes: openid email profile
|
|
auth_url: https://auth.nik4nao.com/application/o/authorize/
|
|
token_url: https://auth.nik4nao.com/application/o/token/
|
|
api_url: https://auth.nik4nao.com/application/o/userinfo/
|
|
role_attribute_path: contains(groups, 'authentik Admins') && 'Admin' || 'Viewer'
|
|
auth:
|
|
disable_login_form: true
|
|
auth.basic:
|
|
enabled: false
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- grafana.nik4nao.com
|
|
tls:
|
|
- secretName: grafana-tls
|
|
hosts:
|
|
- grafana.nik4nao.com
|
|
extraSecretMounts:
|
|
- name: authentik-grafana-oauth
|
|
secretName: authentik-grafana-oauth
|
|
mountPath: /etc/secrets/authentik-grafana-oauth
|
|
readOnly: true
|
|
persistence:
|
|
enabled: true
|
|
size: 2Gi
|
|
initChownData: true
|
|
securityContext:
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
fsGroup: 472
|
|
|
|
prometheus:
|
|
prometheusSpec:
|
|
retention: 15d
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
metadata:
|
|
annotations:
|
|
helm.sh/resource-policy: keep
|
|
spec:
|
|
storageClassName: ""
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 20Gi
|
|
volumeName: prometheus-pv
|
|
|
|
alertmanager:
|
|
alertmanagerSpec:
|
|
storage:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
storageClassName: local-path
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi |