From 3c5e337cfc8f1adc416fdcc3cf6b16cbe342ee6e Mon Sep 17 00:00:00 2001
From: Vegard Hagen <vegard@stonegarden.dev>
Date: Sat, 28 Jan 2023 21:47:31 +0100
Subject: [PATCH] feat(monitoring): Installing kube-prometheus-stack from
 prometheus-community Helm chart

---
 apps/whoami/ingress-route.yaml              |  5 +--
 apps/whoami/ingress.yaml                    |  4 +--
 apps/whoami/issuer.yaml                     |  2 +-
 infra/argocd/infrastructure.yaml            |  3 ++
 infra/cert-manager.yaml                     |  2 +-
 infra/cilium/values.yaml                    |  2 --
 infra/monitoring.yaml                       | 25 ++++++++++++++
 infra/monitoring/ingress-route.yaml         | 37 +++++++++++++++++++++
 infra/monitoring/kube-prometheus-stack.yaml | 28 ++++++++++++++++
 infra/monitoring/kustomization.yaml         |  6 ++++
 10 files changed, 104 insertions(+), 10 deletions(-)
 create mode 100644 infra/monitoring.yaml
 create mode 100644 infra/monitoring/ingress-route.yaml
 create mode 100644 infra/monitoring/kube-prometheus-stack.yaml
 create mode 100644 infra/monitoring/kustomization.yaml

diff --git a/apps/whoami/ingress-route.yaml b/apps/whoami/ingress-route.yaml
index 65710f4..1fcb748 100644
--- a/apps/whoami/ingress-route.yaml
+++ b/apps/whoami/ingress-route.yaml
@@ -1,6 +1,3 @@
-#
-# Auth Ingress
-#
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -25,7 +22,7 @@ spec:
           port: 80
       middlewares:
         - name: traefik-forward-auth
-    - match: Host(`test.stonegarden.dev`)
+    - match: Host(`whoami-open.stonegarden.dev`)
       kind: Rule
       services:
         - name: whoami
diff --git a/apps/whoami/ingress.yaml b/apps/whoami/ingress.yaml
index 69f2767..ddc154a 100644
--- a/apps/whoami/ingress.yaml
+++ b/apps/whoami/ingress.yaml
@@ -8,10 +8,10 @@ metadata:
 spec:
   tls:
     - hosts:
-        - cert.stonegarden.dev
+        - whoami-cert.stonegarden.dev
       secretName: tls-whoami-ingress-http
   rules:
-    - host: cert.stonegarden.dev
+    - host: whoami-cert.stonegarden.dev
       http:
         paths:
           - path: /
diff --git a/apps/whoami/issuer.yaml b/apps/whoami/issuer.yaml
index 541cba6..4b19692 100644
--- a/apps/whoami/issuer.yaml
+++ b/apps/whoami/issuer.yaml
@@ -8,7 +8,7 @@ spec:
     email: veghag@gmail.com
     server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      # if not existing, it will register a new account and stores it
+      # if not existing, register a new account and stores it
       name: whoami-issuer-account-key
     solvers:
       - http01:
diff --git a/infra/argocd/infrastructure.yaml b/infra/argocd/infrastructure.yaml
index 32b26f0..39fac00 100644
--- a/infra/argocd/infrastructure.yaml
+++ b/infra/argocd/infrastructure.yaml
@@ -6,6 +6,7 @@ metadata:
 spec:
   sourceRepos:
     - 'https://github.com/vehagn/homelab'
+    - 'https://prometheus-community.github.io/helm-charts'
     - 'https://helm.traefik.io/*'
     - 'https://helm.cilium.io/*'
   destinations:
@@ -17,6 +18,8 @@ spec:
       server: '*'
     - namespace: 'metallb-system'
       server: '*'
+    - namespace: 'monitoring'
+      server: '*'
     - namespace: 'traefik-system'
       server: '*'
     - namespace: 'kube-system'
diff --git a/infra/cert-manager.yaml b/infra/cert-manager.yaml
index cd10286..0774f4a 100644
--- a/infra/cert-manager.yaml
+++ b/infra/cert-manager.yaml
@@ -12,8 +12,8 @@ spec:
     repoURL: https://github.com/vehagn/homelab
     targetRevision: HEAD
   destination:
-    namespace: cert-manager
     name: in-cluster
+    namespace: cert-manager
   syncPolicy:
     automated:
       selfHeal: true
diff --git a/infra/cilium/values.yaml b/infra/cilium/values.yaml
index b6bb199..a351cdc 100644
--- a/infra/cilium/values.yaml
+++ b/infra/cilium/values.yaml
@@ -32,8 +32,6 @@ serviceAccounts:
 
 tunnel: vxlan
 
-
-
 hubble:
   enabled: true
   peerService:
diff --git a/infra/monitoring.yaml b/infra/monitoring.yaml
new file mode 100644
index 0000000..3df6041
--- /dev/null
+++ b/infra/monitoring.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: monitoring
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infrastructure
+  source:
+    plugin:
+      name: kustomize-build-with-helm
+    path: infra/monitoring
+    repoURL: https://github.com/vehagn/homelab
+    targetRevision: HEAD
+  destination:
+    namespace: monitoring
+    name: in-cluster
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true
diff --git a/infra/monitoring/ingress-route.yaml b/infra/monitoring/ingress-route.yaml
new file mode 100644
index 0000000..8de788b
--- /dev/null
+++ b/infra/monitoring/ingress-route.yaml
@@ -0,0 +1,37 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: monitoring
+  namespace: monitoring
+  labels:
+    app: traefik
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`prometheus.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-prometheus
+          port: http-web # 9090
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+    - match: Host(`grafana.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-grafana
+          port: http-web # 80
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+    - match: Host(`alertmanager.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-alertmanager
+          port: http-web # 9093
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+  tls:
+    certResolver: letsencrypt
diff --git a/infra/monitoring/kube-prometheus-stack.yaml b/infra/monitoring/kube-prometheus-stack.yaml
new file mode 100644
index 0000000..d3fa539
--- /dev/null
+++ b/infra/monitoring/kube-prometheus-stack.yaml
@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-prometheus-stack
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infrastructure
+  source:
+    chart: kube-prometheus-stack
+    helm:
+      values: |-
+        prometheus-node-exporter:
+           hostRootFsMount:
+             enabled: false
+        prometheusOperator:
+           admissionWebhooks:
+             failurePolicy: Ignore
+    repoURL: https://prometheus-community.github.io/helm-charts
+    targetRevision: 44.3.0
+  destination:
+    name: in-cluster
+    namespace: monitoring
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true
diff --git a/infra/monitoring/kustomization.yaml b/infra/monitoring/kustomization.yaml
new file mode 100644
index 0000000..2dc6f8e
--- /dev/null
+++ b/infra/monitoring/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - kube-prometheus-stack.yaml
+  - ingress-route.yaml
\ No newline at end of file