feat(monitoring): Installing kube-prometheus-stack from prometheus-community Helm chart

apps/whoami/ingress-route.yaml

@@ -1,6 +1,3 @@
-#
-# Auth Ingress
-#
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -25,7 +22,7 @@ spec:
           port: 80
       middlewares:
         - name: traefik-forward-auth
-    - match: Host(`test.stonegarden.dev`)
+    - match: Host(`whoami-open.stonegarden.dev`)
       kind: Rule
       services:
         - name: whoami

apps/whoami/ingress.yaml

@@ -8,10 +8,10 @@ metadata:
 spec:
   tls:
     - hosts:
-        - cert.stonegarden.dev
+        - whoami-cert.stonegarden.dev
       secretName: tls-whoami-ingress-http
   rules:
-    - host: cert.stonegarden.dev
+    - host: whoami-cert.stonegarden.dev
       http:
         paths:
           - path: /

apps/whoami/issuer.yaml

@@ -8,7 +8,7 @@ spec:
     email: veghag@gmail.com
     server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      # if not existing, it will register a new account and stores it
+      # if not existing, register a new account and stores it
       name: whoami-issuer-account-key
     solvers:
       - http01:

infra/argocd/infrastructure.yaml

@@ -6,6 +6,7 @@ metadata:
 spec:
   sourceRepos:
     - 'https://github.com/vehagn/homelab'
+    - 'https://prometheus-community.github.io/helm-charts'
     - 'https://helm.traefik.io/*'
     - 'https://helm.cilium.io/*'
   destinations:
@@ -17,6 +18,8 @@ spec:
       server: '*'
     - namespace: 'metallb-system'
       server: '*'
+    - namespace: 'monitoring'
+      server: '*'
     - namespace: 'traefik-system'
       server: '*'
     - namespace: 'kube-system'

infra/cert-manager.yaml

@@ -12,8 +12,8 @@ spec:
     repoURL: https://github.com/vehagn/homelab
     targetRevision: HEAD
   destination:
-    namespace: cert-manager
     name: in-cluster
+    namespace: cert-manager
   syncPolicy:
     automated:
       selfHeal: true

infra/cilium/values.yaml

@@ -32,8 +32,6 @@ serviceAccounts:
 
 tunnel: vxlan
 
-
-
 hubble:
   enabled: true
   peerService:

infra/monitoring.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: monitoring
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infrastructure
+  source:
+    plugin:
+      name: kustomize-build-with-helm
+    path: infra/monitoring
+    repoURL: https://github.com/vehagn/homelab
+    targetRevision: HEAD
+  destination:
+    namespace: monitoring
+    name: in-cluster
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true

infra/monitoring/ingress-route.yaml

@@ -0,0 +1,37 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: monitoring
+  namespace: monitoring
+  labels:
+    app: traefik
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`prometheus.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-prometheus
+          port: http-web # 9090
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+    - match: Host(`grafana.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-grafana
+          port: http-web # 80
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+    - match: Host(`alertmanager.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-alertmanager
+          port: http-web # 9093
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+  tls:
+    certResolver: letsencrypt

infra/monitoring/kube-prometheus-stack.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-prometheus-stack
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infrastructure
+  source:
+    chart: kube-prometheus-stack
+    helm:
+      values: |-
+        prometheus-node-exporter:
+           hostRootFsMount:
+             enabled: false
+        prometheusOperator:
+           admissionWebhooks:
+             failurePolicy: Ignore
+    repoURL: https://prometheus-community.github.io/helm-charts
+    targetRevision: 44.3.0
+  destination:
+    name: in-cluster
+    namespace: monitoring
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true

infra/monitoring/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - kube-prometheus-stack.yaml
+  - ingress-route.yaml