feat(monitoring): Installing kube-prometheus-stack from prometheus-community Helm chart

2025-11-02 10:57:53 +00:00 · 2023-01-28 21:47:31 +01:00
parent d5f5e23bf2
commit 3c5e337cfc
10 changed files with 104 additions and 10 deletions
--- a/apps/whoami/ingress-route.yaml
+++ b/apps/whoami/ingress-route.yaml
@@ -1,6 +1,3 @@
-#
-# Auth Ingress
-#
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -25,7 +22,7 @@ spec:
          port: 80
      middlewares:
        - name: traefik-forward-auth
-    - match: Host(`test.stonegarden.dev`)
+    - match: Host(`whoami-open.stonegarden.dev`)
      kind: Rule
      services:
        - name: whoami
--- a/apps/whoami/ingress.yaml
+++ b/apps/whoami/ingress.yaml
@@ -8,10 +8,10 @@ metadata:
 spec:
  tls:
    - hosts:
-        - cert.stonegarden.dev
+        - whoami-cert.stonegarden.dev
      secretName: tls-whoami-ingress-http
  rules:
-    - host: cert.stonegarden.dev
+    - host: whoami-cert.stonegarden.dev
      http:
        paths:
          - path: /
--- a/apps/whoami/issuer.yaml
+++ b/apps/whoami/issuer.yaml
@@ -8,7 +8,7 @@ spec:
    email: veghag@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
-      # if not existing, it will register a new account and stores it
+      # if not existing, register a new account and stores it
      name: whoami-issuer-account-key
    solvers:
      - http01:
--- a/infra/argocd/infrastructure.yaml
+++ b/infra/argocd/infrastructure.yaml
@@ -6,6 +6,7 @@ metadata:
 spec:
  sourceRepos:
    - 'https://github.com/vehagn/homelab'
+    - 'https://prometheus-community.github.io/helm-charts'
    - 'https://helm.traefik.io/*'
    - 'https://helm.cilium.io/*'
  destinations:
@@ -17,6 +18,8 @@ spec:
      server: '*'
    - namespace: 'metallb-system'
      server: '*'
+    - namespace: 'monitoring'
+      server: '*'
    - namespace: 'traefik-system'
      server: '*'
    - namespace: 'kube-system'
--- a/infra/cert-manager.yaml
+++ b/infra/cert-manager.yaml
@@ -12,8 +12,8 @@ spec:
    repoURL: https://github.com/vehagn/homelab
    targetRevision: HEAD
  destination:
-    namespace: cert-manager
    name: in-cluster
+    namespace: cert-manager
  syncPolicy:
    automated:
      selfHeal: true
--- a/infra/cilium/values.yaml
+++ b/infra/cilium/values.yaml
@@ -32,8 +32,6 @@ serviceAccounts:

 tunnel: vxlan

-
-
 hubble:
  enabled: true
  peerService:
--- a/infra/monitoring.yaml
+++ b/infra/monitoring.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: monitoring
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infrastructure
+  source:
+    plugin:
+      name: kustomize-build-with-helm
+    path: infra/monitoring
+    repoURL: https://github.com/vehagn/homelab
+    targetRevision: HEAD
+  destination:
+    namespace: monitoring
+    name: in-cluster
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true
--- a/infra/monitoring/ingress-route.yaml
+++ b/infra/monitoring/ingress-route.yaml
@@ -0,0 +1,37 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: monitoring
+  namespace: monitoring
+  labels:
+    app: traefik
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`prometheus.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-prometheus
+          port: http-web # 9090
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+    - match: Host(`grafana.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-grafana
+          port: http-web # 80
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+    - match: Host(`alertmanager.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: kube-prometheus-stack-alertmanager
+          port: http-web # 9093
+      middlewares:
+        - name: traefik-forward-auth
+          namespace: kube-system
+  tls:
+    certResolver: letsencrypt
--- a/infra/monitoring/kube-prometheus-stack.yaml
+++ b/infra/monitoring/kube-prometheus-stack.yaml
@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-prometheus-stack
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infrastructure
+  source:
+    chart: kube-prometheus-stack
+    helm:
+      values: |-
+        prometheus-node-exporter:
+           hostRootFsMount:
+             enabled: false
+        prometheusOperator:
+           admissionWebhooks:
+             failurePolicy: Ignore
+    repoURL: https://prometheus-community.github.io/helm-charts
+    targetRevision: 44.3.0
+  destination:
+    name: in-cluster
+    namespace: monitoring
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true
--- a/infra/monitoring/kustomization.yaml
+++ b/infra/monitoring/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - kube-prometheus-stack.yaml
+  - ingress-route.yaml