-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathkube-prometheus-stack.yaml
106 lines (106 loc) · 3.37 KB
/
kube-prometheus-stack.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kube-prometheus-stack
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: '*'
helm:
values: |
kubeEtcd:
service:
enabled: true
targetPort: 2381
kubeProxy:
enabled: false
defaultRules:
create: true
rules:
kubeProxy: false
alertmanager:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- alertmanager.kind.cluster
tls:
- secretName: alertmanager.kind.cluster
hosts:
- alertmanager.kind.cluster
prometheus:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- prometheus.kind.cluster
tls:
- secretName: prometheus.kind.cluster
hosts:
- prometheus.kind.cluster
grafana:
enabled: true
adminPassword: admin
extraVolumeMounts:
- name: opt-ca-certificates
mountPath: /opt/ca-certificates
readOnly: true
hostPath: /opt/ca-certificates
hostPathType: Directory
sidecar:
enableUniqueFilenames: true
dashboards:
enabled: true
searchNamespace: ALL
provider:
foldersFromFilesStructure: true
datasources:
enabled: true
searchNamespace: ALL
grafana.ini:
server:
root_url: https://grafana.kind.cluster
auth.generic_oauth:
enabled: true
name: Keycloak
allow_sign_up: true
scopes: profile,email,groups
auth_url: https://keycloak.kind.cluster/auth/realms/master/protocol/openid-connect/auth
token_url: https://keycloak.kind.cluster/auth/realms/master/protocol/openid-connect/token
api_url: https://keycloak.kind.cluster/auth/realms/master/protocol/openid-connect/userinfo
client_id: grafana
client_secret: grafana-client-secret
role_attribute_path: contains(groups[*], 'grafana-admin') && 'Admin' || contains(groups[*], 'grafana-dev') && 'Editor' || 'Viewer'
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- grafana.kind.cluster
tls:
- secretName: grafana.kind.cluster
hosts:
- grafana.kind.cluster
destination:
server: https://kubernetes.default.svc
namespace: monitoring
revisionHistoryLimit: 3
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=true
- CreateNamespace=true
- FailOnSharedResource=true
- PruneLast=true
- Replace=true
automated:
prune: true
selfHeal: true