Update folder location

2025-01-06 05:01:00 -06:00
parent dc324a2d8b
commit c39f20e371
170 changed files with 8461 additions and 25 deletions
--- a/master/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
+++ b/master/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
@@ -0,0 +1,41 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-grafana-oauth
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: grafana-oauth
+  data:
+  - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
+    remoteRef:
+      key: secrets/kube-prometheus/grafana/oauth
+      property: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
+  - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
+    remoteRef:
+      key: secrets/kube-prometheus/grafana/oauth
+      property: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET     
+         
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-admin-credentials
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: grafana-admin-credentials
+  data:
+  - secretKey: admin-password
+    remoteRef:
+      key: secrets/kube-prometheus/grafana/admin
+      property: admin-password
+  - secretKey:  admin-user 
+    remoteRef:
+      key: secrets/kube-prometheus/grafana/admin
+      property:  admin-user     
--- a/master/kube-prometheus-stack/templates/ingress.yaml
+++ b/master/kube-prometheus-stack/templates/ingress.yaml
@@ -0,0 +1,80 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: grafana-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`grafana.durp.info`) && PathPrefix(`/`) 
+    kind: Rule
+    services:
+    - name: grafana
+      port: 80
+  tls:
+    secretName: grafana-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: grafana-tls
+spec:
+  secretName: grafana-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "grafana.durp.info"
+  dnsNames:
+  - "grafana.durp.info"  
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: alertmanager-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`) 
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik    
+    kind: Rule
+    services:
+    - name: prometheus-alertmanager
+      port: 9093
+  tls:
+    secretName: alertmanager-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: alertmanager-tls
+spec:
+  secretName: alertmanager-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "alertmanager.durp.info"
+  dnsNames:
+  - "alertmanager.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: grafana-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: grafana.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info