Logs + Dash

charts/grafana-operator/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: kube-prometheus
+name: grafana-operator
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -24,6 +24,6 @@ version: 0.1.0
 appVersion: "1.16.0"
 
 dependencies:
-- name: kube-prometheus-stack
-  version: 55.6.0
-  repository: "https://prometheus-community.github.io/helm-charts"
+- name: grafana-operator
+  version: 3.5.12
+  repository: "oci://registry-1.docker.io/bitnamicharts"

charts/grafana-operator/values.yaml

@@ -0,0 +1,3 @@
+grafana-operator:
+  operator:
+    watchNamespace: grafana

charts/grafana/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/grafana/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: grafana
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4"

charts/grafana/templates/grafana-cert.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: grafana-cert
+spec:
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: aux-issuer
+  dnsNames:
+    - {{ .Values.ingress.fqdn }}
+  secretName: grafana-cert

charts/grafana/templates/grafana-dashboard.yaml

@@ -0,0 +1,39 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: grafanadashboard-sample
+spec:
+  resyncPeriod: 30s
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  json: >
+    {
+      "id": null,
+      "title": "Simple Dashboard",
+      "tags": [],
+      "style": "dark",
+      "timezone": "browser",
+      "editable": true,
+      "hideControls": false,
+      "graphTooltip": 1,
+      "panels": [],
+      "time": {
+        "from": "now-6h",
+        "to": "now"
+      },
+      "timepicker": {
+        "time_options": [],
+        "refresh_intervals": []
+      },
+      "templating": {
+        "list": []
+      },
+      "annotations": {
+        "list": []
+      },
+      "refresh": "5s",
+      "schemaVersion": 17,
+      "version": 0,
+      "links": []
+    }

charts/grafana/templates/grafana.sealed.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: credentials
+  namespace: grafana
+spec:
+  encryptedData:
+    GF_SECURITY_ADMIN_PASSWORD: AgCeTVb2687/MDNDTMO0jqCYEoqYMT3ciB+gg+1685bHXSCSSu/E4CKArIf93+MllTTBfNAGgsprkhXwOZBUXXBaKk005uB6L8Hqp0GwvlIgZLFjvZlBmK8/kHSpBGt6IexysyzWIZMZHXQbSxHDgk36e8/NkizjihCLwb9lnfIs67cXJSlxIlZclkCGQ7bwCeEFjdcymRr/C8sCB3iKQftwmGfI6aRPB3XWisjkCKvWAET0Jjg6Dnbrpv8Hgc+QwHf/QkbtqpmwbJjNMN4hKf56dThi+saaeQJAaDYQ34Ciq/blOM2ODRjeqLKlFrLKvlAMNhBLd7Uo5tx6NpfdTA5tgeiqAftv0Cw5gFqHYaoCoucP0VTJ1+9HY4zWTvf1i7csq7tPxrMbt0qYVfZRhgs7h9dq91y2uS8WGUrvoNF1dO9hdNGLlSc2PZBRAxMmuelkh9lj0+JLh3T136ildJe+UuYOyb7pNheJqDRKpNg1L2qiBen1EUl9p1s+uPJ1Jf2DkTLeaMu+1FrBX7x7eBbY6NwMRZt5Dvqh+g5Lv2fQuBDueuLjPNQdwU3Dt7SyC1zV1tS54Ub7/tsfhsqi4H6uqtJfa4C1ziFaR1RuujeBJTkIov3UgOerQW9igSIpEOejuKQzo4My7v3syHh0Xl/UVzS9E04pRq4hnpXsDD9OWPT0gx/ue8kDdJyjCzhs/aHPp6vG1lDTro2Mq/tV0+VQ2disfR0zUoaI8PXB6L2sYaADSIt5f4NHwCI2UXC2nOGa2tSvha2svRp5vGA4OEkx
+    GF_SECURITY_ADMIN_USER: AgA7zv4sT/ndEPASLBecj+MH/BNnG6pOJAsgr+Oy7+nhOUPBc02xviiiq/q0DtyrPbTiPapUVqP9ZAXLbUJbKrX7APICqYFeFBxIOXhrNsvi+2idR1Qb0J34OT0wlzYfpwK27sRSbCL0v2cm6k2QmPMqbUzJZwuC9Y0hJHYn+qRE3kdRBvrzTyXYhVYHlROjC8V167n4HymB/EmVhB8HBcb4u4DOGXCkzG0jojRUbgQeyLjFVWgzVrnodc0Lhfwmmr9gcRi074mj/CrMOpLm6gP1Cl+lI4Mye4MQ5zlfP+bUswjgJ4rkm8lJM159H/M0mWaIyKMJvQYbFD17O5Vvb2E9d+W3+DGUNfxW2QIH1LPMR/nCDUDzf+SymuRGJvNyl93tp39+WIFBmiivk14yOrrRSP0DnDL0rKPo7jdDUdfmvya5r7OVrQW31pkySzazsnpskMkRD3zoIyi4Ugxp7EaWC7KV3neH2oXNL7W5fskULWZegsXN/u7Z0fQ5HuEfESYahVITqztiQZNXw987XnMvqj60Ql5Gm2Fwhj3CvkJWgFd8WNBPgjFy9xuHaxgNmyjwtI5DofnfPjnPl9Sh95nDs4avXLxRa1A/lWZbvVrTCd3dfdNGVS/1fOHe9mRpxy8mEy4I1sFTluDY1eeHjbV7ruXar/j+bRC2EH3UKTdVJBQu+AVvJkMpr5TVxArAbLqhz5Vss0E=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: credentials
+      namespace: grafana
+    type: Opaque

charts/grafana/templates/grafana.yaml

@@ -0,0 +1,50 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: Grafana
+metadata:
+  name: grafana
+  labels:
+    dashboards: "grafana"
+spec:
+  config:
+    log:
+      mode: "console"
+    auth:
+      disable_login_form: "false"
+    #security:
+    #  admin_user: root
+    #  admin_password: secret
+  deployment:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: grafana
+              env:
+                - name: GF_SECURITY_ADMIN_USER
+                  valueFrom:
+                    secretKeyRef:
+                      key: GF_SECURITY_ADMIN_USER
+                      name: credentials
+                - name: GF_SECURITY_ADMIN_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      key: GF_SECURITY_ADMIN_PASSWORD
+                      name: credentials
+  ingress:
+    spec:
+      ingressClassName: traefik
+      rules:
+        - host: {{ .Values.ingress.fqdn }}
+          http:
+            paths:
+              - backend:
+                  service:
+                    name: grafana-service
+                    port:
+                      number: 3000
+                path: /
+                pathType: Prefix
+      tls:
+        - hosts:
+            - {{ .Values.ingress.fqdn }}
+          secretName: grafana-cert

charts/grafana/values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  fqdn: grafana.deepcypher.me

charts/infrastructure/templates/grafana-operator.yaml

@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grafana-operator
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    name: ''
+    namespace: grafana-operator
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/grafana-operator
+    repoURL: {{ .Values.global.repo }}
+    targetRevision: {{ .Values.global.branch }}
+    helm:
+      values: |-
+        type: {{ .Values.type }}
+        global:
+          branch: {{ .Values.global.branch }}
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - ApplyOutOfSyncOnly=true

charts/infrastructure/templates/grafana.yaml

@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grafana
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    name: ''
+    namespace: grafana
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/grafana
+    repoURL: {{ .Values.global.repo }}
+    targetRevision: {{ .Values.global.branch }}
+    helm:
+      values: |-
+        type: {{ .Values.type }}
+        global:
+          branch: {{ .Values.global.branch }}
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - ApplyOutOfSyncOnly=true

charts/infrastructure/templates/kube-prometheus.yaml

@@ -1,74 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: prometheus
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    name: ''
-    namespace: prometheus
-    server: 'https://kubernetes.default.svc'
-  source:
-    path: charts/kube-prometheus
-    repoURL: 'https://gitlab.com/deepcypher/dc-kc.git'
-    targetRevision: HEAD
-    #helm:
-    #  values: |
-  #project: kube-prometheus
-  project: default
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-      #- ApplyOutOfSyncOnly=true
-      #- Replace=true
-      #- PruneLast=true
-      - ServerSideApply=true
----
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: kube-prometheus
-  namespace: argocd
-  # Finalizer that ensures that project is not deleted until it is not referenced by any application
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  description: Infra-level project to isolate kube-prometheus
-  # Allow manifests to deploy from any Git repos
-  sourceRepos:
-  - '*'
-  # Only permit applications to deploy to the guestbook namespace in the same cluster
-  destinations:
-  - namespace: kube-prometheus
-    server: https://kubernetes.default.svc
-  # Deny all cluster-scoped resources from being created, except for Namespace
-  clusterResourceWhitelist:
-  - group: ''
-    kind: Namespace
-  # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
-  namespaceResourceBlacklist:
-  - group: ''
-    kind: ResourceQuota
-  - group: ''
-    kind: LimitRange
-  #- group: ''
-  #  kind: NetworkPolicy
-  # # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet
-  # namespaceResourceWhitelist:
-  # - group: 'apps'
-  #   kind: Deployment
-  # - group: 'apps'
-  #   kind: StatefulSet
-  roles:
-  # A role which provides read-only access to all applications in the project
-  - name: read-only
-    description: Read-only privileges to kube-prometheus
-    policies:
-    - p, proj:my-project:read-only, applications, get, kube-prometheus/*, allow
-    groups:
-    - my-oidc-group

charts/infrastructure/templates/loki.yaml

@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: loki
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    name: ''
+    namespace: loki
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/loki
+    repoURL: {{ .Values.global.repo }}
+    targetRevision: {{ .Values.global.branch }}
+    helm:
+      values: |-
+        type: {{ .Values.type }}
+        global:
+          branch: {{ .Values.global.branch }}
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - ApplyOutOfSyncOnly=true

charts/infrastructure/templates/prometheus.yaml

@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prometheus
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    name: ''
+    namespace: prometheus
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/prometheus
+    repoURL: 'https://gitlab.com/deepcypher/dc-kc.git'
+    targetRevision: HEAD
+    #helm:
+    #  values: |
+  #project: kube-prometheus
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      #- Replace=true
+      #- PruneLast=true
+      - ServerSideApply=true

charts/kube-prometheus/values.yaml

@@ -1,2 +0,0 @@
-kube-prometheus-stack:
-  fullnameOverride: "prom"

charts/loki/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/loki/Chart.yaml

@@ -0,0 +1,29 @@
+apiVersion: v2
+name: loki
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4"
+
+dependencies:
+- name: grafana-loki
+  version: 2.11.20
+  repository: "oci://registry-1.docker.io/bitnamicharts"

charts/loki/values.yaml

@@ -0,0 +1,12 @@
+grafana-loki:
+  fullnameOverride: loki
+
+  gateway:
+    ingress:
+      enabled: false
+      ingressClassName: traefik
+      hostname: loki.deepcypher.me
+      annotations:
+        cert-manager.io/cluster-issuer: aux-issuer
+      tls: true
+

charts/prometheus/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/prometheus/Chart.yaml

@@ -0,0 +1,33 @@
+apiVersion: v2
+name: prometheus
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
+
+dependencies:
+- name: kube-prometheus
+  version: 8.23.0
+  repository: "oci://registry-1.docker.io/bitnamicharts"
+  #repository: "oci://registry-1.docker.io/bitnamicharts"
+#- name: prometheus
+#  version: 22.7.0
+#  repository: "https://prometheus-community.github.io/helm-charts"