install grafana

2023-03-31 22:09:45 +02:00 · 2023-03-31 22:09:45 +02:00 · 22337a2daf
parent b8806638f3
commit 22337a2daf
4 changed files with 89 additions and 0 deletions
--- a/apps/grafana/kustomization.yaml
+++ b/apps/grafana/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+generators:
+  - secret-generator.yaml
--- a/apps/grafana/secret-generator.yaml
+++ b/apps/grafana/secret-generator.yaml
@ -0,0 +1,6 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+files:
+  - secret.sops.yaml
--- a/apps/grafana/secret.sops.yaml
+++ b/apps/grafana/secret.sops.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+    name: admin-creds
+stringData:
+    admin-password: ENC[AES256_GCM,data:CTuqWR8LyvHccHiwILhq7tLr6jz7ZD9X+eUghfP7dXA=,iv:o9qg8yIcG4PbRdxd4cwJmhonhGqFbO5lpUJvAvZx3H4=,tag:y47cx/bLEje1Cneh0b+AQA==,type:str]
+    admin-user: ENC[AES256_GCM,data:zLKhOeE=,iv:54ppdbvrKpVdutI8oVgmIu9+ai96VBxkgrSCCB0jAsI=,tag:sgYFX+XG0sOsNBI802JWWg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMzdtWDNDUWROQkdyS2I2
+            aDNrUkpDK3R5TWNLVzJORE82MGlGZGkrOUQ4CmVSUDRRVkZoYWgvSjJlZk5idjFT
+            NXIzNG1paXZpdFFzY1A0akVwemlwTG8KLS0tIFJYa09DS00vTmxzYWd6ZnJTaE10
+            ZXVTblAxbjIwNEd6QWtxTUFTYU52ZFEKJTE2+b8FIJ/JuPc8ixYMIwyLnydcS4yE
+            4T18gWlPgbpow1sHpJ8KLNF+KLGh5XmmG50QDWGvhQuywhs/cNgdyQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-31T20:07:47Z"
+    mac: ENC[AES256_GCM,data:CAsjKoPBNphDr8GWL0uc9QjfWdjPU6G6HDbQrvRjv9LMIyMpZaWusE3P10iVrXd/8//FzB7fx2jshRWHQ3u8WHPs8eipuq3jSpJJHPLM5zBjvc+QojuGLucTzBLEM7x7y9VksS1CQlURVTRYgaTNRShgTa2I+NPTFYpGRcT9yxE=,iv:gHu91dHTEk/Z1YhxxfGLRJPYn3C+o6WkOkCw3DVigYI=,tag:yxxgx6gkiDB6Bz6+DF9alg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/system/apps/user/grafana.yaml
+++ b/system/apps/user/grafana.yaml
@ -0,0 +1,51 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grafana
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: apps
+  sources:
+    - chart: grafana
+      repoURL: https://grafana.github.io/helm-charts
+      targetRevision: 6.52.4
+      helm:
+        values: |
+          env:
+            GF_AUTH_ANONYMOUS_ENABLED: true
+            GF_SERVER_DOMAIN: graphs.tbrnt.ch
+            GF_SERVER_ROOT_URL: https://graphs.tbrnt.ch
+
+          ingress:
+            enabled: true
+            hosts:
+              - graphs.tbrnt.ch
+            tls:
+              - hosts:
+                - graphs.tbrnt.ch
+                secretName: graphs-tbrnt-ch-cert
+            annotations:
+              cert-manager.io/cluster-issuer: letsencrypt-prod
+              traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+
+          persistence:
+            enabled: true
+            size: 1Gi
+            storageClassName: local-path
+
+          rbac:
+            namespaced: true
+
+          admin:
+            existingSecret: admin-creds
+    - path: apps/grafana
+      repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
+      targetRevision: HEAD
+  destination:
+    namespace: grafana
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true