From 98497edd2dedcdf7259a315aa81057333ffe7708 Mon Sep 17 00:00:00 2001 From: falsfour Date: Sun, 14 Dec 2025 21:02:03 +0100 Subject: [PATCH] grafana and prometheus with certs and domains --- .../grafana/{grafana.yaml => deployment.yaml} | 20 +++-------- apps/grafana/ingress.yaml | 36 +++++++++++++++++++ apps/grafana/service.yaml | 14 ++++++++ apps/prometheus/ingress.yaml | 34 ++++++++++++++++++ apps/prometheus/prometheus.yaml | 22 +----------- apps/prometheus/pvc.yaml | 8 ++--- apps/prometheus/service-account.yaml | 5 +++ apps/prometheus/service.yaml | 14 ++++++++ auth/authentik-values.yaml | 28 --------------- 9 files changed, 112 insertions(+), 69 deletions(-) rename apps/grafana/{grafana.yaml => deployment.yaml} (83%) create mode 100644 apps/grafana/ingress.yaml create mode 100644 apps/grafana/service.yaml create mode 100644 apps/prometheus/ingress.yaml create mode 100644 apps/prometheus/service-account.yaml create mode 100644 apps/prometheus/service.yaml delete mode 100644 auth/authentik-values.yaml diff --git a/apps/grafana/grafana.yaml b/apps/grafana/deployment.yaml similarity index 83% rename from apps/grafana/grafana.yaml rename to apps/grafana/deployment.yaml index b033ceb..4744cb7 100644 --- a/apps/grafana/grafana.yaml +++ b/apps/grafana/deployment.yaml @@ -13,7 +13,7 @@ spec: app: grafana spec: nodeSelector: - kubernetes.io/hostname: raspberrypi + role: sebastianscode securityContext: fsGroup: 472 supplementalGroups: @@ -25,6 +25,9 @@ spec: - containerPort: 3000 name: http-grafana protocol: TCP + env: + - name: GF_SERVER_ROOT_URL + value: "https://grafana.sebastians-co.de/" readinessProbe: httpGet: path: /robots.txt @@ -51,18 +54,3 @@ spec: persistentVolumeClaim: claimName: grafana-data-pvc - ---- -apiVersion: v1 -kind: Service -metadata: - name: grafana -spec: - type: NodePort - selector: - app: grafana - ports: - - name: http - port: 3000 - targetPort: 3000 - nodePort: 30450 diff --git a/apps/grafana/ingress.yaml b/apps/grafana/ingress.yaml new file mode 100644 index 0000000..43527c2 --- /dev/null +++ b/apps/grafana/ingress.yaml @@ -0,0 +1,36 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana + namespace: default + annotations: + # 1. Enable cert-manager for automatic TLS + cert-manager.io/cluster-issuer: "letsencrypt-prod" + + # 2. NGINX Annotation for the specific ingress class + kubernetes.io/ingress.class: "nginx" + + # 3. Optional: Ensures large requests/responses for dashboard data work smoothly + nginx.ingress.kubernetes.io/proxy-body-size: "50m" + +spec: + ingressClassName: nginx + + # TLS configuration + tls: + - hosts: + - grafana.sebastians-co.de + secretName: grafana-tls # cert-manager will create and manage this secret + + # Routing rules + rules: + - host: grafana.sebastians-co.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana # Name of the Service above + port: + number: 80 # The port the Service exposes (targetPort 3000) diff --git a/apps/grafana/service.yaml b/apps/grafana/service.yaml new file mode 100644 index 0000000..daa5aaa --- /dev/null +++ b/apps/grafana/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: grafana + namespace: default +spec: + type: ClusterIP + selector: + app: grafana + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP diff --git a/apps/prometheus/ingress.yaml b/apps/prometheus/ingress.yaml new file mode 100644 index 0000000..898b691 --- /dev/null +++ b/apps/prometheus/ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prometheus + namespace: default + annotations: + # 1. Enable cert-manager for automatic TLS + cert-manager.io/cluster-issuer: "letsencrypt-prod" + + # 2. NGINX Annotation for the specific ingress class + kubernetes.io/ingress.class: "nginx" + + # 3. Optional: Recommended annotation for Prometheus to handle large query responses + nginx.ingress.kubernetes.io/proxy-body-size: "50m" + +spec: + ingressClassName: nginx + + tls: + - hosts: + - prometheus.ziffeldogip.de + secretName: prometheus-tls # cert-manager will create this secret + + rules: + - host: prometheus.ziffeldogip.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prometheus # Name of the ClusterIP Service + port: + number: 80 # The port the Service exposes diff --git a/apps/prometheus/prometheus.yaml b/apps/prometheus/prometheus.yaml index 093adda..2867ab8 100644 --- a/apps/prometheus/prometheus.yaml +++ b/apps/prometheus/prometheus.yaml @@ -14,7 +14,7 @@ spec: spec: serviceAccountName: prometheus nodeSelector: - kubernetes.io/hostname: raspberrypi + role: ziffeldogip containers: - name: prometheus image: prom/prometheus:v2.52.0 @@ -44,23 +44,3 @@ spec: - name: prometheus-data persistentVolumeClaim: claimName: prometheus-data-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus -spec: - type: NodePort - selector: - app: prometheus - ports: - - name: http - port: 9090 - targetPort: 9090 - nodePort: 30390 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: prometheus - namespace: default \ No newline at end of file diff --git a/apps/prometheus/pvc.yaml b/apps/prometheus/pvc.yaml index 329ed15..96e443e 100644 --- a/apps/prometheus/pvc.yaml +++ b/apps/prometheus/pvc.yaml @@ -1,11 +1,11 @@ +# prometheus-pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: prometheus-data-pvc + name: prometheus-data-pvc # Matches the name in your deployment spec: - storageClassName: local-path accessModes: - - ReadWriteOnce + - ReadWriteOnce # Standard for Prometheus (single replica) resources: requests: - storage: 20Gi \ No newline at end of file + storage: 20Gi # Adjust size as needed diff --git a/apps/prometheus/service-account.yaml b/apps/prometheus/service-account.yaml new file mode 100644 index 0000000..6cdb379 --- /dev/null +++ b/apps/prometheus/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus + namespace: default diff --git a/apps/prometheus/service.yaml b/apps/prometheus/service.yaml new file mode 100644 index 0000000..bf1b39a --- /dev/null +++ b/apps/prometheus/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: prometheus + namespace: default +spec: + type: ClusterIP + selector: + app: prometheus + ports: + - name: web + port: 80 + targetPort: 9090 + protocol: TCP diff --git a/auth/authentik-values.yaml b/auth/authentik-values.yaml deleted file mode 100644 index 1054a32..0000000 --- a/auth/authentik-values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -authentik: - secret_key: "H+qJQtvRr0cUt4DzBwBwI3ly72k+kbVY2Cbcx5bvjdwrQnLWBn4mYVIM6yOzdESeOnljBg7WWnURc+aS" - # This sends anonymous usage-data, stack traces on errors and - # performance data to sentry.io, and is fully opt-in - error_reporting: - enabled: true - postgresql: - password: "0heBI//UOjHrlR3V9kBwWg7q+yncD1ZidrZk5SMaWSeJoatqfuzzBGBm516STrpA4OAEUpLJ1do0nkAc" - -server: - ingress: - # Specify kubernetes ingress controller class name - ingressClassName: nginx - enabled: true - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "nginx" - hosts: - - login.ziffeldogip.de - tls: - - secretName: authentik-tls-cert # Cert-manager will create this secret - hosts: - - login.ziffeldogip.de - -postgresql: - enabled: true - auth: - password: "0heBI//UOjHrlR3V9kBwWg7q+yncD1ZidrZk5SMaWSeJoatqfuzzBGBm516STrpA4OAEUpLJ1do0nkAc"