grafana and prometheus with certs and domains

apps/grafana/deployment.yaml

@@ -13,7 +13,7 @@ spec:
         app: grafana
     spec:
       nodeSelector:
-        kubernetes.io/hostname: raspberrypi
+        role: sebastianscode
       securityContext:
         fsGroup: 472
         supplementalGroups:
@@ -25,6 +25,9 @@ spec:
             - containerPort: 3000
               name: http-grafana
               protocol: TCP
+          env:
+            - name: GF_SERVER_ROOT_URL
+              value: "https://grafana.sebastians-co.de/"
           readinessProbe:
             httpGet:
               path: /robots.txt
@@ -51,18 +54,3 @@ spec:
           persistentVolumeClaim:
             claimName: grafana-data-pvc
 
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: grafana
-spec:
-  type: NodePort
-  selector:
-    app: grafana
-  ports:
-    - name: http
-      port: 3000
-      targetPort: 3000
-      nodePort: 30450

apps/grafana/ingress.yaml

@@ -0,0 +1,36 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: default
+  annotations:
+    # 1. Enable cert-manager for automatic TLS
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    
+    # 2. NGINX Annotation for the specific ingress class
+    kubernetes.io/ingress.class: "nginx"
+
+    # 3. Optional: Ensures large requests/responses for dashboard data work smoothly
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+
+spec:
+  ingressClassName: nginx 
+  
+  # TLS configuration
+  tls:
+    - hosts:
+        - grafana.sebastians-co.de
+      secretName: grafana-tls # cert-manager will create and manage this secret
+  
+  # Routing rules
+  rules:
+    - host: grafana.sebastians-co.de
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: grafana # Name of the Service above
+                port:
+                  number: 80 # The port the Service exposes (targetPort 3000)

apps/grafana/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+  namespace: default
+spec:
+  type: ClusterIP
+  selector:
+    app: grafana
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3000
+      protocol: TCP

apps/prometheus/ingress.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prometheus
+  namespace: default
+  annotations:
+    # 1. Enable cert-manager for automatic TLS
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    
+    # 2. NGINX Annotation for the specific ingress class
+    kubernetes.io/ingress.class: "nginx"
+
+    # 3. Optional: Recommended annotation for Prometheus to handle large query responses
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+
+spec:
+  ingressClassName: nginx 
+  
+  tls:
+    - hosts:
+        - prometheus.ziffeldogip.de
+      secretName: prometheus-tls # cert-manager will create this secret
+  
+  rules:
+    - host: prometheus.ziffeldogip.de
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: prometheus # Name of the ClusterIP Service
+                port:
+                  number: 80 # The port the Service exposes

apps/prometheus/prometheus.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       serviceAccountName: prometheus
       nodeSelector:
-        kubernetes.io/hostname: raspberrypi
+        role: ziffeldogip
       containers:
         - name: prometheus
           image: prom/prometheus:v2.52.0
@@ -44,23 +44,3 @@ spec:
         - name: prometheus-data
           persistentVolumeClaim:
             claimName: prometheus-data-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: prometheus
-spec:
-  type: NodePort
-  selector:
-    app: prometheus
-  ports:
-    - name: http
-      port: 9090
-      targetPort: 9090
-      nodePort: 30390
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: prometheus
-  namespace: default

apps/prometheus/pvc.yaml

@@ -1,11 +1,11 @@
+# prometheus-pvc.yaml
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: prometheus-data-pvc
+  name: prometheus-data-pvc # Matches the name in your deployment
 spec:
-  storageClassName: local-path
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteOnce # Standard for Prometheus (single replica)
   resources:
     requests:
-      storage: 20Gi
+      storage: 20Gi # Adjust size as needed

apps/prometheus/service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: default

apps/prometheus/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prometheus
+  namespace: default
+spec:
+  type: ClusterIP
+  selector:
+    app: prometheus
+  ports:
+    - name: web
+      port: 80
+      targetPort: 9090
+      protocol: TCP

auth/authentik-values.yaml

@@ -1,28 +0,0 @@
-authentik:
-    secret_key: "H+qJQtvRr0cUt4DzBwBwI3ly72k+kbVY2Cbcx5bvjdwrQnLWBn4mYVIM6yOzdESeOnljBg7WWnURc+aS"
-    # This sends anonymous usage-data, stack traces on errors and
-    # performance data to sentry.io, and is fully opt-in
-    error_reporting:
-        enabled: true
-    postgresql:
-        password: "0heBI//UOjHrlR3V9kBwWg7q+yncD1ZidrZk5SMaWSeJoatqfuzzBGBm516STrpA4OAEUpLJ1do0nkAc"
-
-server:
-    ingress:
-        # Specify kubernetes ingress controller class name
-        ingressClassName: nginx
-        enabled: true
-        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-prod"
-          kubernetes.io/ingress.class: "nginx"
-        hosts:
-            - login.ziffeldogip.de
-        tls:
-          - secretName: authentik-tls-cert # Cert-manager will create this secret
-            hosts:
-              - login.ziffeldogip.de
-
-postgresql:
-    enabled: true
-    auth:
-        password: "0heBI//UOjHrlR3V9kBwWg7q+yncD1ZidrZk5SMaWSeJoatqfuzzBGBm516STrpA4OAEUpLJ1do0nkAc"