chore: Update grafana to be persistent

2025-02-10 12:42:23 -08:00 · 2025-02-10 12:42:23 -08:00 · e13ef4bb60
commit e13ef4bb60
parent 82720d06b0
4 changed files with 26 additions and 44 deletions
--- a/k8s/infrastructure/01/kube-prometheus-stack/release.yaml
+++ b/k8s/infrastructure/01/kube-prometheus-stack/release.yaml
@ -20,25 +20,7 @@ spec:
    grafana:
      adminPassword: admin
      defaultDashboardsTimezone: browser
-      # This kind of sucks, but this is a forward declaration of the issuer and
-      # ingress class. The problem is that we want Traefik and other services
-      # to be able to use Prometheus operators, but they require CRDs installed
-      # within this chart.
-      #
-      # By sequencing Prometheus to be installed first, these labels just won't
-      # be recognized by the ingress and cluster issuer until they're installed
-      # later -- undesirable, but acceptable -- as opposed to flatly failing
-      # from missing CRDs by installing Traefik first.
-      #
-      # Really, the ideal solution is probably to install all CRDs first, but
-      # I'm not sure how to do that in a way that guarantees compatibility
-      # with the CRDs that might be installed in Helm charts later. We can skip
-      # installing CRDs from the Helm chart, but if the CRDs get updated, we
-      # need to manually update the CRDs in our repository.
-      #
-      # Alternatively, we could declare an Ingress/IngressRoute after Traefik
-      # is installed, but it wouldn't solve the root problem around dependent
-      # CRDs
+      # TODO: Create CRDS first and then apply everything at one step
      ingress:
        enabled: true
        annotations:
@ -46,6 +28,15 @@ spec:
          kubernetes.io/ingress.class: traefik
        hosts:
          - gf.dolo.mnke.org
+      persistence:
+        enabled: true
+        type : sts
+        storageClassName: longhorn
+        accessModes:
+          - ReadWriteOnce
+        size: 4Gi
+        finalizers:
+          - kubernetes.io/pvc-protection
    prometheus:
      prometheusSpec:
        storageSpec:
--- a/k8s/infrastructure/02/traefik/release.yaml
+++ b/k8s/infrastructure/02/traefik/release.yaml
@ -31,6 +31,9 @@ spec:
      access:
        enabled: true
        format: json
+        defaultMode: keep
+        headers:
+          defaultMode: keep

    deployment:
      enabled: true
--- a/k8s/pre-infrastructure/dns-config-map.yaml
+++ b/k8s/pre-infrastructure/dns-config-map.yaml
@ -1,25 +0,0 @@
-# ---
-# apiVersion: v1
-# kind: ConfigMap
-# metadata:
-  # name: coredns
-  # namespace: kube-system
-  # annotations:
-    # fluxcd.io/ignore: "true"
-# data:
-  # Corefile: |
-    # .:53 {
-        # errors
-        # health
-        # ready
-        # kubernetes cluster.local in-addr.arpa ip6.arpa {
-            # pods insecure
-            # fallthrough in-addr.arpa ip6.arpa
-        # }
-        # forward . 10.0.123.123
-        # cache 30
-        # loop
-        # reload
-        # loadbalance
-    # }
-
--- a/k8s/pre-infrastructure/universal-auth-credentials.yaml.example
+++ b/k8s/pre-infrastructure/universal-auth-credentials.yaml.example
@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: universal-auth-credentials
+  namespace: external-secrets
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+type: Opaque
+
+stringData:
+  clientId: clientId
+  clientSecret: clientSecret