From e13ef4bb6079ec9d4648702dd7c9a6e854a01929 Mon Sep 17 00:00:00 2001 From: Tony Du Date: Mon, 10 Feb 2025 12:42:23 -0800 Subject: [PATCH] chore: Update grafana to be persistent --- .../01/kube-prometheus-stack/release.yaml | 29 +++++++------------ k8s/infrastructure/02/traefik/release.yaml | 3 ++ k8s/pre-infrastructure/dns-config-map.yaml | 25 ---------------- .../universal-auth-credentials.yaml.example | 13 +++++++++ 4 files changed, 26 insertions(+), 44 deletions(-) delete mode 100644 k8s/pre-infrastructure/dns-config-map.yaml create mode 100644 k8s/pre-infrastructure/universal-auth-credentials.yaml.example diff --git a/k8s/infrastructure/01/kube-prometheus-stack/release.yaml b/k8s/infrastructure/01/kube-prometheus-stack/release.yaml index 3908827..ad26def 100644 --- a/k8s/infrastructure/01/kube-prometheus-stack/release.yaml +++ b/k8s/infrastructure/01/kube-prometheus-stack/release.yaml @@ -20,25 +20,7 @@ spec: grafana: adminPassword: admin defaultDashboardsTimezone: browser - # This kind of sucks, but this is a forward declaration of the issuer and - # ingress class. The problem is that we want Traefik and other services - # to be able to use Prometheus operators, but they require CRDs installed - # within this chart. - # - # By sequencing Prometheus to be installed first, these labels just won't - # be recognized by the ingress and cluster issuer until they're installed - # later -- undesirable, but acceptable -- as opposed to flatly failing - # from missing CRDs by installing Traefik first. - # - # Really, the ideal solution is probably to install all CRDs first, but - # I'm not sure how to do that in a way that guarantees compatibility - # with the CRDs that might be installed in Helm charts later. We can skip - # installing CRDs from the Helm chart, but if the CRDs get updated, we - # need to manually update the CRDs in our repository. - # - # Alternatively, we could declare an Ingress/IngressRoute after Traefik - # is installed, but it wouldn't solve the root problem around dependent - # CRDs + # TODO: Create CRDS first and then apply everything at one step ingress: enabled: true annotations: @@ -46,6 +28,15 @@ spec: kubernetes.io/ingress.class: traefik hosts: - gf.dolo.mnke.org + persistence: + enabled: true + type : sts + storageClassName: longhorn + accessModes: + - ReadWriteOnce + size: 4Gi + finalizers: + - kubernetes.io/pvc-protection prometheus: prometheusSpec: storageSpec: diff --git a/k8s/infrastructure/02/traefik/release.yaml b/k8s/infrastructure/02/traefik/release.yaml index 02b47c6..787246b 100644 --- a/k8s/infrastructure/02/traefik/release.yaml +++ b/k8s/infrastructure/02/traefik/release.yaml @@ -31,6 +31,9 @@ spec: access: enabled: true format: json + defaultMode: keep + headers: + defaultMode: keep deployment: enabled: true diff --git a/k8s/pre-infrastructure/dns-config-map.yaml b/k8s/pre-infrastructure/dns-config-map.yaml deleted file mode 100644 index 0eb8c7b..0000000 --- a/k8s/pre-infrastructure/dns-config-map.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# --- -# apiVersion: v1 -# kind: ConfigMap -# metadata: - # name: coredns - # namespace: kube-system - # annotations: - # fluxcd.io/ignore: "true" -# data: - # Corefile: | - # .:53 { - # errors - # health - # ready - # kubernetes cluster.local in-addr.arpa ip6.arpa { - # pods insecure - # fallthrough in-addr.arpa ip6.arpa - # } - # forward . 10.0.123.123 - # cache 30 - # loop - # reload - # loadbalance - # } - diff --git a/k8s/pre-infrastructure/universal-auth-credentials.yaml.example b/k8s/pre-infrastructure/universal-auth-credentials.yaml.example new file mode 100644 index 0000000..d27b23a --- /dev/null +++ b/k8s/pre-infrastructure/universal-auth-credentials.yaml.example @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: universal-auth-credentials + namespace: external-secrets + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled +type: Opaque + +stringData: + clientId: clientId + clientSecret: clientSecret