diff --git a/manifests/loki_chart.yaml b/manifests/loki_chart.yaml index 3a8cf21..a2d6364 100644 --- a/manifests/loki_chart.yaml +++ b/manifests/loki_chart.yaml @@ -35,33 +35,139 @@ spec: enabled: "true" size: 10Gi -# --- -# apiVersion: helm.fluxcd.io/v1 -# kind: HelmRelease -# metadata: -# name: grafana -# namespace: logging -# spec: -# chart: -# repository: https://kubernetes-charts.storage.googleapis.com -# name: grafana -# version: 5.0.22 -# maxHistory: 4 -# skipCRDs: false -# values: -# admin: -# existingSecret: "grafana-credentials" -# userKey: username -# passwordKey: password -# persistence: -# enabled: "false" -# datasources: -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Loki -# type: loki -# url: http://logging-loki.logging:3100 -# access: proxy -# jsonData: -# maxLines: 1000 +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + name: grafana + namespace: logging +spec: + chart: + repository: https://kubernetes-charts.storage.googleapis.com + name: grafana + version: 5.0.22 + maxHistory: 4 + skipCRDs: false + values: + admin: + existingSecret: "grafana-credentials" + userKey: username + passwordKey: password + persistence: + enabled: "false" + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Loki + type: loki + url: http://logging-loki.logging:3100 + access: proxy + jsonData: + maxLines: 1000 + +--- +apiVersion: v1 +kind: Secret +metadata: + name: grafana-auth + namespace: logging + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana-auth + namespace: logging + labels: + app: grafana-auth +spec: + replicas: 1 + selector: + matchLabels: + app: grafana-auth + template: + metadata: + labels: + app: grafana-auth + spec: + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://logging-grafana.logging.svc.cluster.local + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://grafana.cluster.fun/oauth2/callback + - --email-domain=marcusnoble.co.uk + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: grafana-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: grafana-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana-auth + namespace: logging + labels: + app: grafana-auth +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: grafana-auth + type: ClusterIP +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: grafana-auth + namespace: logging + labels: + app: grafana-auth + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + tls: + - hosts: + - grafana.cluster.fun + secretName: grafana-ingress + rules: + - host: grafana.cluster.fun + http: + paths: + - path: / + backend: + serviceName: grafana-auth + servicePort: 80