apiVersion: v1 kind: Namespace metadata: name: logging --- apiVersion: v1 kind: Secret metadata: name: grafana-credentials namespace: logging annotations: kube-1password: wpynfxkdipeeacyfxkvtdsuj54 kube-1password/vault: Kubernetes type: Opaque --- apiVersion: v1 kind: Secret metadata: name: loki-values namespace: logging annotations: kube-1password: 6u6ebtofcxbr5r4q7k5wkc5zea kube-1password/vault: Kubernetes kube-1password/secret-text-key: values.yaml type: Opaque --- apiVersion: helm.fluxcd.io/v1 kind: HelmRelease metadata: name: loki namespace: logging spec: chart: repository: https://grafana.github.io/loki/charts name: loki-stack version: 2.0.2 maxHistory: 4 skipCRDs: false valuesFrom: - secretKeyRef: name: loki-values namespace: logging key: values.yaml optional: false values: fluent-bit: enabled: "true" promtail: enabled: "true" --- apiVersion: helm.fluxcd.io/v1 kind: HelmRelease metadata: name: grafana namespace: logging spec: chart: repository: https://grafana.github.io/helm-charts name: grafana version: 6.1.3 maxHistory: 4 skipCRDs: false values: admin: existingSecret: "grafana-credentials" userKey: username passwordKey: password datasources: datasources.yaml: apiVersion: 1 datasources: - name: Loki type: loki url: http://logging-loki.logging:3100 access: proxy jsonData: maxLines: 1000 --- apiVersion: v1 kind: Secret metadata: name: grafana-auth namespace: logging annotations: kube-1password: mr6spkkx7n3memkbute6ojaarm kube-1password/vault: Kubernetes type: Opaque --- apiVersion: apps/v1 kind: Deployment metadata: name: grafana-auth namespace: logging labels: app: grafana-auth spec: replicas: 1 selector: matchLabels: app: grafana-auth template: metadata: labels: app: grafana-auth spec: containers: - args: - --cookie-secure=false - --provider=oidc - --provider-display-name=Auth0 - --upstream=http://logging-grafana.logging.svc.cluster.local - --http-address=$(HOST_IP):8080 - --redirect-url=https://grafana.cluster.fun/oauth2/callback - --email-domain=marcusnoble.co.uk - --pass-basic-auth=false - --pass-access-token=false - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN env: - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: username name: grafana-auth - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: password name: grafana-auth image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 name: oauth-proxy ports: - containerPort: 8080 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: grafana-auth namespace: logging labels: app: grafana-auth spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: app: grafana-auth type: ClusterIP --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana-auth namespace: logging labels: app: grafana-auth annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/frontend-entry-points: http,https traefik.ingress.kubernetes.io/redirect-entry-point: https traefik.ingress.kubernetes.io/redirect-permanent: "true" spec: tls: - hosts: - grafana.cluster.fun secretName: grafana-ingress rules: - host: grafana.cluster.fun http: paths: - path: / backend: serviceName: grafana-auth servicePort: 80