diff --git a/k8s/monitoring/alertmanagerconfig.secret.yaml b/k8s/monitoring/alertmanagerconfig.secret.yaml new file mode 100644 index 0000000..fe2f25d Binary files /dev/null and b/k8s/monitoring/alertmanagerconfig.secret.yaml differ diff --git a/k8s/monitoring/prometheus-operator.secret.yml b/k8s/monitoring/prometheus-operator.secret.yml index c173d13..cbfaf04 100644 --- a/k8s/monitoring/prometheus-operator.secret.yml +++ b/k8s/monitoring/prometheus-operator.secret.yml @@ -3,6 +3,29 @@ prometheus: prometheusSpec: shards: null + # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L2681 + additionalScrapeConfigs: + - job_name: muc-kitchen + scrape_interval: 1m + basic_auth: + username: ahfahfoozuVeezoong6c + password: aeThoom4deiNgeici0Th + static_configs: + - targets: [ 'dyndns-muc.moritzgraf.de:60200'] + - job_name: muc-living + scrape_interval: 1m + basic_auth: + username: Gul3zooSa5Waphophuag + password: eeLie9Mai9ahfi5ahy2i + static_configs: + - targets: [ 'dyndns-muc.moritzgraf.de:60201'] + - job_name: rgbg-living + scrape_interval: 1m + basic_auth: + username: oot6ainge9aef6iaf4Cu + password: oonohNaej6soh7TooPha + static_configs: + - targets: [ 'dyndns.moritzgraf.de:60200'] ingress: enabled: true hosts: @@ -15,6 +38,10 @@ prometheus: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" + # see https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: prometheus-auth + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - jamaan' # prometheusSpec: # scrapeInterval: "300s" logLevel: debug @@ -29,8 +56,31 @@ prometheus: requests: storage: 50Gi selector: {} + extraSecret: + name: "prometheus-auth" + annotations: {} + # moritz Vaej6Quiequ4vo0jaeRa + data: + auth: | + moritz:$2y$05$ZzkskylHGf.2FNy5EhJIWeXrz/oRCe8IXfxLCpp1uIzqoARPWCRLm alertmanager: - enabled: false + enabled: true + ingress: + enabled: true + hosts: + - alertmanager.haumdaucher.de + tls: + - hosts: + - "alertmanager.haumdaucher.de" + secretName: alertmanager-haumdaucher-de + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + # see https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: prometheus-auth + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - jamaan' grafana: persistence: enabled: true diff --git a/k8s/monitoring/servicemonitor.secret.yml b/k8s/monitoring/servicemonitor.secret.yml new file mode 100644 index 0000000..0dfb763 --- /dev/null +++ b/k8s/monitoring/servicemonitor.secret.yml @@ -0,0 +1,56 @@ +# --- +# kind: "Service" +# apiVersion: "v1" +# metadata: +# namespace: monitoring +# name: muc-kitchen +# labels: +# app: muc-kitchen +# spec: +# type: ExternalName +# externalName: dyndns-muc.moritzgraf.de +# selector: +# app: muc-kitchen + +# --- +# apiVersion: v1 +# kind: Endpoints +# metadata: +# name: muc-kitchen +# namespace: monitoring +# labels: +# app: muc-kitchen +# subsets: +# - addresses: +# - ip: 1.2.3.4 +# - ip: 1.2.3.5 +# ports: +# - port: 30200 +# protocol: TCP +# --- +# apiVersion: monitoring.coreos.com/v1 +# kind: ServiceMonitor +# metadata: +# name: muc-kitchen +# namespace: monitoring +# spec: +# endpoints: +# - path: /metrics +# interval: 15s +# targetPort: 30200 +# scheme: http +# relabelings: +# - sourceLabels: [__address__] +# targetLabel: __address__ +# regex: (.*) +# replacement: "dyndns-muc.moritzgraf.de:30200" +# action: replace +# jobLabel: muc-kitchen +# namespaceSelector: +# matchNames: +# - monitoring +# selector: +# matchExpressions: +# - key: app +# operator: In +# values: ["muc-kitchen"] \ No newline at end of file