cleaner monitoring

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "infrastructure/external-dns/octodns"]
 	path = infrastructure/external-dns/octodns
 	url = ssh://git@git.kluster.moll.re:2222/remoll/dns.git
+[submodule "apps/monitoring/dashboards"]
+	path = apps/monitoring/dashboards
+	url = ssh://git@git.kluster.moll.re:2222/remoll/grafana-dashboards.git

apps/monitoring/dashboards

@@ -0,0 +1 @@
+Subproject commit b1217c1e03766607ef365791db7d616b1337bad2

apps/monitoring/grafana-admin.sealedsecret.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: grafana-admin-secret
+  namespace: monitoring
+spec:
+  encryptedData:
+    password: AgBe8isrCWd5MuaQq5CpA+P3fDizCCDo23BVauaBJLuMRIYbVwpfahaJW7Ocj3LTXwdeVVPBrOk2D6vESUXu6I0EWc3y/NFN4ZezScxMcjmeaAb+z1zWwdH0FynTPJYOxv1fis1FDTkXDmGy3FXo5NDK9ET899TtulKFkh7UqSxdrRWbD3pegJgqKGPIqDCTAxZN/ssiccfWGS4lHqQBJkXn8DeampcKwjOCvgaBdilF03GoSfpgsqa2Iw2SfTDEobWBWVMMK/RB3/Oi/YJkGwMW3ECUxvTDam8gb0RFA1xjWXoYTLVVP5fK7q7x63ns51HebloxAP1GBrt138N/iDrfbGfjNP8Lx0NFl5y5bTgYN/z8DVTOFf90xxWe+YYERdwllg0Ci1JLNbA+NszXTD4L/HC7a8XuBfjRzxMTeymNjR76jzfPkH6v1EvesOduTfSrahPgS0qS+eGOier1rHxj3EBRhOScY1ut5Bq4oJMNId9nMVbVa6xyq2HyxuJHXV+j6h5FGHmEXn9gIR7wGp8RhtPhKgVGLrHcbHZ5Th2E7eomz1T2NK/ezNP8ZhcwOj/lyGywlW0vhU798zpWhMf57k2OPeuMlfs8Y8y74epBdyBjsrMR4EDctF8RZR3vraxENiMJ6kk1gqKj04ir6HwL7blqwiybIFFnJrp2j7MzgjS4SQ687qMX5Zf5XT03aEE+9W9Epy73tT7zVQKdENCQlcm5
+    user: AgAdiOivMn0d+nYjYycMZz9QSiS/9QqwHPJQMHkE7/IOou+CJtBknlETNtdv84KZgBQTucufYqu3LR3djOBpdnQsYbIXDxPFgRZQ11pwu/sO2EGifDk218yyzzfZMvx1FL7JL4LI1rKoiHycZowCwsAjEtlICVOOYv1/Plki+6MHXiAGG4r/yUhugGx3VLLX+Poq8oaTeHndgSsFXJege8SfgYR4TsC7pQgsM1UQEFncGIhJYTD2ashmUxFJ+7CJjHqPR0lFRrZXmFvPwTYTCMT+tnSHnCFWtTht8cEi1NxA4kD/eKEX0rOol15EUZnFUws2WqWI634TbyGwZ7km/Yw4XoDxiQR4ar6ulkqb/djcc3cWDYE7PF1m1c+r3iog85S5CSfZ5EvdCHHrbPN9uO2gmoRQWiR5qI70YMxBSnkeLZWN05O1vUuopdXFDTafY7YskxLEdIGHGqFUpUrJZOvBB0zNBdHGgYxFzb5pNmMCC5LPlOuoKjV4yskh9Tgovz06aAvsPxn2WWx6NOJambeziKB5OmSKvPsFofViyGBekVAWSWtt9yJe6lu5OKpBEiA6xhGhQ4ZryTXu9wvVALuPSIwBFITv85sIxjJb80qhJ51wb12QgzLLcPby0HSanyBI1M4jfsXWpK8gIAbDNO+eD7z3PhD9Y/5hPqYKXZ37Geyq23xiyxG8XDj6cL+Ie6k8XipayI4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: grafana-admin-secret
+      namespace: monitoring
+    type: Opaque

apps/monitoring/grafana.values.yaml

@@ -1,4 +1,3 @@
-
 replicas: 1
 
 ## Create a headless service for the deployment
@@ -10,13 +9,6 @@ headlessService: false
 ##
 service:
   enabled: true
-  type: ClusterIP
-  port: 80
-  targetPort: 3000
-    # targetPort: 4181 To be used with a proxy extraContainer
-  annotations: {}
-  labels: {}
-  portName: service
 
 serviceMonitor:
   ## If true, a ServiceMonitor CRD is created for a prometheus operator
@@ -24,42 +16,38 @@ serviceMonitor:
   ##
   enabled: false
 
-
 ingress:
   enabled: false
-persistence:
-  type: pvc
-  enabled: true
-  # storageClassName: default
-  accessModes:
-    - ReadWriteOnce
-  size: 10Gi
-  # annotations: {}
-  finalizers:
-    - kubernetes.io/pvc-protection
-  # selectorLabels: {}
-  ## Sub-directory of the PV to mount. Can be templated.
-  # subPath: ""
-  ## Name of an existing PVC. Can be templated.
-  existingClaim: grafana-nfs
 
-  ## If persistence is not enabled, this allows to mount the
-  ## local storage in-memory to improve performance
-  ##
-  inMemory:
-    enabled: false
-    ## The maximum usage on memory medium EmptyDir would be
-    ## the minimum value between the SizeLimit specified
-    ## here and the sum of memory limits of all containers in a pod
-    ##
-    # sizeLimit: 300Mi
+# credentials
+admin:
+  existingSecret: grafana-admin-secret
+  userKey: user
+  passwordKey: password
 
-initChownData:
-  ## If false, data ownership will not be reset at startup
-  ## This allows the prometheus-server to be run with an arbitrary user
-  ##
-  enabled: true
+datasources:
+  datasources.yaml:
+    apiVersion: 1
+    datasources:
+      - name: Thanos
+        type: prometheus
+        url: http://thanos-querier.prometheus.svc:9090
+        isDefault: true
 
-# Administrator credentials when not using an existing secret (see below)
-adminUser: admin
-# adminPassword: strongpassword
+dashboardProviders:
+  dashboardproviders.yaml:
+    
+## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
+## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
+## ConfigMap data example:
+##
+## data:
+##   example-dashboard.json: |
+##     RAW_JSON
+##
+dashboardsConfigMaps:
+  home-metrics: dashboard-home-metrics
+  proxmox: dashboard-proxmox
+  gitea: dashboard-gitea
+
+#  default: ""

apps/monitoring/kustomization.yaml

@@ -6,25 +6,27 @@ namespace: monitoring
 resources: 
   - namespace.yaml
   - grafana.pvc.yaml
-  - influxdb.pvc.yaml
+  # - influxdb.pvc.yaml
   - grafana.ingress.yaml
+  - dashboards
+  - grafana-admin.secret.yaml
 
 
 helmCharts:
   - releaseName: grafana
     name: grafana
     repo: https://grafana.github.io/helm-charts
-    version: 7.3.0
+    version: 7.3.7
     valuesFile: grafana.values.yaml
 
-  - releaseName: influxdb
-    name: influxdb2
-    repo: https://helm.influxdata.com/
-    version: 2.1.2
-    valuesFile: influxdb.values.yaml
+  # - releaseName: influxdb
+  #   name: influxdb2
+  #   repo: https://helm.influxdata.com/
+  #   version: 2.1.2
+  #   valuesFile: influxdb.values.yaml
 
-  - releaseName: telegraf-speedtest
-    name: telegraf
-    repo: https://helm.influxdata.com/
-    version: 1.8.39
-    valuesFile: telegraf-speedtest.values.yaml
+  # - releaseName: telegraf-speedtest
+  #   name: telegraf
+  #   repo: https://helm.influxdata.com/
+  #   version: 1.8.39
+  #   valuesFile: telegraf-speedtest.values.yaml

infrastructure/prometheus/kustomization.yaml

@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: monitoring
+namespace: prometheus
 
 resources: 
   - namespace.yaml
@@ -13,6 +13,7 @@ resources:
   - thanos-store.statefulset.yaml
   - thanos-query.deployment.yaml
 
+
 images:
   - name: thanos
     newName: quay.io/thanos/thanos