From 8de0427f6110c83913c98eca7b56a44d5e3ac770 Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Mon, 18 Dec 2023 12:44:34 +0100
Subject: [PATCH] auto deploy grafana and co.

---
 apps/monitoring/grafana.ingress.yaml          |   2 -
 apps/monitoring/grafana.pvc.yaml              |   7 -
 apps/monitoring/influxdb-telegraf.values.yaml | 157 ----------------
 apps/monitoring/influxdb.pvc.yaml             |   1 -
 apps/monitoring/influxdb.values.yaml          | 169 ------------------
 apps/monitoring/kustomization.yaml            |  29 +++
 apps/monitoring/namespace.yaml                |   4 +
 apps/monitoring/telegraf-adguard.values.yaml  | 167 -----------------
 .../monitoring/telegraf-speedtest.values.yaml |  58 ------
 .../monitoring/application.yaml               |  18 ++
 .../monitoring/kustomization.yaml             |   4 +
 11 files changed, 55 insertions(+), 561 deletions(-)
 delete mode 100644 apps/monitoring/influxdb-telegraf.values.yaml
 create mode 100644 apps/monitoring/kustomization.yaml
 create mode 100644 apps/monitoring/namespace.yaml
 delete mode 100644 apps/monitoring/telegraf-adguard.values.yaml
 create mode 100644 kluster-deployments/monitoring/application.yaml
 create mode 100644 kluster-deployments/monitoring/kustomization.yaml

diff --git a/apps/monitoring/grafana.ingress.yaml b/apps/monitoring/grafana.ingress.yaml
index 3c416dd..980f5ce 100644
--- a/apps/monitoring/grafana.ingress.yaml
+++ b/apps/monitoring/grafana.ingress.yaml
@@ -13,5 +13,3 @@ spec:
           port: 80
   tls:
     certResolver: default-tls
-
-
diff --git a/apps/monitoring/grafana.pvc.yaml b/apps/monitoring/grafana.pvc.yaml
index 3f7f8d5..1a06d25 100644
--- a/apps/monitoring/grafana.pvc.yaml
+++ b/apps/monitoring/grafana.pvc.yaml
@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: PersistentVolume
 metadata:
@@ -6,10 +5,8 @@ metadata:
   labels:
     directory: grafana
 spec:
-  # storageClassName: slow
   capacity:
     storage: "1Gi"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -21,7 +18,6 @@ kind: PersistentVolumeClaim
 metadata:
   name: grafana-nfs
 spec:
-  # storageClassName: slow
   accessModes:
     - ReadWriteOnce
   resources:
@@ -30,6 +26,3 @@ spec:
   selector:
     matchLabels:
       directory: grafana
-
-
-
diff --git a/apps/monitoring/influxdb-telegraf.values.yaml b/apps/monitoring/influxdb-telegraf.values.yaml
deleted file mode 100644
index 65488e0..0000000
--- a/apps/monitoring/influxdb-telegraf.values.yaml
+++ /dev/null
@@ -1,157 +0,0 @@
-## Default values.yaml for Telegraf
-## This is a YAML-formatted file.
-## ref: https://hub.docker.com/r/library/telegraf/tags/
-
-image:
-  repo: "telegraf"
-  tag: "1.22"
-  pullPolicy: IfNotPresent
-
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources:
-  requests:
-    memory: 256Mi
-    cpu: 0.1
-  limits:
-    memory: 1Gi
-    cpu: 1
-
-## Pod annotations
-podAnnotations: {}
-
-## Pod labels
-podLabels: {}
-
-## Configure args passed to Telegraf containers
-args: []
-
-## The name of a secret in the same kubernetes namespace which contains values to
-## be added to the environment (must be manually created)
-## This can be useful for auth tokens, etc.
-# envFromSecret: "telegraf-tokens"
-
-## Environment
-env:
-  # This pulls HOSTNAME from the node, not the pod.
-  - name: HOSTNAME
-    valueFrom:
-      fieldRef:
-        fieldPath: spec.nodeName
-  # In test clusters where hostnames are resolved in /etc/hosts on each node,
-  # the HOSTNAME is not resolvable from inside containers
-  # So inject the host IP as well
-  - name: HOSTIP
-    valueFrom:
-      fieldRef:
-        fieldPath: status.hostIP
-  # Mount the host filesystem and set the appropriate env variables.
-  # ref: https://github.com/influxdata/telegraf/blob/master/docs/FAQ.md
-  # HOST_PROC is required by the cpu, disk, diskio, kernel and processes input plugins
-  - name: "HOST_PROC"
-    value: "/hostfs/proc"
-  # HOST_SYS is required by the diskio plugin
-  - name: "HOST_SYS"
-    value: "/hostfs/sys"
-  - name: "HOST_MOUNT_PREFIX"
-    value: "/hostfs"
-
-## Add custom volumes and mounts
-# volumes:
-# - name: telegraf-output-influxdb2
-#   configMap:
-#     name: "telegraf-output-influxdb2"
-# mountPoints:
-# - name: telegraf-output-influxdb2
-#   mountPath: /etc/telegraf/conf.d
-#   subPath: influxdb2.conf
-
-## Tolerations for pod assignment
-## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-##
-tolerations: []
-
-## If the DaemonSet should run on the host's network namespace
-## hostNetwork: true
-
-## If using hostNetwork=true, set dnsPolicy to ClusterFirstWithHostNet
-## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#
-## dnsPolicy: ClusterFirstWithHostNet
-
-## If using dnsPolicy=None, set dnsConfig
-## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
-## dnsConfig:
-##   nameservers:
-##     - 1.2.3.4
-##   searches:
-##     - ns1.svc.cluster-domain.example
-##     - my.dns.search.suffix
-##   options:
-##     - name: ndots
-##       value: "2"
-##     - name: edns0
-
-rbac:
-  # Specifies whether RBAC resources should be created
-  create: true
-
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created
-  create: true
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  # name:
-  # Annotations for the ServiceAccount
-  annotations: {}
-
-## Specify priorityClassName
-## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-# priorityClassName: system-node-critical
-
-# Specify the pod's SecurityContext, including the OS user and group to run the pod
-podSecurityContext: {}
-
-override_config:
-  toml: ~
-  # Provide a literal TOML config
-  # toml: |+
-  #   [global_tags]
-  #     foo = "bar"
-  #   [agent]
-  #     interval = "10s"
-  #   [[inputs.mem]]
-  #   [[outputs.influxdb_v2]]
-  #     urls           = ["https://us-west-2-1.aws.cloud2.influxdata.com"]
-  #     bucket         = "data"
-  #     organization   = "OurCompany"
-  #     token          = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-
-## Exposed telegraf configuration
-## ref: https://docs.influxdata.com/telegraf/v1.13/administration/configuration/
-config:
-  # global_tags:
-  #   cluster: "mycluster"
-  agent:
-    interval: "10s"
-    round_interval: true
-    metric_batch_size: 1000
-    metric_buffer_limit: 10000
-    collection_jitter: "0s"
-    flush_interval: "10s"
-    flush_jitter: "0s"
-    precision: ""
-    debug: false
-    quiet: false
-    logfile: ""
-    hostname: "$HOSTNAME"
-    omit_hostname: false
-  outputs:
-    - influxdb_v2:
-        urls:
-          - "http://influxdb-influxdb2.monitoring:80"
-        token: N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ==
-        organization: "influxdata"
-        bucket: "kluster"
-  monitor_self: false
-  docker_endpoint: "unix:///run/k3s/containerd/containerd.sock"
-
diff --git a/apps/monitoring/influxdb.pvc.yaml b/apps/monitoring/influxdb.pvc.yaml
index cdca475..efbe44f 100644
--- a/apps/monitoring/influxdb.pvc.yaml
+++ b/apps/monitoring/influxdb.pvc.yaml
@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: PersistentVolume
 metadata:
diff --git a/apps/monitoring/influxdb.values.yaml b/apps/monitoring/influxdb.values.yaml
index 66e4515..e9bc49f 100644
--- a/apps/monitoring/influxdb.values.yaml
+++ b/apps/monitoring/influxdb.values.yaml
@@ -1,92 +1,3 @@
-image:
-  repository: influxdb
-  tag: 2.3.0-alpine
-  pullPolicy: IfNotPresent
-
-## Annotations to be added to InfluxDB pods
-##
-podAnnotations: {}
-
-## Labels to be added to InfluxDB pods
-##
-podLabels: {}
-
-nameOverride: ""
-fullnameOverride: ""
-
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-##
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-## Node labels for pod assignment
-## ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## Tolerations for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-##
-tolerations: []
-
-## Affinity for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-##
-affinity: {}
-
-securityContext: {}
-
-## Customize liveness, readiness and startup probes
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-##
-livenessProbe: {}
-  # path: "/health"
-  # scheme: "HTTP"
-  # initialDelaySeconds: 0
-  # periodSeconds: 10
-  # timeoutSeconds: 1
-  # failureThreshold: 3
-
-readinessProbe: {}
-  # path: "/health"
-  # scheme: "HTTP"
-  # initialDelaySeconds: 0
-  # periodSeconds: 10
-  # timeoutSeconds: 1
-  # successThreshold: 1
-  # failureThreshold: 3
-
-startupProbe:
-  enabled: false
-  # path: "/health"
-  # scheme: "HTTP"
-  # initialDelaySeconds: 30
-  # periodSeconds: 5
-  # timeoutSeconds: 1
-  # failureThreshold: 6
-
-## Extra environment variables to configure influxdb
-## e.g.
-# env:
-#   - name: FOO
-#     value: BAR
-#   - name: BAZ
-#     valueFrom:
-#       secretKeyRef:
-#         name: my-secret
-#         key: my-key
-env: {}
-
 ## Create default user through docker entrypoint
 ## Defaults indicated below
 ##
@@ -100,10 +11,6 @@ adminUser:
   password: ""
   token: ""
 
-  ## The password and token are obtained from an existing secret. The expected
-  ## keys are `admin-password` and `admin-token`.
-  ## If set, the password and token values above are ignored.
-  # existingSecret: influxdb-auth
 
 ## Persist data to a persistent volume
 ##
@@ -113,83 +20,7 @@ persistence:
   useExisting: true
   ## Name of existing PVC to be used in the influx deployment
   name: influxdb-nfs
-  ## influxdb data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  # storageClass: "-"
-  accessMode: ReadWriteOnce
-  size: 10Gi
-  mountPath: /var/lib/influxdb2
-  subPath: ""
 
-## Add custom volume and volumeMounts
-##
-# volumes:
-#   - name: influxdb2-templates
-#     hostPath:
-#       path: /data/influxdb2-templates
-#       type: Directory
-# mountPoints:
-#   - name: influxdb2-templates
-#     mountPath: /influxdb2-templates
-#     readOnly: true
-
-## Allow executing custom init scripts
-## If the container finds any files with the .sh extension inside of the
-## /docker-entrypoint-initdb.d folder, it will execute them.
-## When multiple scripts are present, they will be executed in lexical sort order by name.
-## For more details see Custom Initialization Scripts in https://hub.docker.com/_/influxdb
-initScripts:
-  enabled: false
-  scripts:
-    init.sh: |+
-      #!/bin/bash
-      influx apply --force yes -u https://raw.githubusercontent.com/influxdata/community-templates/master/influxdb2_operational_monitoring/influxdb2_operational_monitoring.yml
-
-## Specify a service type
-## ref: http://kubernetes.io/docs/user-guide/services/
-##
-service:
-  type: LoadBalancer
-  loadBalancerIP: 192.168.3.4
-  port: 80
-  targetPort: 8086
-  annotations: {}
-  labels: {}
-  portName: http
-
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created
-  create: true
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-  # Annotations for the ServiceAccount
-  annotations: {}
 
 ingress:
   enabled: false
-  # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
-  # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
-  # className: nginx
-  tls: false
-  # secretName: my-tls-cert # only needed if tls above is true or default certificate is not configured for Nginx
-  hostname: influxdb.foobar.com
-  annotations: {}
-    # kubernetes.io/ingress.class: "nginx"
-    # kubernetes.io/tls-acme: "true"
-  path: /
-
-## Pod disruption budget configuration
-##
-pdb:
-  ## Specifies whether a Pod disruption budget should be created
-  ##
-  create: true
-  minAvailable: 1
-  # maxUnavailable: 1
-
diff --git a/apps/monitoring/kustomization.yaml b/apps/monitoring/kustomization.yaml
new file mode 100644
index 0000000..08fc464
--- /dev/null
+++ b/apps/monitoring/kustomization.yaml
@@ -0,0 +1,29 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: monitoring
+
+resources: 
+  - namespace.yaml
+  - grafana.pvc.yaml
+  - influxdb.pvc.yaml
+  - grafana.ingress.yaml
+
+helmCharts:
+  - releaseName: grafana
+    name: grafana
+    repo: https://grafana.github.io/helm-charts
+    version: 6.56.2
+    valuesFile: grafana.values.yaml
+
+  - releaseName: influxdb
+    name: influxdb2
+    repo: https://helm.influxdata.com/
+    version: 2.1.1
+    valuesFile: influxdb.values.yaml
+
+  - releaseName: telegraf-speedtest
+    name: telegraf
+    repo: https://helm.influxdata.com/
+    version: 1.8.27
+    valuesFile: telegraf-speedtest.values.yaml
diff --git a/apps/monitoring/namespace.yaml b/apps/monitoring/namespace.yaml
new file mode 100644
index 0000000..0a074bd
--- /dev/null
+++ b/apps/monitoring/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
diff --git a/apps/monitoring/telegraf-adguard.values.yaml b/apps/monitoring/telegraf-adguard.values.yaml
deleted file mode 100644
index de7290a..0000000
--- a/apps/monitoring/telegraf-adguard.values.yaml
+++ /dev/null
@@ -1,167 +0,0 @@
-## Default values.yaml for Telegraf
-## This is a YAML-formatted file.
-## ref: https://hub.docker.com/r/library/telegraf/tags/
-
-replicaCount: 1
-image:
-  repo: "telegraf"
-  tag: "1.25"
-  pullPolicy: IfNotPresent
-podAnnotations: {}
-podLabels: {}
-imagePullSecrets: []
-## Configure args passed to Telegraf containers
-args: []
-# The name of a secret in the same kubernetes namespace which contains values to
-# be added to the environment (must be manually created)
-# This can be useful for auth tokens, etc.
-
-# envFromSecret: "telegraf-tokens"
-env:
-  - name: HOSTNAME
-    value: "telegraf-polling-service"
-# An older "volumeMounts" key was previously added which will likely
-# NOT WORK as you expect. Please use this newer configuration.
-
-# volumes:
-# - name: telegraf-output-influxdb2
-#   configMap:
-#     name: "telegraf-output-influxdb2"
-# mountPoints:
-# - name: telegraf-output-influxdb2
-#   mountPath: /etc/telegraf/conf.d
-#   subPath: influxdb2.conf
-
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources: {}
-# requests:
-#   memory: 128Mi
-#   cpu: 100m
-# limits:
-#   memory: 128Mi
-#   cpu: 100m
-
-## Node labels for pod assignment
-## ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
-## Affinity for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-##
-affinity: {}
-## Tolerations for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-##
-tolerations: []
-# - key: "key"
-#   operator: "Equal|Exists"
-#   value: "value"
-#   effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
-
-service:
-  enabled: false
-  type: ClusterIP
-  annotations: {}
-rbac:
-  # Specifies whether RBAC resources should be created
-  create: true
-  # Create only for the release namespace or cluster wide (Role vs ClusterRole)
-  clusterWide: false
-  # Rules for the created rule
-  rules: []
-# When using the prometheus input to scrape all pods you need extra rules set to the ClusterRole to be
-# able to scan the pods for scraping labels. The following rules have been taken from:
-# https://github.com/helm/charts/blob/master/stable/prometheus/templates/server-clusterrole.yaml#L8-L46
-#    - apiGroups:
-#        - ""
-#      resources:
-#        - nodes
-#        - nodes/proxy
-#        - nodes/metrics
-#        - services
-#        - endpoints
-#        - pods
-#        - ingresses
-#        - configmaps
-#      verbs:
-#        - get
-#        - list
-#        - watch
-#    - apiGroups:
-#        - "extensions"
-#      resources:
-#        - ingresses/status
-#        - ingresses
-#      verbs:
-#        - get
-#        - list
-#        - watch
-#    - nonResourceURLs:
-#        - "/metrics"
-#      verbs:
-#        - get
-
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created
-  create: false
-## Exposed telegraf configuration
-## For full list of possible values see `/docs/all-config-values.yaml` and `/docs/all-config-values.toml`
-## ref: https://docs.influxdata.com/telegraf/v1.1/administration/configuration/
-config:
-  agent:
-    interval: "2m"
-    round_interval: true
-    metric_batch_size: 1000
-    metric_buffer_limit: 10000
-    collection_jitter: "0s"
-    flush_interval: "10s"
-    flush_jitter: "0s"
-    precision: ""
-    debug: false
-    quiet: false
-    logfile: ""
-    hostname: "$HOSTNAME"
-    omit_hostname: false
-  processors:
-    - enum:
-        mapping:
-          field: "status"
-          dest: "status_code"
-          value_mappings:
-            healthy: 1
-            problem: 2
-            critical: 3
-  outputs:
-    - influxdb_v2:
-        urls:
-          - "http://influxdb-influxdb2.monitoring:80"
-        token: We64mk4L4bqYCL77x3fAUSYfOse9Kktyf2eBLyrryG9c3-y8PQFiKPIh9EvSWuq78QSQz6hUcsm7XSFR2Zj1MA==
-        organization: "influxdata"
-        bucket: "homeassistant"
-  inputs:
-    - http:
-        urls:
-          - "http://adguard-home.adguard:3000/control/stats"
-        data_format: "json"
-metrics:
-  health:
-    enabled: false
-    service_address: "http://:8888"
-    threshold: 5000.0
-  internal:
-    enabled: true
-    collect_memstats: false
-# Lifecycle hooks
-# hooks:
-#   postStart: ["/bin/sh", "-c", "echo Telegraf started"]
-#   preStop: ["/bin/sh", "-c", "sleep 60"]
-
-## Pod disruption budget configuration
-##
-pdb:
-  ## Specifies whether a Pod disruption budget should be created
-  ##
-  create: true
-  minAvailable: 1
-  # maxUnavailable: 1
-
diff --git a/apps/monitoring/telegraf-speedtest.values.yaml b/apps/monitoring/telegraf-speedtest.values.yaml
index 69345bc..a3e3d82 100644
--- a/apps/monitoring/telegraf-speedtest.values.yaml
+++ b/apps/monitoring/telegraf-speedtest.values.yaml
@@ -1,51 +1,7 @@
-## Default values.yaml for Telegraf
-## This is a YAML-formatted file.
-## ref: https://hub.docker.com/r/library/telegraf/tags/
-
-replicaCount: 1
-image:
-  repo: "telegraf"
-  tag: "1.25"
-  pullPolicy: IfNotPresent
-podAnnotations: {}
-podLabels: {}
-imagePullSecrets: []
-## Configure args passed to Telegraf containers
-args: []
-# The name of a secret in the same kubernetes namespace which contains values to
-# be added to the environment (must be manually created)
-# This can be useful for auth tokens, etc.
-
-# envFromSecret: "telegraf-tokens"
 env:
   - name: HOSTNAME
     value: "telegraf-speedtest"
 
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources: {}
-# requests:
-#   memory: 128Mi
-#   cpu: 100m
-# limits:
-#   memory: 128Mi
-#   cpu: 100m
-
-## Node labels for pod assignment
-## ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
-## Affinity for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-##
-affinity: {}
-## Tolerations for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-##
-tolerations: []
-# - key: "key"
-#   operator: "Equal|Exists"
-#   value: "value"
-#   effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
 service:
   enabled: false
 rbac:
@@ -94,17 +50,3 @@ config:
   inputs:
     - internet_speed:
         enable_file_download: false
-
-# Lifecycle hooks
-# hooks:
-#   postStart: ["/bin/sh", "-c", "echo Telegraf started"]
-#   preStop: ["/bin/sh", "-c", "sleep 60"]
-
-## Pod disruption budget configuration
-##
-pdb:
-  ## Specifies whether a Pod disruption budget should be created
-  ##
-  create: true
-  minAvailable: 1
-  # maxUnavailable: 1
diff --git a/kluster-deployments/monitoring/application.yaml b/kluster-deployments/monitoring/application.yaml
new file mode 100644
index 0000000..36deee1
--- /dev/null
+++ b/kluster-deployments/monitoring/application.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: monitoring-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/monitoring
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/kluster-deployments/monitoring/kustomization.yaml b/kluster-deployments/monitoring/kustomization.yaml
new file mode 100644
index 0000000..977dcfe
--- /dev/null
+++ b/kluster-deployments/monitoring/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml