diff --git a/components/monitoring/controllers/base/.sops.yaml b/components/monitoring/controllers/base/.sops.yaml index 9d3c752..d775ff5 100644 --- a/components/monitoring/controllers/base/.sops.yaml +++ b/components/monitoring/controllers/base/.sops.yaml @@ -1,5 +1,5 @@ creation_rules: - - path_regex: kube-prometheus-stack.yaml$ - encrypted_regex: "^(values)$" + - path_regex: grafana-auth-secret.yaml$ + encrypted_regex: "^(stringData)$" age: - age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq diff --git a/components/monitoring/controllers/base/grafana-auth-secret.yaml b/components/monitoring/controllers/base/grafana-auth-secret.yaml new file mode 100644 index 0000000..84698db --- /dev/null +++ b/components/monitoring/controllers/base/grafana-auth-secret.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: flux-grafana-auth-secret + namespace: monitoring +type: Opaque +stringData: + values.yaml: ENC[AES256_GCM,data:HnTnJaBjhQyp1sM/tYlFV8NXMpIyWlfmEu/5rvZHTQ+zH/4B+44I,iv:WXsGW84AJpgx67CxTeIADMiIdw7dKkqR/HrvzZMHlTc=,tag:o0p4kayo88kPGgbY97Z/6A==,type:str] +sops: + age: + - recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QitXVlk5MG9iVm8zRkFt + WTJYaTYwa0JJb3dseUZLcFVISzF6aEFUaERZClZtd3hDYXNpc25zaWhkd3pSNFVi + bUtGY3pUVTdWMVFOS1AxbHc1SDZoNlkKLS0tIDRWUUd0M2hiajFicWpHejlGb005 + Yk9LN0VBNjdOS3N1SnRTdEF2MnVicm8KKjve/Asmq+bFD+jWAJ1Wj4XfRk2Pnoff + tLnT4TjqBuAlhRYkUaETeSP2KiriZgTV2I8JNdAJPSGl7m+scSxrGg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-11-15T22:43:54Z" + mac: ENC[AES256_GCM,data:lvdJNCdS5v85oZNV8JzIgtIfdLFdC8QMR4tmz1PuYBGAGCOqqwF6aP09aCujBoKPujMOJeZyVRSvsnoH0Nc7K6kRmUNU7LIDcjUerJ48uHsh2zxbLoHcH2nZ4U91V/BxZt5nSGzZp0TNzRTZc7RBtS7JCjEmgSLk62g+ziM568A=,iv:AWd4Ev8NNxoSLKVKF8k1Al6Zusz/q29q7g3X8/0EiHg=,tag:lr2uBg7cUU0066dh5cnlFg==,type:str] + encrypted_regex: ^(stringData)$ + version: 3.11.0 diff --git a/components/monitoring/controllers/base/kube-prometheus-stack.yaml b/components/monitoring/controllers/base/kube-prometheus-stack.yaml index 9f62d15..c76d856 100644 --- a/components/monitoring/controllers/base/kube-prometheus-stack.yaml +++ b/components/monitoring/controllers/base/kube-prometheus-stack.yaml @@ -6,21 +6,6 @@ spec: interval: 12h type: oci url: oci://ghcr.io/prometheus-community/charts -sops: - age: - - recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseUtpanJ3MG9WOXZBaFVK - SGY1eElldXQyNWJiZVVwRk5lSys2NDUwbVhZCk5TMFU0TG1lSjZrOWh1ZHJ4TjY4 - WDBSaFdrbFNJejRmMVFDZytJRkZrM0EKLS0tIFg4RW5EUlRDZjF0ZUdjMU50SHM1 - aS9jcnh6VXJQTlQ1cUhiRWV3NWRGMnMKAKnkJj/gByIdrX/ZgNVl7S6u3yH1nB/c - UNhXoEqvZwN8vRiFg5bf3qIYPVUbRr2tXNHLrQCTT3U0AlXLr2NhYQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-15T21:55:33Z" - mac: ENC[AES256_GCM,data:I13OZSaEZRXE+oTkurOrG8JDTK1rHqlMZG2ijr1W8towPdgAPyICqM22hrzXz5uzp75j02qDeEU4YntCYWvxnGJEWpN7q/BX+7P1p+oC+314uyGxricBWK1j7KGEOUv2QFNosnWJdTjK3cA8zcr/pp/WeuZ1pKz2z4iUS9uM/xI=,iv:dpyzS1YQcWU0XiTofUzfkOYTlY69BkZk6fVV1lszWqA=,tag:xltGaiRDPD3qrBNCPL7E+Q==,type:str] - encrypted_regex: ^(values)$ - version: 3.11.0 --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease @@ -54,35 +39,23 @@ spec: - kind: ConfigMap name: flux-kube-state-metrics-config valuesKey: kube-state-metrics-config.yaml + - kind: Secret + name: flux-grafana-auth-secret + valuesKey: values.yaml values: alertmanager: - enabled: ENC[AES256_GCM,data:Zn/Z7mM=,iv:IgjdHi9neAE6zBl8fh2vZzKjWK0uyYwaFiwAaWGNsn0=,tag:nPKyaDGD/gF5pSLaFaFIwA==,type:bool] + enabled: false prometheus: prometheusSpec: - retention: ENC[AES256_GCM,data:JNxX,iv:OdccSVIP3Cwuw5IvgopUqD+PqwopJ6uNz3pNqTiROsE=,tag:3MHC/iAP+hbs2ENHgfcPwQ==,type:str] + retention: 12h resources: requests: - cpu: ENC[AES256_GCM,data:w5nT5Q==,iv:2KCf5LnI+81UVruK2PAnZf/jllU3m6t6iIpzIhC7YjU=,tag:Cw1ScqWJrBoSrI07HFmNVg==,type:str] - memory: ENC[AES256_GCM,data:FygMqxI=,iv:EDey9YVLFE4rGBS6t+sdkdiMgy6pHbkTCZiP3t/ufV8=,tag:o55+b7C6KAShwe9PWtAzbQ==,type:str] + cpu: 200m + memory: 200Mi podMonitorNamespaceSelector: {} podMonitorSelector: matchLabels: - app.kubernetes.io/component: ENC[AES256_GCM,data:4d0Zmt3LGrMPtw==,iv:yC5C2DcLikC3vDzt3vxgmN7qbNrtXxOv3+P6qXahO/g=,tag:10rrR+f2XCFRfTrZFZibZQ==,type:str] + app.kubernetes.io/component: monitoring grafana: - defaultDashboardsEnabled: ENC[AES256_GCM,data:lKLSfOM=,iv:Wfm9WSrqA+0wjtV8NoEazPiI5HZ14GcVoHg1qN96w6E=,tag:L5S2poSh9mVuDlepD3cmKw==,type:bool] - adminPassword: ENC[AES256_GCM,data:8vu+mANLfCyz4u8jOQ==,iv:n/sp7MAHS5W1EMMD6muDDu2G8QT0MVW3NvmPGAptqNM=,tag:+0MLZWCXGEmirg+HnIRClQ==,type:str] -sops: - age: - - recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseUtpanJ3MG9WOXZBaFVK - SGY1eElldXQyNWJiZVVwRk5lSys2NDUwbVhZCk5TMFU0TG1lSjZrOWh1ZHJ4TjY4 - WDBSaFdrbFNJejRmMVFDZytJRkZrM0EKLS0tIFg4RW5EUlRDZjF0ZUdjMU50SHM1 - aS9jcnh6VXJQTlQ1cUhiRWV3NWRGMnMKAKnkJj/gByIdrX/ZgNVl7S6u3yH1nB/c - UNhXoEqvZwN8vRiFg5bf3qIYPVUbRr2tXNHLrQCTT3U0AlXLr2NhYQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-15T21:55:33Z" - mac: ENC[AES256_GCM,data:I13OZSaEZRXE+oTkurOrG8JDTK1rHqlMZG2ijr1W8towPdgAPyICqM22hrzXz5uzp75j02qDeEU4YntCYWvxnGJEWpN7q/BX+7P1p+oC+314uyGxricBWK1j7KGEOUv2QFNosnWJdTjK3cA8zcr/pp/WeuZ1pKz2z4iUS9uM/xI=,iv:dpyzS1YQcWU0XiTofUzfkOYTlY69BkZk6fVV1lszWqA=,tag:xltGaiRDPD3qrBNCPL7E+Q==,type:str] - encrypted_regex: ^(values)$ - version: 3.11.0 + defaultDashboardsEnabled: false +