home_lab/k8s_flux_infra
home_lab/k8s_flux_infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixin

Browse Source
This commit is contained in:
V 2025-11-15 22:44:34 +00:00
parent b52c4d45ef
commit 9410140c34
3 changed files with 35 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
components/monitoring/controllers/base/.sops.yaml
View File

@ -1,5 +1,5 @@
creation_rules: creation_rules:
- path_regex: kube-prometheus-stack.yaml$ - path_regex: grafana-auth-secret.yaml$
encrypted_regex: "^(values)$" encrypted_regex: "^(stringData)$"
age: age:
- age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq - age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq

23
components/monitoring/controllers/base/grafana-auth-secret.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: Secret
metadata:
name: flux-grafana-auth-secret
namespace: monitoring
type: Opaque
stringData:
values.yaml: ENC[AES256_GCM,data:HnTnJaBjhQyp1sM/tYlFV8NXMpIyWlfmEu/5rvZHTQ+zH/4B+44I,iv:WXsGW84AJpgx67CxTeIADMiIdw7dKkqR/HrvzZMHlTc=,tag:o0p4kayo88kPGgbY97Z/6A==,type:str]
sops:
age:
- recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QitXVlk5MG9iVm8zRkFt
WTJYaTYwa0JJb3dseUZLcFVISzF6aEFUaERZClZtd3hDYXNpc25zaWhkd3pSNFVi
bUtGY3pUVTdWMVFOS1AxbHc1SDZoNlkKLS0tIDRWUUd0M2hiajFicWpHejlGb005
Yk9LN0VBNjdOS3N1SnRTdEF2MnVicm8KKjve/Asmq+bFD+jWAJ1Wj4XfRk2Pnoff
tLnT4TjqBuAlhRYkUaETeSP2KiriZgTV2I8JNdAJPSGl7m+scSxrGg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-15T22:43:54Z"
mac: ENC[AES256_GCM,data:lvdJNCdS5v85oZNV8JzIgtIfdLFdC8QMR4tmz1PuYBGAGCOqqwF6aP09aCujBoKPujMOJeZyVRSvsnoH0Nc7K6kRmUNU7LIDcjUerJ48uHsh2zxbLoHcH2nZ4U91V/BxZt5nSGzZp0TNzRTZc7RBtS7JCjEmgSLk62g+ziM568A=,iv:AWd4Ev8NNxoSLKVKF8k1Al6Zusz/q29q7g3X8/0EiHg=,tag:lr2uBg7cUU0066dh5cnlFg==,type:str]
encrypted_regex: ^(stringData)$
version: 3.11.0

47
components/monitoring/controllers/base/kube-prometheus-stack.yaml
View File

@ -6,21 +6,6 @@ spec:
interval: 12h interval: 12h
type: oci type: oci
url: oci://ghcr.io/prometheus-community/charts url: oci://ghcr.io/prometheus-community/charts
sops:
age:
- recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseUtpanJ3MG9WOXZBaFVK
SGY1eElldXQyNWJiZVVwRk5lSys2NDUwbVhZCk5TMFU0TG1lSjZrOWh1ZHJ4TjY4
WDBSaFdrbFNJejRmMVFDZytJRkZrM0EKLS0tIFg4RW5EUlRDZjF0ZUdjMU50SHM1
aS9jcnh6VXJQTlQ1cUhiRWV3NWRGMnMKAKnkJj/gByIdrX/ZgNVl7S6u3yH1nB/c
UNhXoEqvZwN8vRiFg5bf3qIYPVUbRr2tXNHLrQCTT3U0AlXLr2NhYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-15T21:55:33Z"
mac: ENC[AES256_GCM,data:I13OZSaEZRXE+oTkurOrG8JDTK1rHqlMZG2ijr1W8towPdgAPyICqM22hrzXz5uzp75j02qDeEU4YntCYWvxnGJEWpN7q/BX+7P1p+oC+314uyGxricBWK1j7KGEOUv2QFNosnWJdTjK3cA8zcr/pp/WeuZ1pKz2z4iUS9uM/xI=,iv:dpyzS1YQcWU0XiTofUzfkOYTlY69BkZk6fVV1lszWqA=,tag:xltGaiRDPD3qrBNCPL7E+Q==,type:str]
encrypted_regex: ^(values)$
version: 3.11.0
--- ---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
@ -54,35 +39,23 @@ spec:
- kind: ConfigMap - kind: ConfigMap
name: flux-kube-state-metrics-config name: flux-kube-state-metrics-config
valuesKey: kube-state-metrics-config.yaml valuesKey: kube-state-metrics-config.yaml
- kind: Secret
name: flux-grafana-auth-secret
valuesKey: values.yaml
values: values:
alertmanager: alertmanager:
enabled: ENC[AES256_GCM,data:Zn/Z7mM=,iv:IgjdHi9neAE6zBl8fh2vZzKjWK0uyYwaFiwAaWGNsn0=,tag:nPKyaDGD/gF5pSLaFaFIwA==,type:bool] enabled: false
prometheus: prometheus:
prometheusSpec: prometheusSpec:
retention: ENC[AES256_GCM,data:JNxX,iv:OdccSVIP3Cwuw5IvgopUqD+PqwopJ6uNz3pNqTiROsE=,tag:3MHC/iAP+hbs2ENHgfcPwQ==,type:str] retention: 12h
resources: resources:
requests: requests:
cpu: ENC[AES256_GCM,data:w5nT5Q==,iv:2KCf5LnI+81UVruK2PAnZf/jllU3m6t6iIpzIhC7YjU=,tag:Cw1ScqWJrBoSrI07HFmNVg==,type:str] cpu: 200m
memory: ENC[AES256_GCM,data:FygMqxI=,iv:EDey9YVLFE4rGBS6t+sdkdiMgy6pHbkTCZiP3t/ufV8=,tag:o55+b7C6KAShwe9PWtAzbQ==,type:str] memory: 200Mi
podMonitorNamespaceSelector: {} podMonitorNamespaceSelector: {}
podMonitorSelector: podMonitorSelector:
matchLabels: matchLabels:
app.kubernetes.io/component: ENC[AES256_GCM,data:4d0Zmt3LGrMPtw==,iv:yC5C2DcLikC3vDzt3vxgmN7qbNrtXxOv3+P6qXahO/g=,tag:10rrR+f2XCFRfTrZFZibZQ==,type:str] app.kubernetes.io/component: monitoring
grafana: grafana:
defaultDashboardsEnabled: ENC[AES256_GCM,data:lKLSfOM=,iv:Wfm9WSrqA+0wjtV8NoEazPiI5HZ14GcVoHg1qN96w6E=,tag:L5S2poSh9mVuDlepD3cmKw==,type:bool] defaultDashboardsEnabled: false
adminPassword: ENC[AES256_GCM,data:8vu+mANLfCyz4u8jOQ==,iv:n/sp7MAHS5W1EMMD6muDDu2G8QT0MVW3NvmPGAptqNM=,tag:+0MLZWCXGEmirg+HnIRClQ==,type:str]
sops:
age:
- recipient: age1u0mt3kmhsr9tz2jaw8n0ztu7s9hnlffkd2acxf85cvk6tysj4gsqqulfdq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseUtpanJ3MG9WOXZBaFVK
SGY1eElldXQyNWJiZVVwRk5lSys2NDUwbVhZCk5TMFU0TG1lSjZrOWh1ZHJ4TjY4
WDBSaFdrbFNJejRmMVFDZytJRkZrM0EKLS0tIFg4RW5EUlRDZjF0ZUdjMU50SHM1
aS9jcnh6VXJQTlQ1cUhiRWV3NWRGMnMKAKnkJj/gByIdrX/ZgNVl7S6u3yH1nB/c
UNhXoEqvZwN8vRiFg5bf3qIYPVUbRr2tXNHLrQCTT3U0AlXLr2NhYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-15T21:55:33Z"
mac: ENC[AES256_GCM,data:I13OZSaEZRXE+oTkurOrG8JDTK1rHqlMZG2ijr1W8towPdgAPyICqM22hrzXz5uzp75j02qDeEU4YntCYWvxnGJEWpN7q/BX+7P1p+oC+314uyGxricBWK1j7KGEOUv2QFNosnWJdTjK3cA8zcr/pp/WeuZ1pKz2z4iUS9uM/xI=,iv:dpyzS1YQcWU0XiTofUzfkOYTlY69BkZk6fVV1lszWqA=,tag:xltGaiRDPD3qrBNCPL7E+Q==,type:str]
encrypted_regex: ^(values)$
version: 3.11.0