Add Prometheus Stack

pkg/flux/flux.go

@@ -11,22 +11,20 @@ import (
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-var flux_apps_meta kube.Metadata
 var Flux_namespace = kube.Namespace(root.FLUX_NAMESPACE)
 
-func init() {
-	flux_apps_meta = kube.NewMetadata("apps", Flux_namespace)
-}
-
 func Stack() stack.Stack {
+	flux_apps_meta := kube.NewMetadata("apps", Flux_namespace)
+	flux_infra_meta := kube.NewMetadata("infrastructure", Flux_namespace)
 
 	s := stack.NewStack("flux", map[string]any{
-		"apps": Apps(),
+		"apps":  kuztomization(flux_apps_meta, root.FLUX_APPS_HYDRA_PATH),
+		"infra": kuztomization(flux_infra_meta, root.FLUX_INFRA_HYDRA_PATH),
 	})
 	return s
 }
 
-func Apps() kz.Kustomization {
+func kuztomization(meta kube.Metadata, path string) kz.Kustomization {
 	retryInteval := durMin(1)
 	timeout := durMin(5)
 	spec := kz.KustomizationSpec{
@@ -43,10 +41,10 @@ func Apps() kz.Kustomization {
 			Kind: "GitRepository",
 			Name: Flux_namespace.Name,
 		},
-		Path:  root.FLUX_APPS_HYDRA_PATH,
+		Path:  path,
 		Prune: true,
 	}
-	return kube.NewFluxKustomization(flux_apps_meta, spec)
+	return kube.NewFluxKustomization(meta, spec)
 }
 
 func durMin(d int64) meta.Duration {

pkg/linkding/linkding.go

@@ -47,7 +47,7 @@ func Stack() stack.Stack {
 func deployment() apps.Deployment {
 	storage := kube.NewVolumeFrom(kube.VolumeSourcePVC, "data", pvc.Name)
 	envMapping := map[string]string{
-		"LD_CSRF_TRUSTED_ORIGINS": "https://link.danicos.me",
+		"LD_CSRF_TRUSTED_ORIGINS": root.Linkding.PublicURL,
 	}
 	secretMapping := map[string]string{
 		"LD_SUPERUSER_NAME":     Secret.SuperUserKey,

pkg/monitoring/monitoring.go

@@ -0,0 +1,100 @@
+package monitoring
+
+import (
+	"encoding/json"
+	"time"
+
+	"danicos.dev/daniel/go-kube/pkg/kube"
+	"danicos.dev/daniel/go-kube/pkg/stack"
+	"danicos.dev/daniel/homelab/pkg/root"
+	helm "github.com/fluxcd/helm-controller/api/v2"
+	"github.com/fluxcd/pkg/apis/kustomize"
+	source "github.com/fluxcd/source-controller/api/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var meta kube.Metadata
+var Namespace = kube.Namespace(root.Monitoring)
+
+func init() {
+	meta = kube.NewMetadata(root.Monitoring, Namespace)
+}
+
+func Controllers() stack.Stack {
+	s := stack.NewStack("controllers", map[string]any{
+		"namespace":             Namespace,
+		"kube-prometheus-stack": PrometheusHelmSource(),
+		"release":               PrometheusRelease(),
+	})
+
+	return s
+}
+
+func PrometheusHelmSource() source.HelmRepository {
+	spec := source.HelmRepositorySpec{
+		Interval: durHour(root.FLUX_HELM_MONITORING_INTERVAL),
+		URL:      root.HELM_PROMETHEUS_URL,
+	}
+	return kube.NewFluxHelmRepositorySource(meta, spec)
+}
+
+func PrometheusRelease() helm.HelmRelease {
+	type Grafana struct {
+		AdminPassword string `json:"adminPassword"`
+	}
+	type Values struct {
+		Grafana Grafana `json:"grafana"`
+	}
+	values := Values{
+		Grafana: Grafana{
+			// Note this password is safe because Grafana is only exposed via VPN
+			AdminPassword: "grafana-admin",
+		},
+	}
+	raw, err := json.Marshal(values)
+	if err != nil {
+		panic(err)
+	}
+	interval := durHour(12)
+	spec := helm.HelmReleaseSpec{
+		Interval: durMin(30),
+		Chart: &helm.HelmChartTemplate{
+			Spec: helm.HelmChartTemplateSpec{
+				Chart:    root.HELM_PROMETHEUS_CHART,
+				Version:  root.HELM_PROMETHEUS_CHART_VERSION,
+				Interval: &interval,
+				SourceRef: helm.CrossNamespaceObjectReference{
+					Kind:      kube.FluxHelmReleaseMeta.Kind,
+					Name:      meta.Meta().Name,
+					Namespace: Namespace.Name,
+				},
+			},
+		},
+		Install: &helm.Install{
+			CRDs: helm.Create,
+		},
+		Upgrade: &helm.Upgrade{
+			CRDs: helm.CreateReplace,
+		},
+		DriftDetection: &helm.DriftDetection{
+			Mode: helm.DriftDetectionEnabled,
+			Ignore: []helm.IgnoreRule{{
+				Paths: []string{"/metadata/annotations/prometheus-operator-validated"},
+				Target: &kustomize.Selector{
+					Kind: "PrometheusRule",
+				},
+			}},
+		},
+		Values: &apiextensionsv1.JSON{Raw: raw},
+	}
+	return kube.NewFluxHelmRelease(meta, spec)
+}
+
+func durHour(d int64) metav1.Duration {
+	return metav1.Duration{Duration: (time.Duration(d) * time.Hour)}
+}
+
+func durMin(d int64) metav1.Duration {
+	return metav1.Duration{Duration: (time.Duration(d) * time.Minute)}
+}

pkg/root/root.go

@@ -15,11 +15,19 @@ const (
 )
 
 const (
-	FLUX_NAMESPACE               = "flux-system"
-	FLUX_APPS_HYDRA_PATH         = "./apps/" + HYDRA_CLUSTER
-	FLUX_APPS_SECRETS_HYDRA_PATH = "./apps/" + HYDRA_CLUSTER + "/secrets"
-	FLUX_CLUSTER_HYDRA_PATH      = "./clusters/" + HYDRA_CLUSTER
-	FLUX_DECRYPTION_PROVIDER     = "sops"
+	FLUX_NAMESPACE                = "flux-system"
+	FLUX_APPS_HYDRA_PATH          = "./apps/" + HYDRA_CLUSTER
+	FLUX_APPS_SECRETS_HYDRA_PATH  = "./apps/" + HYDRA_CLUSTER + "/secrets"
+	FLUX_CLUSTER_HYDRA_PATH       = "./clusters/" + HYDRA_CLUSTER
+	FLUX_INFRA_HYDRA_PATH         = "./infrastructure/" + HYDRA_CLUSTER
+	FLUX_DECRYPTION_PROVIDER      = "sops"
+	FLUX_HELM_MONITORING_INTERVAL = 24 // in hours
+)
+
+const (
+	HELM_PROMETHEUS_URL           = "https://prometheus-community.github.io/helm-charts"
+	HELM_PROMETHEUS_CHART         = "kube-prometheus-stack"
+	HELM_PROMETHEUS_CHART_VERSION = "66.x"
 )
 
 var (

pkg/root/services.go

@@ -3,6 +3,7 @@ package root
 type Service struct {
 	Name              string
 	Image             string
+	PublicURL         string
 	Port              int32
 	SecurityContextID int64
 }
@@ -10,6 +11,9 @@ type Service struct {
 var Linkding = Service{
 	Name:              "linkding",
 	Image:             "sissbruecker/linkding:1.45.0",
+	PublicURL:         "https://link.danicos.me",
 	Port:              9090,
 	SecurityContextID: 33, // www-data user, group and FS ID
 }
+
+var Monitoring = "monitoring"