Add Loki application and Grafana sealed secret configuration; update kube-prometheus-stack and kustomization resources

argo/apps/kube-prometheus-stack.yaml

@@ -7,6 +7,9 @@ spec:
   project: default 
   sources:
     # Source 1: Your Git repo for values
+    - repoURL: https://git.james-mellors.com/mello/Monitoring.git
+      targetRevision: main
+      path: grafana/grafana-secret-sealed.yaml
     - repoURL: https://git.james-mellors.com/mello/Monitoring.git
       targetRevision: main
       # Use 'ref' to store values content to be referenced later

argo/apps/kustomization.yaml

@@ -2,4 +2,5 @@ resources:
   - uptime-karma.yaml
   - ntfy.yaml
   - kube-prometheus-stack.yaml
-  - istio-ingress-manager.yaml
+  - istio-ingress-manager.yaml
+  - loki.yaml

argo/apps/loki.yaml

@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: loki
+  namespace: argocd
+spec:
+  project: default 
+  sources:
+    - repoURL: https://git.james-mellors.com/mello/Monitoring.git
+      targetRevision: main
+      ref: valuesRef # Arbitrary reference namey
+    - repoURL: https://grafana.github.io/helm-charts
+      chart: grafana/loki
+      targetRevision: 6.29.0 # The chart version
+      helm:
+        # Reference the values stored in 'valuesRef' from the first source
+        valueFiles:
+          - $valuesRef/loki-values/values.yaml # Path within the Git repo 
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    syncOptions:
+    - ServerSideApply=true
+    automated: 
+      prune: true
+      selfHeal: true
+    

grafana/grafana-secret-sealed.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: grafana-secret
+  namespace: monitoring
+spec:
+  encryptedData:
+    passwordKey: AgCz5EzxCKIzJSmoWNTWgJfHsElVsFMkxUDvFE+IV0VqkOipIW5rBDdXsw+8RMgdboXn/LGGfTI6cjenGU8CWfCGVqW4Ybw6nbeGdWV5QxBc4PyQyRLBFk6xW2wknAR18+EMnFwQYUL6ieHACHs6RCeFyhIleiiBkOvtqi9c+ymRZKKK1C6jh+x2g+xMQDgxo6ZtKC3znI3Z8PZaG4CzmnLRKtrYZX7Lp6rdmQ6l8z7q6kks3LZWacSQcyEQL15jIGHkCrHje9HZSTQCfkPBvg6+mITHOGUsiIWE6rpBzw5UE+/ERVkJyJSODOg8iXClkKeFVlDlGUJcGlM+T8wvPe5SB7LH7Neqdd2ef9hEJOsgiPXUTKEWbyojOQyQwyMUvfQA8w4AAYMtkdndJb41HGgCbblKnYUFmThs58mOoYmUZx2fDCesMie5uW+lc7y4eEfSSr1KwRag3PbwxS1n/5LcrwF7YO1Nt0KHfmlaWiOkO409ICQ1dGxRHTtQlCZO4CopvCxKisYUmkwGysvFzPm8mzSPliXx4/Yf5SzV/qJstTI2K4Hd67eYaS40rP6jkqMfwjiYIOElozWYEHoTPiMg+dUo8z90SIpwVGClPTY/OtYMzW5wydAJQauIYXPymwN2NE0kbcyyamQLtix/b+vuUFJq4ad1sBWralVWAkA91SZNbDgRDZOdExtLpY06MK3K6wf0GcVdCELMqR2Bmu5vIA==
+    userKey: AgB+UTMBcb0pZFHcnI+BYCJOWeQNjyxRpFKIeEE0QiiSWC6ONJtwNRPPMEfGAYi/8Mj7QROvx+mfjDicyFcSN3rPn5WqBpmLi6JnB7XSf0IaubocmEoQT3AqViIPWUYRV/qvA7AU2zbxS2Ou79SJIqF4jYHA7FcpcEH15UwQ5lkVc/KLOs/bcW8uCSe1otuCdQb9B08aHI9eZlT9Vo6PXVm0EKpp0CvsbbNh3FY6GH04Yi/Uap/X66gaoo3gEkKvwdPlvAZTN/m8EqMjAwo9urFgidsG/H8qMcuJzkkpPu/y4ZQoG3DeoSyd2XyxTz2WOUH9dLfULe1zKLopxMHUw7ahv+KEk9Cjfy+4WtAJPfOhPxqGPsayWBl+jov3Dt4PXe5lg1wJgeqoK+RwxNG0EINxvVSuClm2QDAfqxlFHy9VQH/6+07RntW6XU307cJXCM1eaa5ju9WepbGWxLzTYRgb5Mgl3G6H5ASLQXOXnB7CJkNk2fsXNH+7xITmSxKcV+wZhuQo5hl5T8JQ8LUHqIxFKRaBx9VgffmqK3vUzMT2xi+XbkIpGyr6Wn/MiiZJ88ceZZJ/Cp47OmGWX5Ha+Pd6Lec+uiWTvrlesRKXN6iUkDHn5euGUc8UrmbMbqINAvir94eN5AjbrfOH+C/xcjJms1yKros5y5coFEks+H8uv7HPhj3HPFREMBXdXkpDrGtWG6dFGw==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: grafana-secret
+      namespace: monitoring

loki-values/values.yaml

@@ -0,0 +1,67 @@
+loki:
+  commonConfig:
+    replication_factor: 1
+  schemaConfig:
+    configs:
+      - from: "2024-04-01"
+        store: tsdb
+        object_store: s3
+        schema: v13
+        index:
+          prefix: loki_index_
+          period: 24h
+  pattern_ingester:
+      enabled: true
+  limits_config:
+    allow_structured_metadata: true
+    volume_enabled: true
+    retention_period: 24h
+  ruler:
+    enable_api: true
+  persistence:
+    # -- Enable StatefulSetAutoDeletePVC feature
+    enableStatefulSetAutoDeletePVC: true
+    # -- Enable persistent disk
+    enabled: true
+    # -- Size of persistent disk
+    size: 5Gi
+    # -- Storage class to be used.
+    # If defined, storageClassName: <storageClass>.
+    # If set to "-", storageClassName: "", which disables dynamic provisioning.
+    # If empty or set to null, no storageClassName spec is
+    # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
+    storageClass: longhorn
+minio:
+  enabled: true
+      
+deploymentMode: SingleBinary
+
+singleBinary:
+  replicas: 1
+
+# Zero out replica counts of other deployment modes
+backend:
+  replicas: 0
+read:
+  replicas: 0
+write:
+  replicas: 0
+
+ingester:
+  replicas: 0
+querier:
+  replicas: 0
+queryFrontend:
+  replicas: 0
+queryScheduler:
+  replicas: 0
+distributor:
+  replicas: 0
+compactor:
+  replicas: 0
+indexGateway:
+  replicas: 0
+bloomCompactor:
+  replicas: 0
+bloomGateway:
+  replicas: 0

values/overrides.yaml

@@ -1244,7 +1244,12 @@ grafana:
   defaultDashboardsInterval: 1m
 
   adminUser: admin
-  adminPassword: prom-operator
+
+  admin:
+    ## Name of the secret. Can be templated.
+    existingSecret: "grafana-secret"
+    userKey: admin-user
+    passwordKey: admin-password
 
   rbac:
     ## If true, Grafana PSPs will be created