From 86d3702ce67abb6776bf763ede9c70186518343e Mon Sep 17 00:00:00 2001
From: Victor Barba Martin <victor.barba@navigaglobal.com>
Date: Wed, 3 Nov 2021 20:13:45 +0100
Subject: [PATCH] add kube-prometheus-stack

---
 k8s/applications/kube-prometheus-stack.yaml   | 27 +++++++++
 k8s/haproxy-monitoring/kustomization.yaml     |  6 ++
 .../prometheus-service.yaml                   |  0
 .../service-monitor.yaml                      |  0
 k8s/haproxy/haproxy-ingress-values.yaml       |  3 -
 k8s/monitoring/helm-values.yaml               | 11 ++--
 terraform/argocd-repo-creds.yaml              | 59 -------------------
 terraform/argocd-repositories.yaml            | 54 -----------------
 terraform/kubernetes.tf                       | 18 +++---
 terraform/stg-kubeconfig.yaml                 | 18 +++---
 10 files changed, 56 insertions(+), 140 deletions(-)
 create mode 100644 k8s/applications/kube-prometheus-stack.yaml
 create mode 100644 k8s/haproxy-monitoring/kustomization.yaml
 rename k8s/{haproxy => haproxy-monitoring}/prometheus-service.yaml (100%)
 rename k8s/{haproxy => haproxy-monitoring}/service-monitor.yaml (100%)
 delete mode 100644 k8s/haproxy/haproxy-ingress-values.yaml
 delete mode 100644 terraform/argocd-repo-creds.yaml
 delete mode 100644 terraform/argocd-repositories.yaml

diff --git a/k8s/applications/kube-prometheus-stack.yaml b/k8s/applications/kube-prometheus-stack.yaml
new file mode 100644
index 0000000..1eaf98b
--- /dev/null
+++ b/k8s/applications/kube-prometheus-stack.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-prometheus-stack
+spec:
+  destination:
+    name: ''
+    namespace: monitoring
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: ''
+    repoURL: 'https://prometheus-community.github.io/helm-charts'
+    targetRevision: 19.2.2
+    chart: kube-prometheus-stack
+  project: default
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true 
+    automated: 
+      prune: true 
+      allowEmpty: false
+    retry:
+      limit: 5 
+      backoff:
+        duration: 5s 
+        factor: 2 
+        maxDuration: 3m 
\ No newline at end of file
diff --git a/k8s/haproxy-monitoring/kustomization.yaml b/k8s/haproxy-monitoring/kustomization.yaml
new file mode 100644
index 0000000..79f53e0
--- /dev/null
+++ b/k8s/haproxy-monitoring/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+
+resources:
\ No newline at end of file
diff --git a/k8s/haproxy/prometheus-service.yaml b/k8s/haproxy-monitoring/prometheus-service.yaml
similarity index 100%
rename from k8s/haproxy/prometheus-service.yaml
rename to k8s/haproxy-monitoring/prometheus-service.yaml
diff --git a/k8s/haproxy/service-monitor.yaml b/k8s/haproxy-monitoring/service-monitor.yaml
similarity index 100%
rename from k8s/haproxy/service-monitor.yaml
rename to k8s/haproxy-monitoring/service-monitor.yaml
diff --git a/k8s/haproxy/haproxy-ingress-values.yaml b/k8s/haproxy/haproxy-ingress-values.yaml
deleted file mode 100644
index ca645d7..0000000
--- a/k8s/haproxy/haproxy-ingress-values.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-controller:
-  hostNetwork: true
-prometheus-port: "9105"
\ No newline at end of file
diff --git a/k8s/monitoring/helm-values.yaml b/k8s/monitoring/helm-values.yaml
index 8d391e3..49828dd 100644
--- a/k8s/monitoring/helm-values.yaml
+++ b/k8s/monitoring/helm-values.yaml
@@ -5,7 +5,7 @@ prometheus:
     annotations:
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/rewrite-target: /$2
-      cert-manager.io/cluster-issuer: letsencrypt-prod
+      cert-manager.io/cluster-issuer: letsencrypt-nginx-production
       # nginx.ingress.kubernetes.io/auth-type: basic
       # nginx.ingress.kubernetes.io/auth-secret: basic-auth
       # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
@@ -14,7 +14,7 @@ prometheus:
     paths:
     - /prometheus(/|$)(.*)
     tls:
-    - secretName: letsencrypt-secret-prod
+    - secretName: monitoring
       hosts:
       - monitoring.video.jamkazam.com
   prometheusSpec:
@@ -34,7 +34,7 @@ alertmanager:
     annotations:
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/rewrite-target: /$2
-      cert-manager.io/cluster-issuer: letsencrypt-prod
+      cert-manager.io/cluster-issuer: letsencrypt-nginx-production
       # nginx.ingress.kubernetes.io/auth-type: basic
       # nginx.ingress.kubernetes.io/auth-secret: basic-auth
       # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
@@ -43,7 +43,7 @@ alertmanager:
     paths:
     - /alertmanager(/|$)(.*)
     tls:
-    - secretName: letsencrypt-secret-prod
+    - secretName: monitoring
       hosts:
       - monitoring.video.jamkazam.com
   alertmanagerSpec:
@@ -67,6 +67,7 @@ grafana:
     annotations:
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/rewrite-target: /$2
+      cert-manager.io/cluster-issuer: letsencrypt-nginx-production
       # nginx.ingress.kubernetes.io/auth-type: basic
       # nginx.ingress.kubernetes.io/auth-secret: basic-auth
       # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
@@ -74,7 +75,7 @@ grafana:
     - monitoring.video.jamkazam.com
     path: /grafana(/|$)(.*)
     tls:
-    - secretName: letsencrypt-secret-prod
+    - secretName: monitoring
       hosts:
       - monitoring.video.jamkazam.com
   grafana.ini:
diff --git a/terraform/argocd-repo-creds.yaml b/terraform/argocd-repo-creds.yaml
deleted file mode 100644
index 219ace0..0000000
--- a/terraform/argocd-repo-creds.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-# Repository credentials, for using the same credentials in multiple repositories.
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argoproj-https-creds
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repo-creds
-stringData:
-  url: https://github.com/argoproj
-  password: my-password
-  username: my-username
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argoproj-ssh-creds
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repo-creds
-stringData:
-  url: git@github.com:argoproj-labs
-  sshPrivateKey: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    ...
-    -----END OPENSSH PRIVATE KEY-----
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: github-creds
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repo-creds
-stringData:
-  url: https://github.com/argoproj
-  githubAppID: 1
-  githubAppInstallationID: 2
-  githubAppPrivateKey: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    ...
-    -----END OPENSSH PRIVATE KEY-----
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: github-enterprise-creds
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repo-creds
-stringData:
-  url: https://github.com/argoproj
-  githubAppID: 1
-  githubAppInstallationID: 2
-  githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
-  githubAppPrivateKey: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    ...
-    -----END OPENSSH PRIVATE KEY-----
\ No newline at end of file
diff --git a/terraform/argocd-repositories.yaml b/terraform/argocd-repositories.yaml
deleted file mode 100644
index 9857b16..0000000
--- a/terraform/argocd-repositories.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-# Git repositories configure Argo CD with (optional).
-# This list is updated when configuring/removing repos from the UI/CLI
-# Note: the last example in the list would use a repository credential template, configured under "argocd-repo-creds.yaml".
-apiVersion: v1
-kind: Secret
-metadata:
-  name: my-private-repo
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repository
-stringData:
-  url: https://github.com/argoproj/my-private-repository
-  password: my-password
-  username: my-username
-  sshPrivateKey: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    ...
-    -----END OPENSSH PRIVATE KEY-----
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: istio-helm-repo
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repository
-stringData:
-  url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
-  name: istio.io
-  type: helm
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-helm-repo
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repository
-stringData:
-  url: https://my-private-chart-repo.internal
-  name: private-repo
-  type: helm
-  password: my-password
-  username: my-username
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-repo
-  namespace: argocd
-  labels:
-    argocd.argoproj.io/secret-type: repository
-stringData:
-  url: https://github.com/argoproj/private-repo
\ No newline at end of file
diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf
index c5767fa..b6233a2 100644
--- a/terraform/kubernetes.tf
+++ b/terraform/kubernetes.tf
@@ -61,22 +61,20 @@ data "kustomization_build" "argocd" {
   depends_on = [kubernetes_namespace.argocd]
   path       = "../k8s/argocd/overlays/staging"
 }
+resource "kustomization_resource" "argocd" {
+
+  for_each = data.kustomization_build.argocd.ids
+
+  manifest = data.kustomization_build.argocd.manifests[each.value]
+}
+
 
 data "kustomization_build" "applications" {
   depends_on = [kubernetes_namespace.argocd]
   path       = "../k8s/applications"
 }
-
-resource "kustomization_resource" "argocd" {
-  depends_on = [kubernetes_namespace.argocd]
-  for_each   = data.kustomization_build.argocd.ids
-
-  manifest = data.kustomization_build.argocd.manifests[each.value]
-}
-
 resource "kustomization_resource" "applications" {
-  depends_on = [kustomization_resource.applications]
-  for_each   = data.kustomization_build.applications.ids
+  for_each = data.kustomization_build.applications.ids
 
   manifest = data.kustomization_build.applications.manifests[each.value]
 }
diff --git a/terraform/stg-kubeconfig.yaml b/terraform/stg-kubeconfig.yaml
index 39bf308..fc76ef6 100755
--- a/terraform/stg-kubeconfig.yaml
+++ b/terraform/stg-kubeconfig.yaml
@@ -5,21 +5,21 @@ preferences: {}
 
 clusters:
 - cluster:
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1UQXpNVEUyTVRJME9Wb1hEVE14TVRBeU9URTJNVEkwT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlpLCllnME1sRjZ4dVpBaUJ2YitRRVhaY3ZheWFxUmJIdEp4WkVWUng4aUFTT0xCdUxNc3JibVhCRVZ1QSthVmFJTU4KMnkremdLVUxFTkpFdnVCaEdJVDRyV2Fha0phR25WVXpYK0Z1WkhLTGtVSGNtK1I4d3BESDhkd1JmTXNneFJvMQpCZ2NBUC80S3RyOGlVME9YNXJNdmFzenN3d012bzdxSzd6N1JCMU1DaG15czhaVURyM1hHUGhFL1hQaGw0dllNCkpMUW5rNHh2bnkxVS92UjhvU0VoWmRoTmpIOHkzNkRRTGZ1WEtQMWNsZnlYb011SGJteG5FZ2ZrMEh3UEdITlYKVXowa2hRQnA3aEFjbGI2cGp2RzNwZHJGYkhXanNrRDhJci85Rm0zY1hiOC9tdmkraTRvVzhDalFFdU9lNndmWQo5WDkxK0w0YXFhZG9uekJpUkpjQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCQ2FRR1h4aUJEQndsMVU2MmZvM0Q4VEJ1VUhNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFETHhBWkdpbG1aVGVpU0hRRG95M2ZpWnoxa1FJQjE1T29sK1llb21vdCtLZnptTUNEVwphT05PWnNWV2dhcG4yMnhmakJTdEhobnZHSC9YWDBiN3BPMUkzTzEvL2RQSy90VWVWek1kd2phaElaVW45ajhyCjhMZzFzMHVhM1JHY3NSMm92QzBobzgvYWxNZkRmaHFCMU1KMlZyb0UwUzdXSWtaQkh4bkxlc0dwS2hrUFV5VVoKL2xCRVlOYjUvN3d1bG91b1FvSHF4OXpLV1R1amtwY290YW1WbGZtWUY3Y0F4a1hUR0hqa09FSkVwM0lVTENqSQpGazRmTFJRRkN6OSt6amZUNVRUK2pDR1ZydDFJZm1NZk16cTdZdlBySnNucWt1MVliaDdzQnByZC93RGxhUnBaCkRDMjlVRXZ0eHVvMHg0U0pQSFVLVENDbnlTR3ZST1RGZW5yWQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-    server: https://7a7755ce-42e7-4d39-a20e-0cf4abeb1969.cpc1-us-central.linodelke.net:443
-  name: lke41661
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1URXdNakV6TkRneE1Gb1hEVE14TVRBek1URXpORGd4TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHIwCjV3MGN2TnBaNkxwUmtpWHMwUjFZS0hlam56YVY5Q1RKUy9vUmZjK3JJMDR5ZXYzdkVYdktpb2JkaHlGME9XenEKN08ydE9hbTdZdXJMMnkzTHNORnYwTCtuT2kzQ0N2c1gwREJINnI0TTEyaVZQeXZPVVZsNjJjZkhiNHptbmZvcwpmclFad3UyNGZZa29XOVYwS0kwZnVCZFN1SnF4akNLc0xERmx1Q0N0RUI1U3Q0cE4wc2NOb2RmRVdMYkZDMlBVClR5VC9Mdmp4djBtL2hIdWozL2pjdmM4VlBUWEcrOHZ2L0kzcUVrSEVXN3h1R0d0b0xXR0xOOVg1SWhlb1hXT0cKczJsUGxkNUhwVGIxL2JLNVJHakNuZm5UZUZ1cFlORUJxTjdVRGc3Rmp1T2p5b0hVTWN6OU1kbFpSNHZUZEFoUgpYaWgrcnptNHpwZTdheFpIZldrQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDQlZuc2grdWpPbmE4SXB6WWdkZ1pySUs4NlpNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbWtTelgzcE94b0pYckYzOUR4bGJad25FUEVYTi9yZ2IxYXM0M2J0Y1dJanpESC9NZQo2bFNwL2pQUkR1QkUxRFlmK3lWYjBwK1JzaWYvQUQyZWRCTzJONzNiaWpVQ01Wb3hQYTB2VGoxZFc0SmlGNEttCjdIUXpSTFVURzFLZ0ZQdCtiNUp4MFRuNExnOGZqblhldHRSMEY0bVJYeDgxd3dRRFZUblJIaE5rVjlMdnUvc0QKQjZjMGpsZzlvWHdUOXBLQ21pcXlPWjVxUVV4V0grSnAzSlExVmpKd016N0hrdWZybVc3RUNsU1lNRUp3YnNvOApTZEdpSllWbG53YjRwaTFSVzZtTWIyRG9XaEk0RnVRUnFRV0JJeHp1S2x4WmozYTgwdUpVRzRaOWErZnRuM2g4ClhqRHBMV214S0pBL2VFekJwZEMxclRReGo4OWx2bElWSGNZTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    server: https://f5881c95-36ef-4b77-a351-61992f2feeaa.cpc1-us-central.linodelke.net:443
+  name: lke41905
 
 users:
-- name: lke41661-admin
+- name: lke41905-admin
   user:
     as-user-extra: {}
-    token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImZaYmY3MkRaRjRESFpWYlVrVVpwT3ZNaGcxcW9FenpUNmd0SnlvUDVwOTgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsa2UtYWRtaW4tdG9rZW4tcndid3IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibGtlLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmFmZTkxYjctYzJhZC00YjRkLWExODctODgwMjEzNjgxMDhmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmxrZS1hZG1pbiJ9.dRo09CFhyuz0zFaA8gAE9Ey3MtsDpMlqW7a7c6NEqRwx7n1vWQS-uZ15JGILVxbIs8UYgCQUpLkQFypciZ-yxw4fg2BIW0LPg7fNcODtaLbb7tTi-IxIZVLvjlLE6K5wXGIiBn4Y5ECX7ngsSwJTMxoYWICqZHOxLlzHQP7nSwsKfpzMyR6Fpgw-Ekk2LipaIdyjgtvaJotNv6otOsFiykwpqJmYqTNmvC8qfKknC03CNEAs_4zjGI8e6p_GG6onm3rXNwVDDXlu6m5NNDRrixxcT846iTVHat75BoGedBdGu754SY3O5HWrlHQEEvFR0Jirau8TINahT-V2_SvtTg
+    token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik9OS05HSGl4Xy1FRm53Mlk5bXhyV19tSXM0cGdvWUt4Rl9XdnVjUGgzTmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsa2UtYWRtaW4tdG9rZW4tdm5zc2oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibGtlLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjZlN2IyYzktODViNy00NGY4LWE4ZGYtM2I1OTdiN2UyNGZiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmxrZS1hZG1pbiJ9.J2ARw1GF4WolUVLQbCrg-lwmtbsB1n_YjteZQo65skcOrzPX_TxDXzfAom3cl1MuOoVKpeZPjCS0X99PnlnzukvlfDjBoR3INxnTpy0GtNJIwVfUkX1qaX4GUH-ssf7f_V0iuQPYcIw0CMaDHtar_yOzztOVGUYhTXUFU1R1O61ueO3L0zwWNblTIWJPhKbjwZMXg4qRPAUdpPcUSWcJyVJsvU4VyRhZuju9e1C-_Bp5bc8BV-8iR3b0u6fkj1yWu-nxgYFjHJx2aEQrPMzsHAYGDhW1VO-WLviXzlBvDMSr2SBevR8CrYdMdB52oK6-Q9-VRhY76bi3vKIi7hEgOw
 
 contexts:
 - context:
-    cluster: lke41661
+    cluster: lke41905
     namespace: default
-    user: lke41661-admin
-  name: lke41661-ctx
+    user: lke41905-admin
+  name: lke41905-ctx
 
-current-context: lke41661-ctx
+current-context: lke41905-ctx