Add bootstrapping scripts and nix expressions

bootstrap/charts/prometheus-operator.yaml

@@ -0,0 +1,169 @@
+alertmanager:
+
+  ## Deploy alertmanager
+  ##
+  enabled: true
+
+  ingress:
+    enabled: true
+
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: ca-issuer
+
+    ## Hosts must be provided if Ingress is enabled.
+    ##
+    hosts:
+      - alertmanager.@cluster@.local
+
+    ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix
+    ##
+    paths: []
+    # - /
+
+    ## TLS configuration for Alertmanager Ingress
+    ## Secret must be manually created in the namespace
+    ##
+    tls:
+    - secretName: alertmanager-general-tls
+      hosts:
+      - alertmanager.@cluster@.local
+
+grafana:
+  enabled: true
+
+  defaultDashboardsEnabled: true
+
+  adminPassword: prom-operator
+
+  ingress:
+    enabled: true
+
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: ca-issuer
+
+    hosts:
+      - grafana.@cluster@.local
+    path: /
+    tls:
+    - secretName: grafana-general-tls
+      hosts:
+      - grafana.@cluster@.local
+
+  grafana.ini:
+    paths:
+      data: /var/lib/grafana/data
+      logs: /var/log/grafana
+      plugins: /var/lib/grafana/plugins
+      provisioning: /etc/grafana/provisioning
+    analytics:
+      check_for_updates: true
+    log:
+      mode: console
+    grafana_net:
+      url: https://grafana.net
+  ## LDAP Authentication can be enabled with the following values on grafana.ini
+  ## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
+    auth.ldap:
+      enabled: true
+      allow_sign_up: true
+      config_file: /etc/grafana/ldap.toml
+    smpt:
+      enabled: true
+      host: smtpgw.itpartner.no
+      port: 465
+      user: utvikling
+      skip_verify: true
+
+  ## Grafana's LDAP configuration
+  ## Templated by the template in _helpers.tpl
+  ## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
+  ## ref: http://docs.grafana.org/installation/configuration/#auth-ldap
+  ## ref: http://docs.grafana.org/installation/ldap/#configuration
+  ldap:
+    existingSecret: grafana-ldap-toml
+
+  ## Grafana's SMTP configuration
+  ## NOTE: To enable, grafana.ini must be configured with smtp.enabled
+  ## ref: http://docs.grafana.org/installation/configuration/#smtp
+  smtp:
+    # `existingSecret` is a reference to an existing secret containing the smtp configuration
+    # for Grafana.
+    existingSecret: grafana-smtp
+    userKey: user
+    passwordKey: password
+
+kubeApiServer:
+  enabled: true
+  tlsConfig:
+    insecureSkipVerify: true
+
+kubelet:
+  enabled: true
+  namespace: kube-system
+
+coreDns:
+  enabled: true
+
+kubeEtcd:
+  enabled: true
+  serviceMonitor:
+    insecureSkipVerify: true
+  endpoints:
+  - @apiserver@
+
+kubeControllerManager:
+  enabled: true
+  serviceMonitor:
+    insecureSkipVerify: true
+  endpoints:
+  - @apiserver@
+
+kubeScheduler:
+  enabled: true
+  serviceMonitor:
+    insecureSkipVerify: true
+  endpoints:
+  - @apiserver@
+
+kubeProxy:
+  enabled: false
+  endpoints:
+  - @apiserver@
+@workers@
+
+kubeStateMetrics:
+  enabled: true
+
+nodeExporter:
+  enabled: true
+
+prometheusOperator:
+  enabled: true
+
+prometheus:
+  enabled: true
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: ca-issuer
+    hosts:
+      - prometheus.@cluster@.local
+    paths: []
+    tls:
+      - secretName: prometheus-general-tls
+        hosts:
+          - prometheus.@cluster@.local
+  prometheusSpec:
+    storageSpec:
+     volumeClaimTemplate:
+       spec:
+         storageClassName: managed-nfs-storage
+         accessModes: ["ReadWriteOnce"]
+         resources:
+           requests:
+             storage: 10Gi
+       selector: {}
+