Initial upload

otc/stacks/observability/grafana-operator.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grafana-operator
+  namespace: argocd
+  labels:
+    env: dev
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+  destination:
+    name: in-cluster
+    namespace: observability
+  sources:
+    - chart: grafana-operator
+      repoURL: ghcr.io/grafana/helm-charts
+      targetRevision: v5.18.0
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      path: "otc//stacks/observability/grafana-operator/manifests"

otc/stacks/observability/grafana-operator/manifests/argocd.yaml

@@ -0,0 +1,9 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: argocd
+spec:
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"

otc/stacks/observability/grafana-operator/manifests/grafana.yaml

@@ -0,0 +1,36 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: Grafana
+metadata:
+  name: grafana
+  labels:
+    dashboards: "grafana"
+spec:
+  persistentVolumeClaim:
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+  ingress:
+    metadata:
+      annotations:
+        cert-manager.io/cluster-issuer: main
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    spec:
+      ingressClassName: nginx
+      rules:
+      - host: grafana.
+        http:
+          paths:
+          - backend:
+              service:
+                name: grafana-service
+                port:
+                  number: 3000
+            path: /
+            pathType: Prefix
+      tls:
+      - hosts:
+        - grafana.
+        secretName: grafana-net-tls

otc/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml

@@ -0,0 +1,9 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: ingress-nginx 
+spec:
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"

otc/stacks/observability/grafana-operator/manifests/victoria-logs.yaml

@@ -0,0 +1,9 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: victoria-logs
+spec:
+  instanceSelector:
+    matchLabels:
+      dashboards: "grafana"
+  url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"

otc/stacks/observability/victoria-k8s-stack.yaml

@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: victoria-k8s-stack
+  name: o12y
   namespace: argocd
   labels:
     env: dev
@@ -12,6 +12,7 @@ spec:
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
+      - ServerSideApply=true
   destination:
     name: in-cluster
     namespace: observability
@@ -19,7 +20,6 @@ spec:
     - chart: victoria-metrics-k8s-stack
       repoURL: https://victoriametrics.github.io/helm-charts/
       targetRevision: 0.48.1
-      releaseName: victoria
       helm:
         valueFiles:
           - $values/otc//stacks/observability/victoria-k8s-stack/values.yaml

otc/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml

@@ -6,6 +6,9 @@ metadata:
 spec:
   retentionPeriod: "12"
   removePvcAfterDelete: true
+  storageMetadata:
+    annotations:
+      everest.io/crypt-key-id: 
   storage:
     accessModes:
       - ReadWriteOnce

otc/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml

@@ -0,0 +1,15 @@
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMUser
+metadata:
+  name: simple-user
+  namespace: observability
+spec:
+  username: simple-user
+  password: simple-password
+  targetRefs:
+    - static:
+        url: http://vmsingle-o12y:8429
+      paths: ["/api/v1/write"]
+    - static:
+        url: http://vlogs-victorialogs:9428
+      paths: ["/insert/elasticsearch/.*"]

otc/stacks/observability/victoria-k8s-stack/values.yaml

@@ -14,13 +14,13 @@ global:
 # -- Override chart name
 nameOverride: ""
 # -- Resource full name override
-fullnameOverride: ""
+fullnameOverride: "o12y"
 # -- Tenant to use for Grafana datasources and remote write
 tenant: "0"
 # -- If this chart is used in "Argocd" with "releaseName" field then
 # VMServiceScrapes couldn't select the proper services.
 # For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME'
-argocdReleaseOverride: ""
+argocdReleaseOverride: "o12y"
 
 # -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour
 victoria-metrics-operator:
@@ -50,7 +50,7 @@ defaultDashboards:
   annotations: {}
   grafanaOperator:
     # -- Create dashboards as CRDs (requires grafana-operator to be installed)
-    enabled: false
+    enabled: true
     spec:
       instanceSelector:
         matchLabels:
@@ -286,6 +286,9 @@ vmsingle:
     retentionPeriod: "1"
     replicaCount: 1
     extraArgs: {}
+    storageMetadata:
+      annotations:
+        everest.io/crypt-key-id: 
     storage:
       accessModes:
         - ReadWriteOnce
@@ -346,7 +349,7 @@ vmcluster:
           spec:
             resources:
               requests:
-                storage: 10Gi
+                storage: 10Gi     
       resources:
         {}
         # limits:
@@ -749,7 +752,7 @@ vmalert:
 
 vmauth:
   # -- Enable VMAuth CR
-  enabled: false
+  enabled: true
   # -- VMAuth annotations
   annotations: {}
   # -- (object) Full spec for VMAuth CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmauthspec)
@@ -758,23 +761,21 @@ vmauth:
   # * `{{ .vm.write }}` - parsed vminsert, vmsingle or external.vm.write URL
   spec:
     port: "8427"
-    unauthorizedUserAccessSpec:
-      # -- Flag, that allows to disable default VMAuth unauthorized user access config
-      disabled: false
-      discover_backend_ips: true
-      url_map:
-        - src_paths:
-            - '{{ .vm.read.path }}/.*'
-          url_prefix:
-            - '{{ urlJoin (omit .vm.read "path") }}/'
-        - src_paths:
-            - '{{ .vm.write.path }}/.*'
-          url_prefix:
-            - '{{ urlJoin (omit .vm.write "path") }}/'
+    ingress:
+      class_name: nginx
+      annotations:
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        cert-manager.io/cluster-issuer: main
+      host: o12y.observability.
+      tlsHosts:
+        - o12y.observability.
+      tlsSecretName: vmauth-tls-secret
+    unauthorizedUserAccessSpec: {}
+    selectAllByDefault: true
 
 vmagent:
   # -- Create VMAgent CR
-  enabled: true
+  enabled: false
   # -- VMAgent annotations
   annotations: {}
   # -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec)
@@ -828,9 +829,14 @@ vmagent:
 defaultDatasources:
   grafanaOperator:
     # -- Create datasources as CRDs (requires grafana-operator to be installed)
-    enabled: false
+    enabled: true
     annotations: {}
     spec:
+      plugins:
+        - name: victoriametrics-metrics-datasource
+          version: 0.16.0
+        - name: victoriametrics-logs-datasource
+          version: 0.17.0
       instanceSelector:
         matchLabels:
           dashboards: grafana
@@ -863,16 +869,26 @@ defaultDatasources:
   # -- Configure additional grafana datasources (passed through tpl).
   # Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details
   extra: 
-    - name: victoria-logs
+    - name: VictoriaLogs
       access: proxy
-      type: VictoriaLogs
+      type: victoriametrics-logs-datasource
       url: http://vlogs-victorialogs:9428
-      version: 1
+      version: 0.18.0
 
 # -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration)
 grafana:
-  enabled: true
+  enabled: false
   # all values for grafana helm chart can be specified here
+  persistence:
+    enabled: true
+    type: pvc
+    storageClassName: "default"
+  grafana.ini:
+    # auth:
+    #   login_maximum_inactive_lifetime_duration: 0
+    #   login_maximum_lifetime_duration: 0
+    security:
+      disable_brute_force_login_protection: true
   sidecar:
     datasources:
       enabled: true
@@ -887,14 +903,26 @@ grafana:
       enabled: true
       multicluster: false
 
+  # dashboards:
+  #   default:
+  #     victoria-logs:
+  #       url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"
+  #     victoria-logs-explorer:
+  #       url: "https://grafana.com/api/dashboards/22759/revisions/6/download"
+  #     ingress-nginx:
+  #       url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"
+  #     argocd:
+  #       url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"
+
   # -- Create datasource configmap even if grafana deployment has been disabled
-  forceDeployDatasource: false
+  forceDeployDatasource: true
 
   # Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana:
   # Note that Grafana will need internet access to install the datasource plugin.
-  #
-  # plugins:
-  # - victoriametrics-metrics-datasource
+  
+  plugins:
+    - victoriametrics-metrics-datasource
+    - victoriametrics-logs-datasource
 
   ingress:
     enabled: false