diff --git a/k8s/production/prometheus/sealed-secrets.yaml b/k8s/production/prometheus/sealed-secrets.yaml index a39de7948..ade33691e 100644 --- a/k8s/production/prometheus/sealed-secrets.yaml +++ b/k8s/production/prometheus/sealed-secrets.yaml @@ -45,20 +45,6 @@ spec: --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret -metadata: - name: grafana-additional-datasources - namespace: monitoring -spec: - encryptedData: - values.yaml: AgBbtbcr4NqaoAb/pV7X7uUJsHiLCD3mpSXutE0krEjzXlx/2iLTBxuq2G56BpOqX5Ytn7QfyhfvxWAlu2TB4bXqhjLsNQYlRXhOOiGklymfRSSqy9+L0w//Ei8lcEBNi1wYVWXpEzeNdiPWl+dhd3fiji+sPbXnq6JlZcCik7usZYIWvUTZX9hnMslgdduX0pDRoY1U6A5ho7CgZ0e25TZUXfpsM8f3Njb88H1gKEtSyDR/EfAosYtYJyYhyq/+zAIoiU5VXR9/HhnaqlZ0Su9ogfCSqSklAM1LCkUZp9tIw1/z5lZmvjaND1QHCqbV51OhNy1L1U9Y645APWvw9pMz/AASKm3OGAbFtzlaDQwPNCz/UQtC3Md3kX64prrbiolPQbfRjjVN8XKt7Pq9/hbu5I/dCgxX9IIT+IpGX2p9xfXH2U/QCWRA5N9UK9UKKFPoRYjkIspRE+y0Cp1Xk6rH0YT8A+aY0h/9zUzFXc46mtKfNwCZAS6W2uoO8ykzLnCRn5bPbCkeM1HrNjB3K82j6D5ZhNs0XaTJK/nfx0uoJVHXrSrn0s5ODaMNHegG8x5Tg5w5ToISS9lBjLIUtdGndBl/8zgr7TQRNTWEADCINk+acQ8qP+Pk2/c55W0lxRYk5IinecOxaS01OnmZjn2QvwZU5v01yfBM1+1dJj7eGPqXqzsD6k4xa5GyJIwedz7uE3gDUBV31AobFoJmspQPiaMyW5p2nbIvIfajhZ7T3UNHFNkVEiAdBoY6gnWIZABpRaFxfZZdpOeea6BAncGoF3dAKLiZqjbKgJOB4X7A5o/8AsjNHG/phx+LG0LkehudbJ0kcC+eFZqRLNUuyfHkhw1CIz0S3gV5a7HbiU1NHnKbFDhlXy6ySe8J3WBzJPhVHK5WFOhFtnpWC4dKe9upge7NS+yzUzPR/9mJvNLyT05pcWGFFPA7MyXSax3XX464gr3+R9FzFvqz+vnbbGZcuKroDZVpx/jut11/oedCh2hzy2uTX0TPXYnHlT2aNYodAdC3C2FR1C+1fReSQsr9aMoOtmos+eCS2kACt2C0qdWlO/4qozsBYL1C8fmwwXczypj8J451Q7d1nnPkMf6IlI8k+5TRD7MZ6PpdB+vk110WKbwBLAV4gE4V2qPz/Jb/11AEAE1WPIUIJWZgvO47hHqup5bULw3DFKfyJaC2z2kf+D7k+dWUAXYZrN2o6nOmSrz4FKxqRXGfFMBUs+xkvtlFYBvcWRmD95mns36a7PldyLw98PvAXeAuGroVxW/7ttHA5AiLo1We1iTysWvJtnQ8vn0X3cmUlmO4Z58UzizDVLjzzRpn+xuvfTLLZJiCsNvB6sB6ssyw3/93ESr/ZT3A86jwds82A2mCVAC9Bz8Lp21wTQ56pinWwI4M9iz6+9Hms1w7P4WhWcrYkHkJ1UwZNpwwckHIFzq3M8FLg/layiK5JVRxeJPHfpxUuTfXgEDw9t1ewkxbH8dv7vSolAEkxKnh9uNmVgwntpCYq9eyOo7zTeXa/YFdMLCYkmYL1IWAuacW/dvZ8JO4OFIZMR3PuFlIGHZXojca7mXbRic8yX/WEaFoW5zje5ZS/Qio7Dr/OwLgnKoePLOnRw8ilFUG3JL4HazpUcvd2uLgfVarrGDRaCrlovNKJZzINBTCs844FKh5OPMcm5BIIpIgY/EBGit2Q/7v2ie5Q4WYejDo3FVSnVqKpkvc045YgYVriN1/SIT5hBrDds3Sk7Cp/OsnMyk9WzDjQ2RoeNCablOkJ66WlUJtDQ4Vz/r4/1vSPRtg+11Nmk6FKyFRRTqOPjd969OUyLuopQEp4Si3Wsaa6YGRt9lzsQDNs91d8HKsZ1e41vf4MXOhChSGqpEHdS/L5UFRmbcxNRSN1Ru+/pH7lQrFjkVJ/bFcN+T8GXGJIWIgoaXqBTb8oYTFIOxvnE1ZZcw90HznaKyw0B1lvBy5bLEfi1whKAGzW4XSWlHPt/e+WTvcNzxnF2GfDJSIGdZu8umANLJ/HSuguu7OR7+MVFOfpPdYPdiuHaW20MB+Hsz7x0fKwKB438IqBciudB7k7nWBK4Nj+t3sNBJ+kJHWb7j/CuIJgETB7tvef1pgq4VZ2HFBZg3Se7bWpbPBIlLjvnziCubXKYgoyjmWb3YQQ5QUAhV259RtDek8ClRK1osA/O/wCPgeUpCSvefJjSgZXrgEKJJwvI4zCQbLtw3vPno3/GTpH6IrHufMeKqv+g== - template: - metadata: - annotations: - kustomize.toolkit.fluxcd.io/reconcile: disabled - sealedsecrets.bitnami.com/managed: "true" ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret metadata: name: client-ca namespace: monitoring diff --git a/k8s/staging/prometheus/sealed-secrets.yaml b/k8s/staging/prometheus/sealed-secrets.yaml index 678479efa..98eb59b93 100644 --- a/k8s/staging/prometheus/sealed-secrets.yaml +++ b/k8s/staging/prometheus/sealed-secrets.yaml @@ -31,20 +31,6 @@ spec: --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret -metadata: - name: grafana-additional-datasources - namespace: monitoring -spec: - encryptedData: - values.yaml: AgCSaYuqXhVDz2h8fC76d4SbWI/lDdzR2nrtGnY9ahGem60PoSEMzZngJvPv4A8hAYF5NMPzeqilOZmsTK4ITFaKuGsYNCi8lu3hL9ZMTIfKrZMyY7WDf5ehe15WCKF+uz0KN34uc88fVQL7CFGiCc4dtsCi8maljSW/0Vz0t4e3R6j6uq/3BUeagTBAVItNROLeByOl73nBNwQOPqedPhF4NNgiafTKlZ8qDmuPOUBE6wJRx2rUH0lSgcEEeNej35J+XgHWnU6CYhXK1/ctwAkJJZaGDzfdS5vcUvvstfN90pnaOkeOwAVdYLN1p6KKv3Lvo1O5Y8xqV9bcRz81eEZxUq5rEngDdObbou7aiVPb26k6lvVVMgKE/CkoNx3G3LHPEPW6Ij3OGRmz2+YZBX3VqR3Tq9PsT2GNvEbk1+J1LDmkB7IFfpMjfTvxChDmRXECOvimWBG0h9K54aQEyFO5woVelwcDGuHbLYxk9nF1KDLrNgyUEAcIcTbMFrH8E8YSAvmZKv1+RtmyNUob3e4eYQ6orgqOLfxEs6AtcWUrrkdU2YWAMVfXYX+2ZwPF3sCHRwrR3+QS7pA7aDuwR4UyyJ+4Vvf5SA6f9WZzLoZhdAN7vv3fMXgiaa4fYqmpZReTJWW4UPr4UrzHen/OTOJ/t48953X4bmP6qXD4ermqc0c9rFs+Q83kyOh8xJ8w70Nh/23Hs9nCotGzwZGtLg3YvzdswlzJaZET2g1AA1X/CKl94T0= - template: - metadata: - annotations: - kustomize.toolkit.fluxcd.io/reconcile: disabled - sealedsecrets.bitnami.com/managed: "true" ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret metadata: name: oauth2-proxy namespace: monitoring diff --git a/terraform/modules/spack_aws_k8s/prometheus.tf b/terraform/modules/spack_aws_k8s/prometheus.tf new file mode 100644 index 000000000..fda5b3e3a --- /dev/null +++ b/terraform/modules/spack_aws_k8s/prometheus.tf @@ -0,0 +1,54 @@ +data "aws_secretsmanager_secret_version" "gitlab_db_ro_credentials" { + secret_id = "gitlab-${var.deployment_name}-readonly-credentials" +} + +resource "kubectl_manifest" "prometheus_additional_datasources_secret" { + yaml_body = <<-YAML + apiVersion: v1 + kind: Secret + metadata: + name: grafana-additional-datasources + namespace: monitoring + stringData: + values.yaml: |- + grafana: + additionalDataSources: + - name: OpenSearch + editable: "false" + type: grafana-opensearch-datasource + url: "https://${aws_opensearch_domain.spack.endpoint}" + version: "1" + access: proxy + basicAuth: "true" + basicAuthUser: ${local.opensearch_master_user_name} + secureJsonData: + basicAuthPassword: "${random_password.opensearch_password.result}" + jsonData: + database: "gitlab-job-failures-*" + timeField: timestamp + flavor: opensearch + version: "1.3.0" + - name: PostgreSQL + type: postgres + access: proxy + url: ${module.gitlab_db.db_instance_address} + user: ${jsondecode(data.aws_secretsmanager_secret_version.gitlab_db_ro_credentials.secret_string)["username"]} + database: gitlabhq_production + secureJsonData: + password: "${jsondecode(data.aws_secretsmanager_secret_version.gitlab_db_ro_credentials.secret_string)["password"]}" + jsonData: + postgresVersion: 14 + - name: AnalyticsDB + type: postgres + uid: XCh6DDkSz + access: proxy + url: ${module.analytics_db.db_instance_address} + user: postgres + database: analytics + secureJsonData: + password: "${random_password.analytics_db_password.result}" + jsonData: + postgresVersion: 15 + + YAML +}