apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: prometheus namespace: argo-cd finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: server: https://kubernetes.default.svc namespace: prometheus project: default source: chart: kube-prometheus-stack helm: values: | namespaceOverride: prometheus alertmanager.enabled: true kubeApiServer.enabled: false kubelet.enabled: false kubeControllerManager.enabled: false coreDns.enabled: false kubeDns.enabled: false kubeEtcd.enabled: false kubeScheduler.enabled: false kubeProxy.enabled: false kubeStateMetrics.enabled: false grafana: enabled: true persistence: enabled: true storageClassName: longhorn env: GF_SERVER_ROOT_URL: https://%(domain)s/ # GF_AUTH_GENERIC_OAUTH_ENABLED: "true" # GF_AUTH_GENERIC_OAUTH_NAME: authentik # GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email # GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/ # GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/ # GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/ # GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/ # GF_AUTH_OAUTH_AUTO_LOGIN: "true" # GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" # envFromSecrets: # - name: grafana-oauth ingress: enabled: true ingressClassName: traefik annotations: cert-manager.io/acme-challenge-type: dns01 cert-manager.io/cluster-issuer: roxedus.com-cloudflare hosts: - grafana.roxedus.com tls: - hosts: - grafana.roxedus.com secretName: grafana-roxedus-com-cert repoURL: https://prometheus-community.github.io/helm-charts targetRevision: 43.1.1 syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true - ServerSideApply=true