docs(monitoring): add info how to expose
diff --git a/.markdownlint.yaml b/.markdownlint.yaml
new file mode 100644
index 0000000..bbabe74
--- /dev/null
+++ b/.markdownlint.yaml
@@ -0,0 +1 @@
+MD046: false
diff --git a/docs/alerts.md b/docs/alerts.md
deleted file mode 100644
index 351dd2d..0000000
--- a/docs/alerts.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Alerts
-
-## `etcdDatabaseHighFragmentationRatio`
-
-```console
-kubectl -n kube-system exec svc/kube-prometheus-stack-kube-etcd -- \
- etcdctl defrag \
- --cluster \
- --cacert /etc/kubernetes/pki/etcd/ca.crt \
- --key /etc/kubernetes/pki/etcd/server.key \
- --cert /etc/kubernetes/pki/etcd/server.crt
-```
diff --git a/docs/integrations.md b/docs/integrations.md
deleted file mode 100644
index cd7b44d..0000000
--- a/docs/integrations.md
+++ /dev/null
@@ -1,28 +0,0 @@
-# Integrations
-
-## OpsGenie
-
-Atmosphere can be integrated with OpsGenie in order to send all alerts to it,
-this is useful if you want to have a single place to manage all your alerts.
-
-In order to get started, you will need to complete the following steps inside
-OpsGenie:
-
-1. Create an integration inside OpsGenie, you can do this by going to
- _Settings_ > _Integrations_ > _Add Integration_ and selecting _Prometheus_.
-2. Copy the API key that is generated for you and setup correct assignment
- rules inside OpsGenie.
-3. Create a new heartbeat inside OpsGenie, you can do this by going to
- _Settings_ > _Heartbeats_ > _Create Heartbeat_. Set the interval to 1 minute.
-
-Afterwards, you can configure the following options for the Atmosphere config:
-
-```yaml
-atmosphere_opsgenie_config:
- enabled: true
- api_key: <your-api-key>
- heartbeat: <your-heartbeat-name>
-```
-
-Once this is done and deployed, you'll start to see alerts inside OpsGenie and
-you can also verify that the heartbeat is listed as _ACTIVE_.
diff --git a/docs/monitoring.md b/docs/monitoring.md
new file mode 100644
index 0000000..dc924f3
--- /dev/null
+++ b/docs/monitoring.md
@@ -0,0 +1,179 @@
+# Monitoring
+
+## Exposing data
+
+There are a few ways to expose both the monitoring services to view the health
+and the metrics of the cluster.
+
+### Port forwarding
+
+The easiest way to expose the monitoring services is to use port forwarding
+using the built-in `kubectl` command.
+
+#### Prometheus
+
+```bash
+kubectl -n monitoring port-forward svc/kube-prometheus-stack-prometheus 9090
+```
+
+Once you run the command above, you'll be able to open `http://localhost:9090`
+on your local system and view the Prometheus UI.
+
+#### AlertManager
+
+```bash
+kubectl -n monitoring port-forward svc/kube-prometheus-stack-alertmanager 9093
+```
+
+Once you run the command above, you'll be able to open `http://localhost:9093`
+on your local system and view the AlertManager UI.
+
+### Unprotected access
+
+If you want to expose the monitoring services, you can use the following
+overrides which will create an `Ingress` for all the services.
+
+!!! danger
+
+ This will expose the monitoring services without any authentication or
+ authorization. This is not recommended for production environments or any
+ environment where the monitoring services are exposed to the public internet.
+
+```yaml
+kube_prometheus_stack_values:
+ alertmanager:
+ ingress:
+ enabled: true
+ annotations:
+ cert-manager.io/cluster-issuer: atmosphere
+ hosts:
+ - alertmanager.example.com
+ tls:
+ - secretName: alertmanager-tls
+ hosts:
+ - alertmanager.example.com
+ alertmanagerSpec:
+ externalUrl: https://alertmanager.example.com
+ prometheus:
+ ingress:
+ enabled: true
+ ingressClassName: openstack
+ annotations:
+ cert-manager.io/cluster-issuer: atmosphere
+ hosts:
+ - prometheus.example.com
+ tls:
+ - secretName: prometheus-certs
+ hosts:
+ - prometheus.example.com
+ prometheusSpec:
+ externalUrl: https://prometheus.example.com
+```
+
+### Protected access
+
+If you want to expose the monitoring services, you can use the following
+overrides which will create an `Ingress` for all the services.
+
+```yaml
+kube_prometheus_stack_values:
+ alertmanager:
+ ingress:
+ enabled: true
+ annotations:
+ cert-manager.io/cluster-issuer: atmosphere
+ nginx.ingress.kubernetes.io/auth-type: basic
+ nginx.ingress.kubernetes.io/auth-secret: prometheus-auth
+ nginx.ingress.kubernetes.io/auth-realm: Prometheus
+ hosts:
+ - alertmanager.example.com
+ tls:
+ - secretName: alertmanager-tls
+ hosts:
+ - alertmanager.example.com
+ alertmanagerSpec:
+ externalUrl: https://alertmanager.example.com
+ prometheus:
+ ingress:
+ enabled: true
+ ingressClassName: openstack
+ annotations:
+ cert-manager.io/cluster-issuer: atmosphere
+ nginx.ingress.kubernetes.io/auth-type: basic
+ nginx.ingress.kubernetes.io/auth-secret: prometheus-auth
+ nginx.ingress.kubernetes.io/auth-realm: Prometheus
+ hosts:
+ - prometheus.example.com
+ tls:
+ - secretName: prometheus-certs
+ hosts:
+ - prometheus.example.com
+ prometheusSpec:
+ externalUrl: https://prometheus.example.com
+```
+
+Once you've deployed with the overrides above, you'll need to create a secret
+with the username and password you want to use to access the monitoring
+services.
+
+```bash
+htpasswd -c auth monitoring
+```
+
+The above will generate a file called `auth` with the username and password,
+in this case the username is `monitoring`. You'll need to create a secret with
+the contents of the file.
+
+```bash
+kubectl -n monitoring create secret generic prometheus-auth --from-file=auth
+```
+
+Once you're done, you'll be able to access the monitoring services using the
+username and password you created.
+
+!!! info
+
+ In the future, Atmosphere will support automating the process of exposing
+ the monitoring stack with basic authentication.
+
+## Integrations
+
+### OpsGenie
+
+Atmosphere can be integrated with OpsGenie in order to send all alerts to it,
+this is useful if you want to have a single place to manage all your alerts.
+
+In order to get started, you will need to complete the following steps inside
+OpsGenie:
+
+1. Create an integration inside OpsGenie, you can do this by going to
+ _Settings_ > _Integrations_ > _Add Integration_ and selecting _Prometheus_.
+2. Copy the API key that is generated for you and setup correct assignment
+ rules inside OpsGenie.
+3. Create a new heartbeat inside OpsGenie, you can do this by going to
+ _Settings_ > _Heartbeats_ > _Create Heartbeat_. Set the interval to 1 minute.
+
+Afterwards, you can configure the following options for the Atmosphere config:
+
+```yaml
+atmosphere_opsgenie_config:
+ enabled: true
+ api_key: <your-api-key>
+ heartbeat: <your-heartbeat-name>
+```
+
+Once this is done and deployed, you'll start to see alerts inside OpsGenie and
+you can also verify that the heartbeat is listed as _ACTIVE_.
+
+## Alerts
+
+### `etcdDatabaseHighFragmentationRatio`
+
+```console
+kubectl -n kube-system exec svc/kube-prometheus-stack-kube-etcd -- \
+ etcdctl defrag \
+ --cluster \
+ --cacert /etc/kubernetes/pki/etcd/ca.crt \
+ --key /etc/kubernetes/pki/etcd/server.key \
+ --cert /etc/kubernetes/pki/etcd/server.crt
+```