roles/kube_prometheus_stack/defaults/main.yml - atmosphere - Gitiles

 # Copyright (c) 2023 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.

 kube_prometheus_stack_helm_release_name: kube-prometheus-stack
 kube_prometheus_stack_helm_chart_path: "../../charts/kube-prometheus-stack/"
 kube_prometheus_stack_helm_chart_ref: /usr/local/src/kube-prometheus-stack

 kube_prometheus_stack_helm_release_namespace: monitoring
 kube_prometheus_stack_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
 kube_prometheus_stack_helm_values: {}

 kube_prometheus_stack_node_exporter_tls_template: "{{ _kube_prometheus_stack_tls_template }}"
 kube_prometheus_stack_node_exporter_config:
   tls_server_config:
     # NOTE(mnaser): The kubelet doesn't have the ability of sending a client
     #               certificate, so we can't verify with a client certificate.
     client_auth_type: VerifyClientCertIfGiven
     client_ca_file: /certs/ca.crt
     cert_file: /certs/tls.crt
     key_file: /certs/tls.key

 kube_prometheus_stack_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
 kube_prometheus_stack_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"

 kube_prometheus_stack_grafana_admin_password: "{{ undef('You must specify a Grafana password using kube_prometheus_stack_grafana_admin_password') }}"

 kube_prometheus_stack_grafana_host: "{{ undef('You must specify a Grafana host using kube_prometheus_stack_grafana_host') }}"
 kube_prometheus_stack_grafana_ingress_annotations:
   cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
   cert-manager.io/common-name: "{{ kube_prometheus_stack_grafana_host }}"

 kube_prometheus_stack_alertmanager_host: "{{ undef('You must specify a Alertmanager host using kube_prometheus_stack_alertmanager_host') }}"
 kube_prometheus_stack_alertmanager_ingress_annotations:
   cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
   cert-manager.io/common-name: "{{ kube_prometheus_stack_alertmanager_host }}"

 kube_prometheus_stack_prometheus_host: "{{ undef('You must specify a Prometheus host using kube_prometheus_stack_prometheus_host') }}"
 kube_prometheus_stack_prometheus_ingress_annotations:
   cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
   cert-manager.io/common-name: "{{ kube_prometheus_stack_prometheus_host }}"
 kube_prometheus_stack_prometheus_tls_template: "{{ _kube_prometheus_stack_tls_template }}"

 kube_prometheus_stack_keycloak_server_url: "https://{{ keycloak_host }}"
 kube_prometheus_stack_keycloak_admin_realm_name: master
 kube_prometheus_stack_keycloak_admin_client_id: admin-cli
 kube_prometheus_stack_keycloak_admin_user: admin
 kube_prometheus_stack_keycloak_admin_password: "{{ keycloak_admin_password }}"
 kube_prometheus_stack_keycloak_realm: atmosphere
 kube_prometheus_stack_keycloak_realm_name: Atmosphere

 kube_prometheus_stack_keycloak_clients:
   - id: alertmanager
     port: 9093
     roles: ["member"]
     oauth2_proxy: true
     redirect_uris:
       - "https://{{ kube_prometheus_stack_alertmanager_host }}/oauth2/callback"
   - id: grafana
     roles: ["admin", "editor", "viewer"]
     oauth2_proxy: false
     redirect_uris:
       - "https://{{ kube_prometheus_stack_grafana_host }}/login"
       - "https://{{ kube_prometheus_stack_grafana_host }}/login/generic_oauth"
   - id: prometheus
     port: 9090
     roles: ["member"]
     oauth2_proxy: true
     redirect_uris:
       - "https://{{ kube_prometheus_stack_prometheus_host }}/oauth2/callback"
	# Copyright (c) 2023 VEXXHOST, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.

	kube_prometheus_stack_helm_release_name: kube-prometheus-stack
	kube_prometheus_stack_helm_chart_path: "../../charts/kube-prometheus-stack/"
	kube_prometheus_stack_helm_chart_ref: /usr/local/src/kube-prometheus-stack

	kube_prometheus_stack_helm_release_namespace: monitoring
	kube_prometheus_stack_helm_kubeconfig: "{{ kubeconfig_path \| default('/etc/kubernetes/admin.conf') }}"
	kube_prometheus_stack_helm_values: {}

	kube_prometheus_stack_node_exporter_tls_template: "{{ _kube_prometheus_stack_tls_template }}"
	kube_prometheus_stack_node_exporter_config:
	tls_server_config:
	# NOTE(mnaser): The kubelet doesn't have the ability of sending a client
	# certificate, so we can't verify with a client certificate.
	client_auth_type: VerifyClientCertIfGiven
	client_ca_file: /certs/ca.crt
	cert_file: /certs/tls.crt
	key_file: /certs/tls.key

	kube_prometheus_stack_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
	kube_prometheus_stack_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"

	kube_prometheus_stack_grafana_admin_password: "{{ undef('You must specify a Grafana password using kube_prometheus_stack_grafana_admin_password') }}"

	kube_prometheus_stack_grafana_host: "{{ undef('You must specify a Grafana host using kube_prometheus_stack_grafana_host') }}"
	kube_prometheus_stack_grafana_ingress_annotations:
	cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
	cert-manager.io/common-name: "{{ kube_prometheus_stack_grafana_host }}"

	kube_prometheus_stack_alertmanager_host: "{{ undef('You must specify a Alertmanager host using kube_prometheus_stack_alertmanager_host') }}"
	kube_prometheus_stack_alertmanager_ingress_annotations:
	cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
	cert-manager.io/common-name: "{{ kube_prometheus_stack_alertmanager_host }}"

	kube_prometheus_stack_prometheus_host: "{{ undef('You must specify a Prometheus host using kube_prometheus_stack_prometheus_host') }}"
	kube_prometheus_stack_prometheus_ingress_annotations:
	cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
	cert-manager.io/common-name: "{{ kube_prometheus_stack_prometheus_host }}"
	kube_prometheus_stack_prometheus_tls_template: "{{ _kube_prometheus_stack_tls_template }}"

	kube_prometheus_stack_keycloak_server_url: "https://{{ keycloak_host }}"
	kube_prometheus_stack_keycloak_admin_realm_name: master
	kube_prometheus_stack_keycloak_admin_client_id: admin-cli
	kube_prometheus_stack_keycloak_admin_user: admin
	kube_prometheus_stack_keycloak_admin_password: "{{ keycloak_admin_password }}"
	kube_prometheus_stack_keycloak_realm: atmosphere
	kube_prometheus_stack_keycloak_realm_name: Atmosphere

	kube_prometheus_stack_keycloak_clients:
	- id: alertmanager
	port: 9093
	roles: ["member"]
	oauth2_proxy: true
	redirect_uris:
	- "https://{{ kube_prometheus_stack_alertmanager_host }}/oauth2/callback"
	- id: grafana
	roles: ["admin", "editor", "viewer"]
	oauth2_proxy: false
	redirect_uris:
	- "https://{{ kube_prometheus_stack_grafana_host }}/login"
	- "https://{{ kube_prometheus_stack_grafana_host }}/login/generic_oauth"
	- id: prometheus
	port: 9090
	roles: ["member"]
	oauth2_proxy: true
	redirect_uris:
	- "https://{{ kube_prometheus_stack_prometheus_host }}/oauth2/callback"