OneLab Kubernetes GitOps (Argo CD)

- Helm charts: onelab app + observability (Loki/Promtail/Grafana)
- Values under gitops/values/ with public-safe placeholders
- Argo CD Application (spec.sources, 2.6+)

Made-with: Cursor

gitops/values/observability.yaml

@@ -0,0 +1,144 @@
+# Umbrella chart: Loki (SingleBinary + filesystem) + Promtail + Grafana.
+# Keep promtail hostPath below in sync with persistence.hostPath.logs in gitops/values/env-example.yaml.
+
+loki:
+  deploymentMode: SingleBinary
+  loki:
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      type: filesystem
+    schemaConfig:
+      configs:
+        - from: "2024-04-01"
+          store: tsdb
+          object_store: filesystem
+          schema: v13
+          index:
+            prefix: loki_index_
+            period: 24h
+    limits_config:
+      retention_period: 168h
+      ingestion_rate_mb: 16
+      ingestion_burst_size_mb: 32
+  singleBinary:
+    replicas: 1
+    persistence:
+      enabled: true
+      size: 10Gi
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+  ruler:
+    replicas: 0
+  minio:
+    enabled: false
+  lokiCanary:
+    enabled: false
+  test:
+    enabled: false
+  chunksCache:
+    enabled: false
+  resultsCache:
+    enabled: false
+
+promtail:
+  config:
+    clients:
+      - url: http://{{ .Release.Name }}-loki-gateway.{{ .Release.Namespace }}.svc.cluster.local/loki/api/v1/push
+    snippets:
+      extraRelabelConfigs:
+        - action: keep
+          source_labels:
+            - __meta_kubernetes_namespace
+          regex: onelab
+      extraScrapeConfigs: |
+        - job_name: onelab-host-log-files
+          static_configs:
+            - targets:
+                - localhost
+              labels:
+                job: onelab-files
+                namespace: onelab
+                component: host-logs
+                __path__: /onelab-host-logs/**/*
+  extraVolumes:
+    - name: onelab-host-logs
+      hostPath:
+        path: /opt/onelab/logs
+        type: DirectoryOrCreate
+  extraVolumeMounts:
+    - name: onelab-host-logs
+      mountPath: /onelab-host-logs
+      readOnly: true
+
+grafanaOnelabIngress:
+  enabled: true
+  className: traefik
+  host: grafana.onelab.example.com
+  tls: true
+  tlsSecretName: grafana-onelab-tls
+  clusterIssuer: letsencrypt-prod
+  servicePort: 80
+  annotations: {}
+
+grafana:
+  adminUser: admin
+  adminPassword: "REPLACE_GRAFANA_ADMIN_PASSWORD"
+  initChownData:
+    enabled: false
+  sidecar:
+    dashboards:
+      enabled: true
+      label: grafana_dashboard
+      folder: /tmp/dashboards
+      provider:
+        foldersFromFilesStructure: false
+        allowUiUpdates: true
+    datasources:
+      enabled: false
+  persistence:
+    enabled: true
+    size: 2Gi
+  service:
+    type: ClusterIP
+  grafana.ini:
+    server:
+      domain: grafana.onelab.example.com
+      root_url: https://grafana.onelab.example.com/
+  ingress:
+    enabled: false
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - name: Loki
+          type: loki
+          uid: loki
+          url: http://{{ .Release.Name }}-loki-gateway.{{ .Release.Namespace }}.svc.cluster.local
+          access: proxy
+          isDefault: true
+          jsonData:
+            maxLines: 1000