gitops: observability stack (Loki/Promtail/Grafana), Grafana Ingress, Argo multi-source

- Add gitops/observability umbrella chart with vendored Helm deps - Grafana Ingress: Traefik, letsencrypt-prod, grafana.k8s.selair.it + root_url - Argo Application: spec.sources (onelab + onelab-obs) - OneLab: configuration secret override, compliance/LDAP values, logs.path /logs - Docs: OBSERVABILITY, BOOTSTRAP, README, instance-overrides example Made-with: Cursor
2026-03-20 11:10:06 +01:00
parent 9cb1b10d6c
commit b91c35c410
18 changed files with 360 additions and 14 deletions
--- a/gitops/docs/BOOTSTRAP.md
+++ b/gitops/docs/BOOTSTRAP.md
@@ -47,3 +47,9 @@ kubectl apply -f gitops/argocd/application.yaml
 ## 3. RabbitMQ TLS

 Secret `onelab-rabbit-tls` must exist before RabbitMQ starts (created once from `app/rabbit/ssl/` or your own PEMs).
+
+## 4. Argo CD version + observability stack
+
+`gitops/argocd/application.yaml` uses **`spec.sources`** (two Helm charts in one Application). Use **Argo CD 2.6 or newer**.
+
+The second source installs Loki/Promtail/Grafana from `gitops/observability/` (`releaseName: onelab-obs`). Set a strong **`grafana.adminPassword`** in `gitops/observability/values.yaml` before production. Details: [OBSERVABILITY.md](OBSERVABILITY.md).