feat: add kromgo and README labels

README.md

@@ -6,6 +6,27 @@
 
 </div>
 
+</div>
+
+<div align="center">
+
+[![Discord](https://img.shields.io/discord/673534664354430999?style=for-the-badge&label&logo=discord&logoColor=white&color=blue)](https://discord.gg/home-operations)&nbsp;&nbsp;
+[![Talos](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dtalos_version&style=for-the-badge&logo=talos&logoColor=white&color=blue&label=%20)](https://www.talos.dev/)&nbsp;&nbsp;
+[![Kubernetes](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dkubernetes_version&style=for-the-badge&logo=kubernetes&logoColor=white&color=blue&label=%20)](https://www.talos.dev/)&nbsp;&nbsp;
+[![Renovate](https://img.shields.io/github/actions/workflow/status/timtorChen/homelab/renovate.yaml?branch=main&label=&logo=renovatebot&style=for-the-badge&color=blue)](https://github.com/onedr0p/home-ops/actions/workflows/renovate.yaml)
+
+</div>
+
+<div align="center">
+
+[![Age](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dnode_age%26label%3D&style=flat-square&color=green&label=Age)](https://github.com/kashalls/kromgo/)&nbsp;&nbsp;
+[![Node-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dnode_count%26label%3D&style=flat-square&color=green&label=Node)](https://github.com/kashalls/kromgo/)&nbsp;&nbsp;
+[![Pod-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dpod_count%26label%3D&style=flat-square&color=green&label=Pod)](https://github.com/kashalls/kromgo/)&nbsp;&nbsp;
+[![CPU-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dcpu_usage%26label%3D&style=flat-square&label=CPU)](https://github.com/kashalls/kromgo/)&nbsp;&nbsp;
+[![Memory-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.timtor.dev%2Fquery%3Fformat%3Dendpoint%26metric%3Dmemory_usage%26label%3D&style=flat-square&label=Memory)](https://github.com/kashalls/kromgo/)&nbsp;&nbsp;
+
+</div>
+
 ---
 
 ## 📖 Overview

kubernetes/flux-system/boostrap.yaml

@@ -367,6 +367,21 @@ spec:
   path: /kubernetes/unpoller
   prune: true
 ---
+# kromgo
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  namespace: flux-system
+  name: 5-grafana
+spec:
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  interval: 10m0s
+  path: /kubernetes/kromgo
+  prune: false
+---
+# --- 6 - Application Namespaces ---
 # vaultwarden
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization

kubernetes/kromgo/app/kromgo-config.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: kromgo
+  name: kromgo-config
+data:
+  config.yaml: |
+    debug: false
+    metrics:
+      - name: kubernetes_version
+        query: kubernetes_build_info
+        label: git_version
+      - name: talos_version
+        query: node_os_info
+        label: version_id
+      - name: node_age
+        query: floor(max((time() - kube_node_created)/86400))
+        suffix: "d"
+      - name: node_count
+        query: count(node_uname_info)
+      - name: pod_count
+        query: count(kube_pod_info)
+      - name: cpu_usage
+        query: round(100*avg(1 - rate(node_cpu_seconds_total{mode="idle"}[5m])), 0.1)
+        suffix: "%"
+        colors:
+        - color: "green"
+          min: 0
+          max: 60
+        - color: "orange"
+          min: 60
+          max: 75
+        - color: "red"
+          min: 75
+          max: 100
+      - name: memory_usage
+        query: round(100*avg(1 - node_memory_MemAvailable_bytes/node_memory_MemTotal_bytes), 0.1)
+        suffix: "%"
+        colors:
+        - color: "green"
+          min: 0
+          max: 60
+        - color: "orange"
+          min: 60
+          max: 75
+        - color: "red"
+          min: 75
+          max: 100

kubernetes/kromgo/app/kromgo.yaml

@@ -0,0 +1,91 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  namespace: kromgo
+  name: bjw-s
+spec:
+  url: https://bjw-s.github.io/helm-charts
+  interval: 24h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  namespace: kromgo
+  name: kromgo
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+      chart: app-template
+      version: 3.0.4
+  interval: 1h
+  maxHistory: 1
+  timeout: 1m0s
+  values:
+    defaultPodOptions:
+      automountServiceAccountToken: false
+    controllers:
+      main:
+        type: deployment
+        replicas: 2
+        strategy: RollingUpdate
+        rollingUpdate:
+          unavailable: 1
+        annotations:
+          configmap.reloader.stakater.com/reload: &c kromgo-config
+        containers:
+          main:
+            image:
+              repository: ghcr.io/kashalls/kromgo
+              tag: 0.3.0
+            env:
+              PROMETHEUS_URL: http://mimir-query-frontend.mimir:8080/prometheus
+              PORT: 8080
+            securityContext:
+              runAsNonRoot: true
+              runAsUser: 65534
+              runAsGroup: 65534
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop: ["ALL"]
+              seccompProfile:
+                type: RuntimeDefault
+    persistence:
+      kromgo-config:
+        name: *c
+        enabled: true
+        type: configMap
+        advancedMounts:
+          main:
+            main:
+              - path: /kromgo/config.yaml
+                subPath: config.yaml
+                readOnly: true
+    service:
+      main:
+        enabled: true
+        controller: main
+        primary: true
+        type: ClusterIP
+        ports:
+          http:
+            enabled: true
+            primary: true
+            port: &p 8080
+            protocol: HTTP
+    ingress:
+      main:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: kromgo.timtor.dev
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  identifier: main
+                  port: *p

kubernetes/kromgo/app/networkpolicy.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  namespace: kromgo
+  name: kromgo-app-policy
+specs:
+  # allow connection from ingress-nginx
+  - endpointSelector: &self
+      matchLabels:
+        app.kubernetes.io/name: kromgo
+    ingress:
+      - fromEndpoints:
+          - matchLabels:
+              k8s:io.kubernetes.pod.namespace: ingress-nginx
+        toPorts:
+          - ports:
+              - protocol: TCP
+                port: "8080"
+  # allow kromgo to mimir
+  - endpointSelector: *self
+    egress:
+      - toEndpoints:
+          - matchLabels:
+              k8s:io.kubernetes.pod.namespace: kube-system
+              k8s-app: kube-dns
+        toPorts:
+          - ports:
+              - protocol: ANY
+                port: "53"
+            rules:
+              dns:
+                - matchPattern: "mimir-query-frontend.mimir.svc.cluster.local."
+      - toEndpoints:
+          - matchLabels:
+              k8s:io.kubernetes.pod.namespace: mimir
+              app.kubernetes.io/component: query-frontend
+        toPorts:
+          - ports:
+              - protocol: TCP
+                port: "8080"

kubernetes/kromgo/base/namespace.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kromgo
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/warn: restricted

kubernetes/kromgo/base/networkpolicy.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  namespace: kromgo
+  name: kromgo-default-policy
+specs:
+  - endpointSelector:
+      matchLabels: {}
+    ingress:
+      - {}
+    egress:
+      - {}

kubernetes/kromgo/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - base/namespace.yaml
+  - base/networkpolicy.yaml
+  - app/kromgo-config.yaml
+  - app/kromgo.yaml
+  - app/networkpolicy.yaml

kubernetes/mimir/networkpolicy.yaml

@@ -98,3 +98,17 @@ specs:
           - ports:
               - protocol: TCP
                 port: "8080"
+  # allow mimir-read from kromgo
+  - endpointSelector:
+      matchLabels:
+        app.kubernetes.io/name: mimir
+        app.kubernetes.io/component: query-frontend
+    ingress:
+      - fromEndpoints:
+          - matchLabels:
+              k8s:io.kubernetes.pod.namespace: kromgo
+              app.kubernetes.io/name: kromgo
+        toPorts:
+          - ports:
+              - protocol: TCP
+                port: "8080"

kubernetes/prometheus/kube-prometheus-stack.yaml

@@ -190,9 +190,25 @@ spec:
         metricRelabelings:
           - *drop-useless
 
-    # TODO: pick useful metrics
     kubelet:
-      enabled: false
+      enabled: true
+      http: false
+      cAdvisor: false
+      probes: false
+      resource: false
+      serviceMonitor:
+        cAdvisorMetricRelabelings:
+          - sourceLabels: [__name__]
+            regex: ".*"
+            action: drop
+        probesMetricRelabelings:
+          - sourceLabels: [__name__]
+            regex: ".*"
+            action: drop
+        metricRelabelings:
+          - sourceLabels: [__name__]
+            regex: ^(kubernetes_build_info)$
+            action: keep
 
     coreDns:
       enabled: true