ingress for monitoring

2026-06-08 15:22:55 +02:00
parent ac13ae5515
commit cad03104f7
4 changed files with 105 additions and 15 deletions
@@ -35,13 +35,14 @@ jobs:
          helm repo add apache-airflow https://airflow.apache.org
          helm repo add codecentric https://codecentric.github.io/helm-charts
          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
          helm repo update
          
      - name: Deploy Nginx
        if: ${{ inputs.service == 'all' || inputs.service == 'nginx' }}
        run: |
-          helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-          helm repo update
          helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
            --namespace ingress-nginx \
            --create-namespace \
@@ -53,7 +54,7 @@ jobs:
          helm upgrade --install airflow apache-airflow/airflow \
            --namespace airflow \
            --create-namespace \
-            --values helm/airflow/values.yaml \
+            --values helm/airflow/values.yaml

      - name: Deploy Keycloak PostgreSQL
        if: ${{ inputs.service == 'all' || inputs.service == 'keycloak' || inputs.service == 'keycloak-db' }}
@@ -74,14 +75,51 @@ jobs:
            --create-namespace \
            --values helm/keycloak/values.yaml \
            --wait
+      - name: Create monitoring namespace
+        if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
+        run: |
+          kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f -
+      - name: Create oauth2-proxy secrets
+        if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
+        run: |
+
+          kubectl create secret generic oauth2-proxy-prometheus \
+            -n monitoring \
+            --from-literal=client-id=prometheus \
+            --from-literal=client-secret="${{ secrets.PROMETHEUS_CLIENT_SECRET }}" \
+            --from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \
+            --dry-run=client -o yaml | kubectl apply -f -
+
+          kubectl create secret generic oauth2-proxy-alertmanager \
+            -n monitoring \
+            --from-literal=client-id=alertmanager \
+            --from-literal=client-secret="${{ secrets.ALERTMANAGER_CLIENT_SECRET }}" \
+            --from-literal=cookie-secret="${{ secrets.OAUTH2_PROXY_COOKIE_SECRET }}" \
+            --dry-run=client -o yaml | kubectl apply -f -

      - name: Deploy Monitoring
        if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
        run: |
-          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-          helm repo update
          helm upgrade --install monitoring prometheus-community/kube-prometheus-stack \
            --namespace monitoring \
            --create-namespace \
            --values helm/monitoring/values.yaml \
            --wait
+
+      - name: Deploy oauth2-proxy Prometheus
+        if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
+        run: |
+          helm upgrade --install oauth2-proxy-prometheus \
+            oauth2-proxy/oauth2-proxy \
+            --namespace monitoring \
+            -f helm/monitoring/oauth2-proxy-prometheus.yaml \
+            --wait
+
+      - name: Deploy oauth2-proxy Alertmanager
+        if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }}
+        run: |
+          helm upgrade --install oauth2-proxy-alertmanager \
+            oauth2-proxy/oauth2-proxy \
+            --namespace monitoring \
+            -f helm/monitoring/oauth2-proxy-alertmanager.yaml \
+            --wait