add kube-prometheus-stack

Signed-off-by: gwg313 <gwg313@pm.me>

istio-update

Signed-off-by: gwg313 <gwg313@pm.me>

kube-prometheus-stack/certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: grafana-cert
+  namespace: istio-system
+spec:
+  secretName: grafana-cert
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  dnsNames:
+    - grafana.local.gwg313.xyz
+    - grafana.zerotier.gwg313.xyz

kube-prometheus-stack/gateway.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: grafana-gateway
+  namespace: monitoring
+spec:
+  selector:
+    istio: gateway
+  servers:
+    - port:
+        number: 443
+        name: https
+        protocol: HTTPS
+      tls:
+        mode: SIMPLE
+        credentialName: grafana-cert
+      hosts:
+        - grafana.local.gwg313.xyz
+        - grafana.zerotier.gwg313.xyz

kube-prometheus-stack/namespace.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  labels:
+    # istio-injection: enabled
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
+
+    app.kubernetes.io/name: monitoring

kube-prometheus-stack/virtualservice.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: grafana
+  namespace: monitoring
+spec:
+  hosts:
+    - grafana.local.gwg313.xyz
+    - grafana.zerotier.gwg313.xyz
+  gateways:
+    - grafana-gateway
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: prometheus-grafana
+            port:
+              number: 80