Erich Blume
483db74a3c
Adds smartctl_exporter alongside the existing node_exporter on sifaka, routed through Caddy L4 TCP proxy at nas.ops.eblu.me, with a Grafana dashboard for disk health visibility. Introduces the first Ansible playbook for sifaka (mise run provision-sifaka) and shared exporter port variables in group_vars/all.yml. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| dashboards | ||
| external-secret-admin.yaml | ||
| external-secret-teslamate-datasource.yaml | ||
| ingress-tailscale.yaml | ||
| kustomization.yaml | ||
| README.md | ||
Grafana Configuration
This directory contains Kubernetes manifests for Grafana configuration:
- Tailscale Ingress for external access
- Dashboard ConfigMaps for provisioning
Secrets Management
Current approach: Secrets are manually injected using 1Password CLI.
Before deploying Grafana, create the admin password secret:
kubectl create namespace monitoring
op inject -i secret-admin.yaml.tpl | kubectl apply -f -
The secret template (secret-admin.yaml.tpl) references 1Password:
- Vault:
vg6xf6vvfmoh5hqjjhlhbeoaie(blumeops) - Item:
oxkcr3xtxnewy7noep2izvyr6y - Field:
password
Future improvement: Migrate to External Secrets Operator or similar for automated secret synchronization from 1Password to Kubernetes.
Dashboards
Dashboard JSON files are stored as ConfigMaps in the dashboards/ directory.
The Grafana sidecar automatically discovers ConfigMaps with label
grafana_dashboard: "1" and provisions them.
To add a new dashboard:
- Export the dashboard JSON from Grafana UI
- Create a ConfigMap with the JSON content
- Add the
grafana_dashboard: "1"label - Add the ConfigMap to
kustomization.yaml