From 22b52ac1ad29d2c9688660d27383fb969dfe5ca5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rasmus=20L=C3=B6vegren?= <rasmus@lovegren.fi>
Date: Wed, 31 Jul 2024 14:46:15 +0300
Subject: [PATCH] feat: deploy influxdb

---
 clusters/homelab/cluster-secrets.yaml         |  7 +--
 clusters/homelab/infrastructure/influxdb.yaml | 26 +++++++++++
 .../homelab/infrastructure/kustomization.yaml |  1 +
 infrastructure/crds/certificates.yaml         |  4 +-
 .../monitoring/influxdb/influxdb-auth.yaml    | 40 +++++++++++++++++
 .../monitoring/influxdb/kustomization.yaml    |  8 ++++
 .../monitoring/influxdb/namespace.yaml        |  9 ++++
 .../monitoring/influxdb/release.yaml          | 29 ++++++++++++
 .../monitoring/influxdb/telegraf.yaml         | 44 +++++++++++++++++++
 infrastructure/sources/cert-manager.yaml      |  2 +-
 infrastructure/sources/emberstack.yaml        |  2 +-
 infrastructure/sources/grafana.yaml           |  2 +-
 infrastructure/sources/influxdata.yaml        |  8 ++++
 infrastructure/sources/ingress-nginx.yaml     |  2 +-
 infrastructure/sources/kustomization.yaml     |  3 +-
 infrastructure/sources/metallb.yaml           |  2 +-
 infrastructure/sources/metrics-server.yaml    |  2 +-
 .../nfs-subdir-external-provisioner.yaml      |  2 +-
 .../sources/prometheus-community.yaml         |  2 +-
 infrastructure/sources/reloader.yaml          |  2 +-
 20 files changed, 182 insertions(+), 15 deletions(-)
 create mode 100644 clusters/homelab/infrastructure/influxdb.yaml
 create mode 100644 infrastructure/monitoring/influxdb/influxdb-auth.yaml
 create mode 100644 infrastructure/monitoring/influxdb/kustomization.yaml
 create mode 100644 infrastructure/monitoring/influxdb/namespace.yaml
 create mode 100644 infrastructure/monitoring/influxdb/release.yaml
 create mode 100644 infrastructure/monitoring/influxdb/telegraf.yaml
 create mode 100644 infrastructure/sources/influxdata.yaml

diff --git a/clusters/homelab/cluster-secrets.yaml b/clusters/homelab/cluster-secrets.yaml
index 319fd115..5a0a29c8 100644
--- a/clusters/homelab/cluster-secrets.yaml
+++ b/clusters/homelab/cluster-secrets.yaml
@@ -11,14 +11,15 @@ stringData:
     PODINFO_DOMAIN_NAME: ENC[AES256_GCM,data:ZX10MXxeuiWWnA3ZBxY/aot6J0E=,iv:Rz5adZg/Nhg8Ab0zFuwmvj79z2GfSHGcDfNA01yTV+k=,tag:z+jqorbvLNggMO8Oxj7tCg==,type:str]
     CLOUDFLARE_EMAIL: ENC[AES256_GCM,data:e8GR4kogxXplJK/67S0QR4q6,iv:c0Eui6/XzSJZGttmafZdvNjlSqULc7abVCr2TGeJHX0=,tag:Hd0mEKqOowBqPsqQ4Gpu9A==,type:str]
     EXTERNAL_DNS_CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:DRswXksY/LW6VCUA0BZgPG0rDPxu0oBbQ7Bm6BOSgm/GPpC6cceJLA==,iv:XBtP2+/xEm2QDhAEIDohTsES/BqwQ7C4Lhn679whIYk=,tag:yeOS0rW37CE4f8+WTdd4nQ==,type:str]
+    INFLUXDB_TOKEN: ENC[AES256_GCM,data:Kn4Ht5JJ9IFBhPKE4bKqPXpZ/rdqiuPs83mLb9Te/SssIrCxCFG8/pcsf/sPdNyK1n+dLXf3guPzTOp3+MIa0qZ8NEJU7znplUTPTydHRrkJQXBcwcPMlA==,iv:WBzjOK8tleimkx9LFc6ktrjJWAhU6USo9NKylqYcbKs=,tag:jUQEqU6Dzh/fxwUC4VciIg==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-05-21T12:28:12Z"
-    mac: ENC[AES256_GCM,data:K5oa2FWi5Yobtt2n4DV45SHKe3JBDqpajr27xuZWd6J0xwkekJ3IjvxiT8zOAJVSR04rkIcmPVO0IU+yuPc+I0XbW1/Es+dtm60XcGsu5yp0AWiac/DfhAO+ECXd1u5pFp5IjXFuyjlHerNoTOlVe8mZ0yKW/oQweiiEw821FBA=,iv:BGbXDP7zRa9JVmpOVTwgHHnsCDZ5/P1OIhPJNyZVrkM=,tag:ZL/DRgA8+OVjn2NTCqdOvA==,type:str]
+    lastmodified: "2024-08-01T14:22:45Z"
+    mac: ENC[AES256_GCM,data:lcQOJ0jL261CqnlVduFtMAQ6bWsYT/t55C4Mo/sTB7jAAbfRT+UyNwNmODdLCFbqufMQa8+KtTXLbkiDOKAO9kEjNd8XHCQ3SnmO6hSgTSAKohMYoQFuna7bqMyXVvIlsBmvXpvLTP3Kklnm+snGWsq94g2BCrlzQpfFaDufSz8=,iv:+hPfH8J1RxWT7KXY7jmcKr1jxD5VSJEU9YKY+GGFGn4=,tag:x35lJ08+TycV9UdV39Cy1g==,type:str]
     pgp:
         - created_at: "2023-04-11T10:46:46Z"
           enc: |-
@@ -41,4 +42,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 3536F7F9345D96C86FB7F9CD21FAFEE575B18815
     encrypted_regex: ^(data|stringData)$
-    version: 3.7.3
+    version: 3.9.0
diff --git a/clusters/homelab/infrastructure/influxdb.yaml b/clusters/homelab/infrastructure/influxdb.yaml
new file mode 100644
index 00000000..a0a058ea
--- /dev/null
+++ b/clusters/homelab/infrastructure/influxdb.yaml
@@ -0,0 +1,26 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: influxdb
+spec:
+  interval: 1h
+  timeout: 3m
+  retryInterval: 10s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/monitoring/influxdb
+  prune: true
+  wait: true
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-config
+      - kind: Secret
+        name: cluster-secrets
+
diff --git a/clusters/homelab/infrastructure/kustomization.yaml b/clusters/homelab/infrastructure/kustomization.yaml
index da2aa19c..0b4c4a78 100644
--- a/clusters/homelab/infrastructure/kustomization.yaml
+++ b/clusters/homelab/infrastructure/kustomization.yaml
@@ -16,4 +16,5 @@ resources:
   - metallb.yaml
   - reloader.yaml
   - reflector.yaml
+  - influxdb.yaml
   # - loki-stack.yaml
diff --git a/infrastructure/crds/certificates.yaml b/infrastructure/crds/certificates.yaml
index 902386a2..13d7711d 100644
--- a/infrastructure/crds/certificates.yaml
+++ b/infrastructure/crds/certificates.yaml
@@ -15,6 +15,6 @@ spec:
   secretTemplate:
     annotations:
       reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
-      reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "flux-system,ingress-proxy,kube-prometheus-stack" # Control destination namespaces
+      reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "flux-system,ingress-proxy,kube-prometheus-stack,influxdb" # Control destination namespaces
       reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces
-      reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "flux-system,ingress-proxy,kube-prometheus-stack" # Control auto-reflection namespaces
+      reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "flux-system,ingress-proxy,kube-prometheus-stack,influxdb" # Control auto-reflection namespaces
diff --git a/infrastructure/monitoring/influxdb/influxdb-auth.yaml b/infrastructure/monitoring/influxdb/influxdb-auth.yaml
new file mode 100644
index 00000000..63db73a7
--- /dev/null
+++ b/infrastructure/monitoring/influxdb/influxdb-auth.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    namespace: influxdb
+    name: influxdb-auth
+type: Opaque
+stringData:
+    admin-password: ENC[AES256_GCM,data:3wLiBd2jzWG8QZmsampuWY7AYKM=,iv:Zco6dXhrUdFsO5XfiOapG89iPSs7TzaTE5idYRmVvb0=,tag:QTV+l5RtdUYjkbw51kkrZw==,type:str]
+    admin-token: ENC[AES256_GCM,data:zkhcQvzqgNSAAWLwttX8LZM52doSn60RqCZB2W1Pt0XL7WXJ/O0uU6HFJoayuW95/9dianl6ep1DRdfublUz0PCsWmLwauQ10v4gozz8IWhCLSlTf5VUJQ==,iv:W2tV4zsnVH0eBUrkcwwusvP3kpXGKDK9F1YiZFoJug4=,tag:XSaInpsntOwALTOcP38kLQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-08-01T14:21:55Z"
+    mac: ENC[AES256_GCM,data:v/a4sN/MGMXiDo0166atsfaDzj39F4sDHNxfsUfVKYru6J+4B5wRvP0n2bcwMWHPr+StNFJXov90QG1QrkNxEfGpkl4qZcR5DEosmtMoS3fX7hTN2IEe/YCjuS4dWxNc7du5yBL29eSRnGO6dLko9c6nCEtJ6OS+9u0TJHIFCpo=,iv:qhzz8w33SozIHKpnzHkRbWd1CnEHq5ocNnO7IitYEy8=,tag:zgMolSPstIEODgIDsrhx9w==,type:str]
+    pgp:
+        - created_at: "2024-08-01T07:24:13Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA8WjeZLD+fxwAQ//aBlQKYyIbSAaQpuAwgzGnxlyS9FooiqMWVV4su2/U0Lg
+            bd4sZvhkVEyF8ph7GAZPK+sarG8WWMLHdafvKxoewEukzfgEyHG8wRnK9MZUWbF6
+            pN4JHvIjYWMKPufwKPpgmnol/wf70kyKol2/AyUoG6DnrgaPkSXunFq1/aq9VuGK
+            YL4yP1jvYOAJqi4XuHz4AS5zF42YYaUV8/xxbf3hniop4FsXKyGBnu2eQ511pMym
+            2TxioXuuUdflM1mZO/PBHTXlTJNhbo96slsXPmatb24Ze1ziPAm9X7BD+8LgYb6k
+            vIxJ7WMlnwlILkmmz5Gbz8EARlxivdJ0ubiIhYuEnykITTBgh2BfF+oFq6NWcApg
+            75j2pMOAjKwIcdDIJdB0vHBxr8FU7tzMS/Z9KoM7v9KwKa/hSgnmQ7FCNY/wpmlL
+            RNTqRkZrXXBjbKT4T/it/vp1ttUigbXxQsvSE7/BIDSK37Pu/KRTi/HLTqJodr6F
+            mswsFbTuPLzL1FO0OEkjA+hfU/FDxyxr+DPTl2olHpiqOP1XlRmnJB9TR3FAwyEv
+            dH2lSxN6Te7R8lV8nDS4n3lh4CsfJM9EaSP/sofPUWGiyew1bDcs5nciP6oqb2Kg
+            fgLHk05FYL4bxDjrptw9BX8Dh0Nt+a7FilEsFv2TBxL5h1ZF2EKE2+z9jiA7/GjS
+            UQHCMN5WiZpL0zSreLY+pDngPx2M1wq9+hhcCwjZagCox7wrK+t23ZuxSoC18RGS
+            7VQ/P8vvxaDEk+H96oJzx4UqOne/6ihLhFzSYQfVRTuD4g==
+            =xv4o
+            -----END PGP MESSAGE-----
+          fp: 3536F7F9345D96C86FB7F9CD21FAFEE575B18815
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0
diff --git a/infrastructure/monitoring/influxdb/kustomization.yaml b/infrastructure/monitoring/influxdb/kustomization.yaml
new file mode 100644
index 00000000..089cacb2
--- /dev/null
+++ b/infrastructure/monitoring/influxdb/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: influxdb
+resources:
+  - influxdb-auth.yaml
+  - namespace.yaml
+  - release.yaml
+  - telegraf.yaml
diff --git a/infrastructure/monitoring/influxdb/namespace.yaml b/infrastructure/monitoring/influxdb/namespace.yaml
new file mode 100644
index 00000000..8de578e2
--- /dev/null
+++ b/infrastructure/monitoring/influxdb/namespace.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: influxdb
+
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
diff --git a/infrastructure/monitoring/influxdb/release.yaml b/infrastructure/monitoring/influxdb/release.yaml
new file mode 100644
index 00000000..1fe97790
--- /dev/null
+++ b/infrastructure/monitoring/influxdb/release.yaml
@@ -0,0 +1,29 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: influxdb
+  namespace: influxdb
+spec:
+  interval: 1h
+  timeout: 5m
+  chart:
+    spec:
+      chart: influxdb2
+      version: "*"
+      sourceRef:
+        kind: HelmRepository
+        name: influxdata
+        namespace: flux-system
+  values:
+    adminUser:
+      existingSecret: influxdb-auth
+    persistence:
+      enabled: true
+      storageClass: syno-storage
+      size: 10Gi
+    ingress:
+      enabled: true
+      className: private
+      tls: true
+      secretName: fruitiex-org-tls
+      hostname: influxdb.fruitiex.org
diff --git a/infrastructure/monitoring/influxdb/telegraf.yaml b/infrastructure/monitoring/influxdb/telegraf.yaml
new file mode 100644
index 00000000..12a98948
--- /dev/null
+++ b/infrastructure/monitoring/influxdb/telegraf.yaml
@@ -0,0 +1,44 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: telegraf-home
+spec:
+  interval: 1h
+  timeout: 5m
+  chart:
+    spec:
+      chart: telegraf
+      version: "*"
+      sourceRef:
+        kind: HelmRepository
+        name: influxdata
+        namespace: flux-system
+  values:
+    metrics:
+      health: 
+        enabled: false
+      internal:
+        enabled: false
+
+    config:
+      agent:
+        omit_hostname: true
+
+      outputs:
+        - influxdb_v2:
+            urls:
+              - "https://influxdb.fruitiex.org"
+            organization: influxdata
+            bucket: home
+            token: ${INFLUXDB_TOKEN}
+
+      inputs:
+        - mqtt_consumer:
+            servers:
+              - "tcp://mqtt.fruitiex.org:1883"
+            topics:
+              - "home/#"
+            data_format: json_v2
+            tags:
+              - name
+              - id
diff --git a/infrastructure/sources/cert-manager.yaml b/infrastructure/sources/cert-manager.yaml
index 7c95db0d..a1b60ddb 100644
--- a/infrastructure/sources/cert-manager.yaml
+++ b/infrastructure/sources/cert-manager.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: cert-manager
 spec:
-  interval: 1h
+  interval: 24h
   url: https://charts.jetstack.io
diff --git a/infrastructure/sources/emberstack.yaml b/infrastructure/sources/emberstack.yaml
index 8473d5dc..d88eb5e0 100644
--- a/infrastructure/sources/emberstack.yaml
+++ b/infrastructure/sources/emberstack.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: emberstack
 spec:
-  interval: 1h
+  interval: 24h
   url: https://emberstack.github.io/helm-charts
diff --git a/infrastructure/sources/grafana.yaml b/infrastructure/sources/grafana.yaml
index 6b742b34..99e7aaff 100644
--- a/infrastructure/sources/grafana.yaml
+++ b/infrastructure/sources/grafana.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: grafana
 spec:
-  interval: 1h
+  interval: 24h
   url: https://grafana.github.io/helm-charts
diff --git a/infrastructure/sources/influxdata.yaml b/infrastructure/sources/influxdata.yaml
new file mode 100644
index 00000000..5e839b60
--- /dev/null
+++ b/infrastructure/sources/influxdata.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: influxdata
+spec:
+  interval: 24h
+  url: https://helm.influxdata.com
+
diff --git a/infrastructure/sources/ingress-nginx.yaml b/infrastructure/sources/ingress-nginx.yaml
index 4baac2c5..bde89b50 100644
--- a/infrastructure/sources/ingress-nginx.yaml
+++ b/infrastructure/sources/ingress-nginx.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: ingress-nginx
 spec:
-  interval: 1h
+  interval: 24h
   url: https://kubernetes.github.io/ingress-nginx
diff --git a/infrastructure/sources/kustomization.yaml b/infrastructure/sources/kustomization.yaml
index ffe880d5..adc7bae0 100644
--- a/infrastructure/sources/kustomization.yaml
+++ b/infrastructure/sources/kustomization.yaml
@@ -10,4 +10,5 @@ resources:
   - metrics-server.yaml
   - nfs-subdir-external-provisioner.yaml
   - prometheus-community.yaml
-  - reloader.yaml
\ No newline at end of file
+  - reloader.yaml
+  - influxdata.yaml
\ No newline at end of file
diff --git a/infrastructure/sources/metallb.yaml b/infrastructure/sources/metallb.yaml
index 391af383..7aabbc5b 100644
--- a/infrastructure/sources/metallb.yaml
+++ b/infrastructure/sources/metallb.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: metallb
 spec:
-  interval: 1h
+  interval: 24h
   url: https://metallb.github.io/metallb
\ No newline at end of file
diff --git a/infrastructure/sources/metrics-server.yaml b/infrastructure/sources/metrics-server.yaml
index 8cd27370..1febed62 100644
--- a/infrastructure/sources/metrics-server.yaml
+++ b/infrastructure/sources/metrics-server.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: metrics-server
 spec:
-  interval: 1h
+  interval: 24h
   url: https://kubernetes-sigs.github.io/metrics-server
diff --git a/infrastructure/sources/nfs-subdir-external-provisioner.yaml b/infrastructure/sources/nfs-subdir-external-provisioner.yaml
index 9f386a1c..bcd635fb 100644
--- a/infrastructure/sources/nfs-subdir-external-provisioner.yaml
+++ b/infrastructure/sources/nfs-subdir-external-provisioner.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: nfs-subdir-external-provisioner
 spec:
-  interval: 1h
+  interval: 24h
   url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner
\ No newline at end of file
diff --git a/infrastructure/sources/prometheus-community.yaml b/infrastructure/sources/prometheus-community.yaml
index b3ae30c7..26968f69 100644
--- a/infrastructure/sources/prometheus-community.yaml
+++ b/infrastructure/sources/prometheus-community.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: prometheus-community
 spec:
-  interval: 1h
+  interval: 24h
   url: https://prometheus-community.github.io/helm-charts
diff --git a/infrastructure/sources/reloader.yaml b/infrastructure/sources/reloader.yaml
index f40ac1b8..0ebb51ea 100644
--- a/infrastructure/sources/reloader.yaml
+++ b/infrastructure/sources/reloader.yaml
@@ -3,5 +3,5 @@ kind: HelmRepository
 metadata:
   name: reloader
 spec:
-  interval: 1h
+  interval: 24h
   url: https://stakater.github.io/stakater-charts