From a94453242be77988c8bf3466085cf0c2e57d612b Mon Sep 17 00:00:00 2001
From: Ronald Philipsen <Mail@rphilipsen.nl>
Date: Sat, 1 Feb 2025 14:32:04 +0100
Subject: [PATCH] add kube-prometheis-stack

---
 .../alertmanagerconfig.yaml                   | 19 ++++++++++---------
 .../kube-prometheus-stack/externalsecret.yaml |  1 -
 .../meta/settings/cluster-secrets.sops.yaml   |  9 ++++++---
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml b/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml
index 4a369ab3..7fb5f9a9 100644
--- a/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml
+++ b/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml
@@ -49,8 +49,17 @@ spec:
             key: ALERTMANAGER_HEARTBEAT_URL
     - name: email
       emailConfigs:
-        - from: 'alertmanager@${SECRET_DOMAIN}'
+        # Whether to notify about resolved alerts.
+        - sendResolved: true
           to: 'alerts@${SECRET_DOMAIN}'
+          from: 'alertmanager@${SECRET_DOMAIN}'
+          hello: k8s@${SECRET_DOMAIN}
+          # The smarthost and SMTP sender used for mail notifications.
+          smarthost: ${ALERTMANAGER_SMTP_HOST}
+          authUsername: ${ALERTMANAGER_SMTP_USERNAME}
+          authPassword:
+            key:  *secret
+            name: ALERTMANAGER_SMTP_PASSWORD
           text: >-
             [{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}]
             {{ .CommonLabels.alertname }}
@@ -74,11 +83,3 @@ spec:
               {{- end }}
             {{- end }}
 
-          sendResolved: true
-          # The smarthost and SMTP sender used for mail notifications.
-          hello: k8s@${SECRET_DOMAIN}
-          smarthost: ${ALERTMANAGER_SMTP_HOST}
-          authUsername: ${ALERTMANAGER_SMTP_USERNAME}
-          authPassword:
-            key:  *secret
-            name: ALERTMANAGER_SMTP_PASSWORD
diff --git a/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml b/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml
index a2950bf9..b9daed03 100644
--- a/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml
+++ b/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml
@@ -15,7 +15,6 @@ spec:
       data:
         ALERTMANAGER_HEARTBEAT_URL: "{{ .ALERTMANAGER_HEARTBEAT_URL }}"
         ALERTMANAGER_SMTP_PASSWORD: "{{ .ALERTMANAGER_SMTP_PASSWORD }}"
-        PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}"
   dataFrom:
     - extract:
         key: alertmanager
diff --git a/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml b/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml
index 11da95b1..f17e41e0 100644
--- a/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml
+++ b/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml
@@ -14,6 +14,9 @@ stringData:
     CLUSTER_SVC_V6_PREFIX: ENC[AES256_GCM,data:qVmaFX2V2/TF1z9gLij+ZEzblucO,iv:T8UYxEN8r1A7nSqalS7Mxw0Dn8saDKckYFbHP+V38JM=,tag:RJswikeCI4a0xZv4i7Yegg==,type:str]
     CLUSTER_LBA_V6_CIDR: ENC[AES256_GCM,data:BUDk53jJv3VYKiMPaHwh69omm7QCB8zmksNy,iv:rTkABwkYE84F36OrY1AsUdx1/3EryaCo8in91Vqwuxk=,tag:Ot/288eN/+u4T9Wg8otezA==,type:str]
     CLUSTER_NODE_V6_CIDR: ENC[AES256_GCM,data:9EtUqN4vA5pzYGPigwqhVc8oMw==,iv:rpnJtQ7E1sW/D7IYxOYtA7TU+cl+tMyAe3oEZ+Kgqks=,tag:n0muTnj1K0dgJgQjcUiuDQ==,type:str]
+    #ENC[AES256_GCM,data:brFBypll5QOb7yyqt/gHs5rH75+FXbW753m8,iv:wC1nkZUN3nBS+7ZCvGi1K8aYWXG7E0Ywr+H/vZORzAM=,tag:ZN3sr+XSdxDz9zPO+vRZFw==,type:comment]
+    ALERTMANAGER_SMTP_USERNAME: ENC[AES256_GCM,data:33AiYpDOJ41hHhTgfLsGUglWVk8KwVw=,iv:MBDtmvhgo4urPMHJDRIgPmS5avRg8//5N+YhWeECqtw=,tag:aP6ht3OlN902f9877OaAng==,type:str]
+    ALERTMANAGER_SMTP_HOST: ENC[AES256_GCM,data:O8rXlZjoe9xwRqXd0Iy7eNS4,iv:oJHPANSEbV2LYf0+z8JQS4kK25gZoOS66STciO4yneI=,tag:7svebzCwZU5JbhTLgrFtiw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -29,9 +32,9 @@ sops:
             dEJCQ0VzcEVlWmdDYUs5Nm9jYTVXckkKr8OGj284W6dhf5uUFtpwPX1eaz0dYWx2
             uy6dvYEY+SSVSGaojydt8IFU80vhaQIslI2A7hIjNmGY6s5Pl2Zpnw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-18T21:51:24Z"
-    mac: ENC[AES256_GCM,data:rmU+URrHaloXPKthGXfStu4T2/2XhL7NYrwK5ZjUkFmFGNCHlihEjpOW+gowPPA2Dhb7I6wVCAT9Ix+2ir4EYi+xx3Q3Zkbc4dh+QzvbgXnFuWQcTgb6l8ePpsNDVVWDz6fRyI/1m+bky67vhqRXmXjJglxnD+ZIEIBOIdI2bsA=,iv:sklvnbvwADKvrr2LlLCtmCLFOPYqSVwFkzsv3xV0mHE=,tag:9B3AxDUa1CMenwatD77pVA==,type:str]
+    lastmodified: "2025-02-01T13:32:02Z"
+    mac: ENC[AES256_GCM,data:ww6bzEoYf0i2ChcHXsQzv1j4ijpoO5O/3o5r1urAckvH9UnO5Dg2mDd8wv2ZZSbueibBpgJAV/V+FpUPIyAqaN6m5aLsGHSz/usfhz62fCownI9zv/gnfCbvGNTa19EL5Cnniv6gc5dtUZOlkyMOfmO0Ps++fsgeG1TyF3q+gZM=,iv:eRcpVyQUzr1YeIpurtqklMKv3y3F2Vn+oiiTIddfKWk=,tag:6+cuyd7fLGBGBb4jNqoENg==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     mac_only_encrypted: true
-    version: 3.9.3
+    version: 3.9.4