monitoring: add Prometheus + Grafana stack (kube-prometheus-stack)

Deploys kube-prometheus-stack via helm-controller: Prometheus, Grafana (internal-only), node-exporter, kube-state-metrics. Adds prometheus-pve-exporter for Proxmox (token in an out-of-band Secret), scrape configs for external hosts (.48/.70/.71/.49), community dashboards (Node Exporter Full, Proxmox via Prometheus) and a custom Hardware Temperatures dashboard. Grafana liveness made tolerant for slow first-boot migrations. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 23:45:02 +02:00 · 2026-06-09 23:45:02 +02:00 · 0a02da49a4
commit 0a02da49a4
parent a064f41250
3 changed files with 275 additions and 0 deletions
--- a/monitoring/pve-exporter.yaml
+++ b/monitoring/pve-exporter.yaml
@ -0,0 +1,53 @@
+# prometheus-pve-exporter — exposes Proxmox VE metrics for Prometheus.
+# The API token lives in the `pve-exporter` Secret, created out-of-band (NOT in git):
+#   kubectl -n monitoring create secret generic pve-exporter \
+#     --from-literal=PVE_USER=monitoring@pve \
+#     --from-literal=PVE_TOKEN_NAME=prometheus \
+#     --from-literal=PVE_TOKEN_VALUE=<token> \
+#     --from-literal=PVE_VERIFY_SSL=false
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prometheus-pve-exporter
+  namespace: monitoring
+  labels:
+    app: prometheus-pve-exporter
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prometheus-pve-exporter
+  template:
+    metadata:
+      labels:
+        app: prometheus-pve-exporter
+    spec:
+      containers:
+        - name: pve-exporter
+          image: prompve/prometheus-pve-exporter:3.9.0
+          envFrom:
+            - secretRef:
+                name: pve-exporter
+          ports:
+            - containerPort: 9221
+              name: http
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            seccompProfile:
+              type: RuntimeDefault
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: prometheus-pve-exporter
+  namespace: monitoring
+spec:
+  selector:
+    app: prometheus-pve-exporter
+  ports:
+    - port: 9221
+      targetPort: 9221