Kubespot (Helm)
May 21, 2026 · View on GitHub
- cert-manager
- datadog
- keda
- nginx
- prometheus
- grafana
- grafana loki
- kubecost
Configuration
cert-manager
To use cert-manager add the following annotation to your Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: letsencrypt
name: myIngress
namespace: myIngress
spec:
tls:
- hosts:
- https-example.foo.com
secretName: testsecret-tls
rules:
- host: https-example.foo.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service1
port:
number: 80
Grafana
Grafana is installed on a ClusterIP use the following to open it locally.
kubectl port-forward -n grafana service/grafana 6891:80
open https://localhost:6891
Username: opszero
Password: opszero
Deployment
terraform init
terraform plan
terraform apply -auto-approve
Teardown
terraform destroy -auto-approve
Providers
| Name | Version |
|---|---|
| helm | n/a |
| null | n/a |
| random | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cert_manager_email | Your email address to use for cert manager | any | null | no |
| cert_manager_enable | Enable or disable cert-manager installation | bool | true | no |
| cert_manager_leader_election_namespace | The namespace used for the leader election lease. Change to cert-manager for GKE Autopilot | string | "cert-manager" | no |
| cert_manager_resources | n/a | map(object({ | null | no |
| cert_manager_version | The version of the Cert-Manager Helm chart to be deployed, used for automating the issuance and renewal of TLS certificates. | string | "1.16.3" | no |
| datadog_api_key | The API key for datadog | string | "" | no |
| datadog_values | Values for datadog helm chart | string | "" | no |
| datadog_values_extra | Path to extra values YAML file for Datadog Helm chart | string | null | no |
| datadog_version | The version of the Datadog Helm chart to be deployed, used for monitoring, security, and observability in Kubernetes environments. | string | "3.88.3" | no |
| grafana_admin_password | The Password of Grafana for login Dashboard | string | "" | no |
| grafana_admin_user | The User name of Grafana for login Dashboard | string | "opszero" | no |
| grafana_datasources | n/a | list(object({ | [] | no |
| grafana_efs_enable | Enable EFS storage for Grafana | bool | false | no |
| grafana_efs_storage_class_name | If EFS is needed pass EFS storage class, but make sure efs and efs driver deployed | string | "gp2" | no |
| grafana_enabled | Enable grafana | bool | false | no |
| grafana_extra_yml | Grafana Datasources as Yaml | any | null | no |
| grafana_google_auth_client_id | Add Google Auth client id | string | "" | no |
| grafana_google_auth_client_secret | Add Google Auth client secret | string | "" | no |
| grafana_ingress_class_name | Ingress class name for Grafana | string | "nginx" | no |
| grafana_ingress_enabled | Enable grafana ingress | bool | false | no |
| grafana_ingress_hosts | Add grafana ingress hosts | list | [] | no |
| grafana_loki_bucket_name | Name for the S3 bucket | string | "" | no |
| grafana_loki_enabled | Enable grafana loki | bool | false | no |
| grafana_loki_yml_file | n/a | any | null | no |
| grafana_persistence_storage | Enable persistence storage for Grafana | bool | true | no |
| grafana_version | The version of the Grafana Helm chart to be deployed, used for data visualization and monitoring dashboards. | string | "8.8.5" | no |
| ingress_nginx_enable | Enable or disable the installation of the ingress-nginx Helm chart | string | "true" | no |
| ingress_nginx_version | The version of the Ingress-NGINX Helm chart to be deployed, used for managing ingress traffic in Kubernetes. | string | "4.12.1" | no |
| keda_version | The version of the KEDA Helm chart to be deployed, used for Kubernetes-based Event-Driven Autoscaling. | string | "2.16.1" | no |
| kubecost_enabled | A boolean to enable or disable the deployment of Kubecost, a tool for monitoring and managing Kubernetes cost and resource usage. | bool | false | no |
| kubecost_version | The version of the Kubecost Helm chart to be deployed, used for Kubernetes cost management and optimization. | string | "2.5.3" | no |
| loki_allowed_apps | Allowed Kubernetes apps for Loki log collection | list(string) | [] | no |
| loki_version | The version of the Loki Helm chart to be deployed, used for log aggregation and analysis. | string | "6.25.0" | no |
| loki_yml_file | Path to custom Loki YAML file | string | null | no |
| nginx_max_replicas | Maximum number of Nginx Replicas | number | 11 | no |
| nginx_min_replicas | Minimum number of Nginx Replicas | number | 2 | no |
| nginx_name | Release name for the installed helm chart | string | "nginx" | no |
| nginx_yml_file | n/a | any | null | no |
| opentelemetry_collector_version | The version of the OpenTelemetry Collector Helm chart to be deployed, used for collecting telemetry data (logs, metrics, and traces) from various sources. | string | "0.115.0" | no |
| otel_yml_file | n/a | any | null | no |
| prometheus_additional_scrape_configs | Add additional scrape for configuration for prometheus if needed | list(object({ | [] | no |
| prometheus_enabled | Enable prometheus | bool | true | no |
| prometheus_persistence_storage | Enable persistence storage for Prometheus | bool | false | no |
| prometheus_version | The version of the Prometheus Helm chart to be deployed, used for monitoring and alerting in Kubernetes. | string | "27.1.0" | no |
| promtail_version | The version of the Promtail Helm chart to be deployed, used as a log collector to send logs to Loki. | string | "6.16.6" | no |
| pushgateway_ingress_host | List of hosts for prometheus push gateway ingress | list | [] | no |
| storage_class | Storage Class to use for Persistence | string | "gp2" | no |
Resources
| Name | Type |
|---|---|
| helm_release.cert-manager | resource |
| helm_release.datadog | resource |
| helm_release.grafana | resource |
| helm_release.keda | resource |
| helm_release.kubecost | resource |
| helm_release.loki | resource |
| helm_release.nginx | resource |
| helm_release.opentelemetry_collector | resource |
| helm_release.prometheus | resource |
| helm_release.promtail | resource |
| null_resource.cert-manager-cluster-issuer | resource |
| random_password.grafana_admin_password | resource |
Outputs
| Name | Description |
|---|---|
| grafana_admin_password | n/a |
🚀 Built by opsZero!
opsZero provides software and consulting for DevOps. With our decade plus of experience scaling some of the world’s most innovative companies we have developed deep expertise in Kubernetes, DevOps, FinOps, and Compliance.
Our software and consulting solutions enable organizations to:
- migrate workloads to the Cloud
- setup compliance frameworks including SOC2, HIPAA, PCI-DSS, ITAR, FedRamp, CMMC, and more.
- FinOps solutions to reduce the cost of running Cloud workloads
- Kubernetes optimized for web scale and AI workloads
- finding underutilized Cloud resources
- setting up custom AI training and delivery
- building data integrations and scrapers
- modernizing onto modern ARM based processors
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
