devtron-labs · neha130 · Jun 3, 2025 · Jun 3, 2025 · Jun 6, 2025 · Jun 9, 2025
diff --git a/charts/devtron-monitoring/Chart.yaml b/charts/devtron-monitoring/Chart.yaml
@@ -10,8 +10,10 @@ sources:
   - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
   - https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-blackbox-exporter
   - https://github.com/deliveryhero/helm-charts/tree/master/stable/k8s-event-logger
+  - https://github.com/grafana/pyroscope
+  - https://github.com/VictoriaMetrics/helm-charts
 
-version: 0.0.3
+version: 0.0.6
 appVersion: "0.0.1"
 dependencies:
 - name: fluent-bit
@@ -47,6 +49,16 @@ dependencies:
   repository: https://victoriametrics.github.io/helm-charts/
   condition: victoriametrics.enabled
   alias: victoriametrics
+- name: pyroscope
+  repository: https://grafana.github.io/helm-charts
+  version: "1.13.2"
+  condition: pyroscope.enabled
+  alias: pyroscope
+- name: victoria-logs-single
+  version: "0.9.8"
+  repository: https://victoriametrics.github.io/helm-charts/
+  condition: vmlogs.enabled
+  alias: vmlogs
 maintainers:
 - email: [email protected]
   name: Badal Kumar

diff --git a/charts/devtron-monitoring/README.MD b/charts/devtron-monitoring/README.MD
@@ -8,6 +8,8 @@
 - Kube-Prom-Stack / Victoria Metrics  
 - Black Box  
 - Event Logger  
+- VMlogs
+- Pyroscope
 
 
 

diff --git a/charts/devtron-monitoring/app-values.yaml b/charts/devtron-monitoring/app-values.yaml
@@ -92,7 +92,6 @@ fluent-bit:
           endpoint https://<add if any custom endpoint>
           bucket <bucket_name>
           s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S_$TAG[2].log
-          # s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S.log
           s3_key_format_tag_delimiters .
           static_file_path On
           use_put_object Off
@@ -241,7 +240,6 @@ vector:
         inputs:
           - my_remap_id_audit
         key_prefix: '{{ print "audit-log/devtroncd/{{ container_name }}/%Y-%m-%d/" }}'
-        region: <region_name>
         type: aws_s3
       my_sink_id_audit:
         batch:
@@ -255,7 +253,6 @@ vector:
         inputs:
           - my_remap_id
         key_prefix: '{{ print "vector-log-2/devtroncd/{{ container_name }}/%Y-%m-%d/" }}'
-        region: <region_name>
         type: aws_s3
     sources:
       kube_log:
@@ -436,7 +433,7 @@ victoriametrics:
               path: /var/lib/grafana/dashboards/default
             orgId: 1
             type: file
-    dashboards:
+    dashboards: 
       default:
         nodeexporter:
           datasource: VictoriaMetrics
@@ -462,7 +459,7 @@ victoriametrics:
         nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
         nginx.ingress.kubernetes.io/rewrite-target: /grafana/$2
         nginx.ingress.kubernetes.io/ssl-redirect: "false"
-      enabled: true
+      enabled: false
       hosts:
         - <testing>.domain.com
       ingressClassName: nginx-new
@@ -501,7 +498,7 @@ victoriametrics:
       disable_prometheus_converter: false
       prometheus_converter_add_argocd_ignore_annotations: true
   vmagent:
-    enabled: true
+    enabled: false
     ingress:
       enabled: true
       hosts:
@@ -517,7 +514,7 @@ victoriametrics:
         promscrape.suppressScrapeErrorsDelay: 30s
       scrapeInterval: 20s
   vmalert:
-    enabled: true
+    enabled: false
     ingress:
       enabled: true
       hosts:
@@ -527,11 +524,93 @@ victoriametrics:
       extraArgs:
         external.url: https://vmalert-<testing>.domain.com
   vmsingle:
-    enabled: true
+    enabled: false
+    containers:
+      - name: oauth2-proxy
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
+        args:
+          - --provider=google  # Change this to: google, github, azure, oidc, etc.
+          - --upstream=http://127.0.0.1:8429
+          - --http-address=0.0.0.0:4180
+          - --cookie-secure=true
+          - --redirect-url=https://vmsingle-<testing>.domain.com/oauth2/callback
+          - --email-domain=
+        env:
+          - name: OAUTH2_PROXY_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: google-oauth-secrets
+                key: client-id
+          - name: OAUTH2_PROXY_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: google-oauth-secrets
+                key: client-secret
+          - name: OAUTH2_PROXY_COOKIE_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: google-oauth-secrets
+                key: cookie-secret
+          - name: OAUTH2_PROXY_REDIRECT_URL
+            value: "https://vmsingle-<testing>.domain.com/oauth2/callback"
+        ports:
+          - containerPort: 4180
+            name: oauth-proxy
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 50m
+            memory: 64Mi
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: 4180
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: 4180
+          initialDelaySeconds: 5
+          periodSeconds: 5
+    # Update service to expose oauth2-proxy port
+    ports:
+      - name: http
+        port: 8429
+        targetPort: 8429
+      - name: oauth-proxy
+        port: 4180
+        targetPort: 4180
     ingress:
       enabled: true
+      annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+        nginx.ingress.kubernetes.io/upstream-vhost: vmsingle-<testing>.domain.com
+        # Route traffic to oauth2-proxy port instead of VMSingle directly
+        nginx.ingress.kubernetes.io/service-upstream: "true"
       hosts:
         - vmsingle-<testing>.domain.com
+      extraPaths:
+      - path: /oauth2
+        pathType: Prefix
+        backend:
+          service:
+            name: vmsingle-victoria-metrics
+            port:
+              name: oauth-proxy
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: vmsingle-victoria-metrics
+            port:
+              name: oauth-proxy
       ingressClassName: nginx
     spec:
       retentionPeriod: 5d
+pyroscope:
+  enabled: false
+vmlogs:
+  enabled: false
diff --git a/charts/devtron-monitoring/values.yaml b/charts/devtron-monitoring/values.yaml
@@ -92,7 +92,6 @@ fluent-bit:
           endpoint https://<add if any custom endpoint>
           bucket <bucket_name>
           s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S_$TAG[2].log
-          # s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S.log
           s3_key_format_tag_delimiters .
           static_file_path On
           use_put_object Off
@@ -241,7 +240,6 @@ vector:
         inputs:
           - my_remap_id_audit
         key_prefix: '{{ print "audit-log/devtroncd/{{ container_name }}/%Y-%m-%d/" }}'
-        region: <region_name>
         type: aws_s3
       my_sink_id_audit:
         batch:
@@ -255,7 +253,6 @@ vector:
         inputs:
           - my_remap_id
         key_prefix: '{{ print "vector-log-2/devtroncd/{{ container_name }}/%Y-%m-%d/" }}'
-        region: <region_name>
         type: aws_s3
     sources:
       kube_log:
@@ -413,7 +410,7 @@ victoriametrics:
           - continue: true
             match: null
             receiver: discord
-    enabled: true
+    enabled: false
   crds:
     enabled: true
   defaultDashboards:
@@ -501,7 +498,7 @@ victoriametrics:
       disable_prometheus_converter: false
       prometheus_converter_add_argocd_ignore_annotations: true
   vmagent:
-    enabled: true
+    enabled: false
     ingress:
       enabled: true
       hosts:
@@ -517,7 +514,7 @@ victoriametrics:
         promscrape.suppressScrapeErrorsDelay: 30s
       scrapeInterval: 20s
   vmalert:
-    enabled: true
+    enabled: false
     ingress:
       enabled: true
       hosts:
@@ -527,11 +524,93 @@ victoriametrics:
       extraArgs:
         external.url: https://vmalert-<testing>.domain.com
   vmsingle:
-    enabled: true
+    enabled: false
+    containers:
+      - name: oauth2-proxy
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
+        args:
+          - --provider=google  # Change this to: google, github, azure, oidc, etc.
+          - --upstream=http://127.0.0.1:8429
+          - --http-address=0.0.0.0:4180
+          - --cookie-secure=true
+          - --redirect-url=https://vmsingle-<testing>.domain.com/oauth2/callback
+          - --email-domain=
+        env:
+          - name: OAUTH2_PROXY_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: google-oauth-secrets
+                key: client-id
+          - name: OAUTH2_PROXY_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: google-oauth-secrets
+                key: client-secret
+          - name: OAUTH2_PROXY_COOKIE_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: google-oauth-secrets
+                key: cookie-secret
+          - name: OAUTH2_PROXY_REDIRECT_URL
+            value: "https://vmsingle-<testing>.domain.com/oauth2/callback"
+        ports:
+          - containerPort: 4180
+            name: oauth-proxy
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 50m
+            memory: 64Mi
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: 4180
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: 4180
+          initialDelaySeconds: 5
+          periodSeconds: 5
+    # Update service to expose oauth2-proxy port
+    ports:
+      - name: http
+        port: 8429
+        targetPort: 8429
+      - name: oauth-proxy
+        port: 4180
+        targetPort: 4180
     ingress:
       enabled: true
+      annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+        nginx.ingress.kubernetes.io/upstream-vhost: vmsingle-<testing>.domain.com
+        # Route traffic to oauth2-proxy port instead of VMSingle directly
+        nginx.ingress.kubernetes.io/service-upstream: "true"
       hosts:
         - vmsingle-<testing>.domain.com
+      extraPaths:
+      - path: /oauth2
+        pathType: Prefix
+        backend:
+          service:
+            name: vmsingle-victoria-metrics
+            port:
+              name: oauth-proxy
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: vmsingle-victoria-metrics
+            port:
+              name: oauth-proxy
       ingressClassName: nginx
     spec:
       retentionPeriod: 5d
+pyroscope:
+  enabled: false
+vmlogs:
+  enabled: false