From 98e0774f568b7e7bfe738ad0cd90280735f7be04 Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Wed, 9 Nov 2022 14:05:46 +0200
Subject: [PATCH 1/2] Use kube-prometheus-stack signed OCI Helm chart

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 manifests/monitoring/kube-prometheus-stack/release.yaml    | 4 +++-
 manifests/monitoring/kube-prometheus-stack/repository.yaml | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/manifests/monitoring/kube-prometheus-stack/release.yaml b/manifests/monitoring/kube-prometheus-stack/release.yaml
index 13aa495273..30b8735755 100644
--- a/manifests/monitoring/kube-prometheus-stack/release.yaml
+++ b/manifests/monitoring/kube-prometheus-stack/release.yaml
@@ -6,11 +6,13 @@ spec:
   interval: 5m
   chart:
     spec:
-      version: "35.x"
+      version: "41.x"
       chart: kube-prometheus-stack
       sourceRef:
         kind: HelmRepository
         name: prometheus-community
+      verify:
+        provider: cosign
       interval: 60m
   install:
     crds: Create
diff --git a/manifests/monitoring/kube-prometheus-stack/repository.yaml b/manifests/monitoring/kube-prometheus-stack/repository.yaml
index 49355b5300..d2beb6b4fa 100644
--- a/manifests/monitoring/kube-prometheus-stack/repository.yaml
+++ b/manifests/monitoring/kube-prometheus-stack/repository.yaml
@@ -4,4 +4,5 @@ metadata:
   name: prometheus-community
 spec:
   interval: 120m
-  url: https://prometheus-community.github.io/helm-charts
+  type: oci
+  url: oci://ghcr.io/prometheus-community/charts

From 8bd13edc75489586ecf140252f30bc6eb18dbdf5 Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Wed, 9 Nov 2022 14:06:30 +0200
Subject: [PATCH 2/2] Add the monitoring stack to e2e tests

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 .github/workflows/e2e-arm64.yaml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/.github/workflows/e2e-arm64.yaml b/.github/workflows/e2e-arm64.yaml
index 4c2de99ebb..c39e45fe63 100644
--- a/.github/workflows/e2e-arm64.yaml
+++ b/.github/workflows/e2e-arm64.yaml
@@ -58,6 +58,33 @@ jobs:
           kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=5m
           kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
           kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
+      - name: Run monitoring tests
+        # Keep this test in sync with https://fluxcd.io/flux/guides/monitoring/
+        env:
+          KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
+        run: |
+          ./bin/flux create source git flux-monitoring \
+          --interval=30m \
+          --url=https://github.com/fluxcd/flux2 \
+          --branch=${GITHUB_REF#refs/heads/}
+          ./bin/flux create kustomization kube-prometheus-stack \
+          --interval=1h \
+          --prune \
+          --source=flux-monitoring \
+          --path="./manifests/monitoring/kube-prometheus-stack" \
+          --health-check-timeout=5m \
+          --wait
+          ./bin/flux create kustomization monitoring-config \
+          --depends-on=kube-prometheus-stack \
+          --interval=1h \
+          --prune=true \
+          --source=flux-monitoring \
+          --path="./manifests/monitoring/monitoring-config" \
+          --health-check-timeout=1m \
+          --wait
+          kubectl -n flux-system wait kustomization/kube-prometheus-stack --for=condition=ready --timeout=5m
+          kubectl -n flux-system wait kustomization/monitoring-config --for=condition=ready --timeout=5m
+          kubectl -n monitoring wait helmrelease/kube-prometheus-stack --for=condition=ready --timeout=1m
       - name: Debug failure
         if: failure()
         env: