Add kube-prometheus-stack + Loki subcharts and ServiceMonitor (monitoring.enabled)

[dhilgaertner]

Context

The OCI SaaS deployment uses in-cluster observability: kube-prometheus-stack + Loki. Cluster-bundled observability also travels with the self-hosted chart nicely, so we ship this as an opt-in umbrella dependency rather than a separate infra play.

Goal

Chart dependency on kube-prometheus-stack + loki (both conditional on monitoring.enabled) plus a ServiceMonitor for Corveil's metrics endpoint.

Work items

• Chart.yaml dependencies:

  - name: kube-prometheus-stack
    repository: https://prometheus-community.github.io/helm-charts
    version: "~62.0"
    condition: monitoring.enabled
  - name: loki
    repository: https://grafana.github.io/helm-charts
    version: "~6.0"
    condition: monitoring.enabled

• values.yaml:

  monitoring:
    enabled: false
    serviceMonitor:
      enabled: true
      interval: 30s
      path: /metrics

• templates/servicemonitor.yaml — rendered when monitoring.serviceMonitor.enabled and monitoring.enabled.
• Confirm Corveil exposes /metrics in Prometheus text format. If not, file a follow-up ticket in the product repo to add it.
• Document the stack's storage expectations in README.md (PVC sizes for Prometheus/Loki).

Acceptance

• helm dependency update pulls both subcharts.
• helm template . --set monitoring.enabled=true renders both subcharts + the ServiceMonitor.
• In a kind test cluster, Prometheus discovers and scrapes Corveil's metrics endpoint.

Non-goals

• Log aggregation from non-Corveil pods. Only Corveil's own logs are in scope; Loki will scrape the whole cluster by default but we'll tune later.

Key files

• Chart.yaml
• values.yaml
• templates/servicemonitor.yaml (new)
• README.md