Inflate Grafana chart manually
This commit is contained in:
parent
74d2abafad
commit
705ea2bdd1
|
@ -12,7 +12,4 @@ load-prod-env:
|
||||||
|
|
||||||
# Usage: make inflate name=prometheus chart=prometheus-community/prometheus
|
# Usage: make inflate name=prometheus chart=prometheus-community/prometheus
|
||||||
inflate:
|
inflate:
|
||||||
@rm -rf -- base/inflated/$(name)
|
@bin/helm-chart-inflate.sh $(name) $(chart)
|
||||||
@helm template $(name) $(chart) --output-dir base/inflated
|
|
||||||
@echo "YAML files for kustomzation.yaml:"
|
|
||||||
@find base/inflated/$(name) -iname '*.yaml' -exec realpath --relative-to base {} \;
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.vscode
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
||||||
OWNERS
|
|
|
@ -1,22 +0,0 @@
|
||||||
apiVersion: v2
|
|
||||||
appVersion: 8.5.0
|
|
||||||
description: The leading tool for querying and visualizing time series and metrics.
|
|
||||||
home: https://grafana.net
|
|
||||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
|
||||||
kubeVersion: ^1.8.0-0
|
|
||||||
maintainers:
|
|
||||||
- email: zanhsieh@gmail.com
|
|
||||||
name: zanhsieh
|
|
||||||
- email: rluckie@cisco.com
|
|
||||||
name: rtluckie
|
|
||||||
- email: maor.friedman@redhat.com
|
|
||||||
name: maorfr
|
|
||||||
- email: miroslav.hadzhiev@gmail.com
|
|
||||||
name: Xtigyro
|
|
||||||
- email: mail@torstenwalter.de
|
|
||||||
name: torstenwalter
|
|
||||||
name: grafana
|
|
||||||
sources:
|
|
||||||
- https://github.com/grafana/grafana
|
|
||||||
type: application
|
|
||||||
version: 6.29.1
|
|
|
@ -1,567 +0,0 @@
|
||||||
# Grafana Helm Chart
|
|
||||||
|
|
||||||
* Installs the web dashboarding system [Grafana](http://grafana.org/)
|
|
||||||
|
|
||||||
## Get Repo Info
|
|
||||||
|
|
||||||
```console
|
|
||||||
helm repo add grafana https://grafana.github.io/helm-charts
|
|
||||||
helm repo update
|
|
||||||
```
|
|
||||||
|
|
||||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
|
||||||
|
|
||||||
## Installing the Chart
|
|
||||||
|
|
||||||
To install the chart with the release name `my-release`:
|
|
||||||
|
|
||||||
```console
|
|
||||||
helm install my-release grafana/grafana
|
|
||||||
```
|
|
||||||
|
|
||||||
## Uninstalling the Chart
|
|
||||||
|
|
||||||
To uninstall/delete the my-release deployment:
|
|
||||||
|
|
||||||
```console
|
|
||||||
helm delete my-release
|
|
||||||
```
|
|
||||||
|
|
||||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
|
||||||
|
|
||||||
## Upgrading an existing Release to a new major version
|
|
||||||
|
|
||||||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
|
|
||||||
incompatible breaking change needing manual actions.
|
|
||||||
|
|
||||||
### To 4.0.0 (And 3.12.1)
|
|
||||||
|
|
||||||
This version requires Helm >= 2.12.0.
|
|
||||||
|
|
||||||
### To 5.0.0
|
|
||||||
|
|
||||||
You have to add --force to your helm upgrade command as the labels of the chart have changed.
|
|
||||||
|
|
||||||
### To 6.0.0
|
|
||||||
|
|
||||||
This version requires Helm >= 3.1.0.
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
|
||||||
|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
|
|
||||||
| `replicas` | Number of nodes | `1` |
|
|
||||||
| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
|
|
||||||
| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
|
|
||||||
| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
|
|
||||||
| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
|
|
||||||
| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
|
|
||||||
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
|
|
||||||
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
|
|
||||||
| `image.repository` | Image repository | `grafana/grafana` |
|
|
||||||
| `image.tag` | Image tag (`Must be >= 5.0.0`) | `8.2.5` |
|
|
||||||
| `image.sha` | Image sha (optional) | `2acf04c016c77ca2e89af3536367ce847ee326effb933121881c7c89781051d3` |
|
|
||||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
|
||||||
| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` |
|
|
||||||
| `service.enabled` | Enable grafana service | `true` |
|
|
||||||
| `service.type` | Kubernetes service type | `ClusterIP` |
|
|
||||||
| `service.port` | Kubernetes port where service is exposed | `80` |
|
|
||||||
| `service.portName` | Name of the port on the service | `service` |
|
|
||||||
| `service.targetPort` | Internal service is port | `3000` |
|
|
||||||
| `service.nodePort` | Kubernetes service nodePort | `nil` |
|
|
||||||
| `service.annotations` | Service annotations (can be templated) | `{}` |
|
|
||||||
| `service.labels` | Custom labels | `{}` |
|
|
||||||
| `service.clusterIP` | internal cluster service IP | `nil` |
|
|
||||||
| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
|
|
||||||
| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
|
|
||||||
| `service.externalIPs` | service external IP addresses | `[]` |
|
|
||||||
| `headlessService` | Create a headless service | `false` |
|
|
||||||
| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
|
|
||||||
| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
|
|
||||||
| `ingress.enabled` | Enables Ingress | `false` |
|
|
||||||
| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
|
|
||||||
| `ingress.labels` | Custom labels | `{}` |
|
|
||||||
| `ingress.path` | Ingress accepted path | `/` |
|
|
||||||
| `ingress.pathType` | Ingress type of path | `Prefix` |
|
|
||||||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
|
||||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
|
||||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
|
||||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
|
||||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
|
||||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
|
||||||
| `affinity` | Affinity settings for pod assignment | `{}` |
|
|
||||||
| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
|
|
||||||
| `extraContainers` | Sidecar containers to add to the grafana pod | `""` |
|
|
||||||
| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
|
|
||||||
| `extraLabels` | Custom labels for all manifests | `{}` |
|
|
||||||
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
|
|
||||||
| `persistence.enabled` | Use persistent volume to store data | `false` |
|
|
||||||
| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
|
|
||||||
| `persistence.size` | Size of persistent volume claim | `10Gi` |
|
|
||||||
| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` |
|
|
||||||
| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
|
|
||||||
| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
|
|
||||||
| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
|
|
||||||
| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
|
|
||||||
| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` |
|
|
||||||
| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
|
|
||||||
| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
|
|
||||||
| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
|
|
||||||
| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
|
|
||||||
| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
|
|
||||||
| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
|
|
||||||
| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
|
|
||||||
| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
|
|
||||||
| `schedulerName` | Alternate scheduler name | `nil` |
|
|
||||||
| `env` | Extra environment variables passed to pods | `{}` |
|
|
||||||
| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
|
|
||||||
| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
|
|
||||||
| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
|
|
||||||
| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
|
|
||||||
| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` |
|
|
||||||
| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` |
|
|
||||||
| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
|
|
||||||
| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
|
|
||||||
| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` |
|
|
||||||
| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
|
|
||||||
| `plugins` | Plugins to be loaded along with Grafana | `[]` |
|
|
||||||
| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
|
|
||||||
| `notifiers` | Configure grafana notifiers | `{}` |
|
|
||||||
| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
|
|
||||||
| `dashboards` | Dashboards to import | `{}` |
|
|
||||||
| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
|
|
||||||
| `grafana.ini` | Grafana's primary configuration | `{}` |
|
|
||||||
| `ldap.enabled` | Enable LDAP authentication | `false` |
|
|
||||||
| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
|
|
||||||
| `ldap.config` | Grafana's LDAP configuration | `""` |
|
|
||||||
| `annotations` | Deployment annotations | `{}` |
|
|
||||||
| `labels` | Deployment labels | `{}` |
|
|
||||||
| `podAnnotations` | Pod annotations | `{}` |
|
|
||||||
| `podLabels` | Pod labels | `{}` |
|
|
||||||
| `podPortName` | Name of the grafana port on the pod | `grafana` |
|
|
||||||
| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` |
|
|
||||||
| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` |
|
|
||||||
| `sidecar.image.tag` | Sidecar image tag | `1.15.6` |
|
|
||||||
| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
|
|
||||||
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
|
|
||||||
| `sidecar.resources` | Sidecar resources | `{}` |
|
|
||||||
| `sidecar.securityContext` | Sidecar securityContext | `{}` |
|
|
||||||
| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` |
|
|
||||||
| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
|
|
||||||
| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
|
|
||||||
| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
|
|
||||||
| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
|
|
||||||
| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
|
|
||||||
| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
|
|
||||||
| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
|
|
||||||
| `sidecar.dashboards.provider.type` | Provider type | `file` |
|
|
||||||
| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
|
|
||||||
| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
|
|
||||||
| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
|
|
||||||
| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
|
|
||||||
| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` |
|
|
||||||
| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
|
|
||||||
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
|
|
||||||
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
|
||||||
| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` |
|
|
||||||
| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
|
|
||||||
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
|
||||||
| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
|
|
||||||
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
|
||||||
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
|
|
||||||
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
|
|
||||||
| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` |
|
|
||||||
| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
|
||||||
| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` |
|
|
||||||
| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
|
|
||||||
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
|
|
||||||
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
|
|
||||||
| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` |
|
|
||||||
| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
|
||||||
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
|
|
||||||
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
|
|
||||||
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
|
|
||||||
| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` |
|
|
||||||
| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
|
|
||||||
| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
|
|
||||||
| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` |
|
|
||||||
| `serviceAccount.annotations` | ServiceAccount annotations | |
|
|
||||||
| `serviceAccount.create` | Create service account | `true` |
|
|
||||||
| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
|
|
||||||
| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
|
|
||||||
| `rbac.create` | Create and use RBAC resources | `true` |
|
|
||||||
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
|
|
||||||
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
|
|
||||||
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
|
|
||||||
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
|
|
||||||
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
|
|
||||||
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
|
|
||||||
| `command` | Define command to be executed by grafana container at startup | `nil` |
|
|
||||||
| `testFramework.enabled` | Whether to create test-related resources | `true` |
|
|
||||||
| `testFramework.image` | `test-framework` image repository. | `bats/bats` |
|
|
||||||
| `testFramework.tag` | `test-framework` image tag. | `v1.4.1` |
|
|
||||||
| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
|
|
||||||
| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
|
|
||||||
| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
|
|
||||||
| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
|
|
||||||
| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
|
|
||||||
| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` |
|
|
||||||
| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` |
|
|
||||||
| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
|
|
||||||
| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
|
|
||||||
| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
|
|
||||||
| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
|
|
||||||
| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
|
|
||||||
| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
|
|
||||||
| `serviceMonitor.path` | Path to scrape | `/metrics` |
|
|
||||||
| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
|
|
||||||
| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
|
|
||||||
| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
|
|
||||||
| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
|
|
||||||
| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
|
|
||||||
| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
|
|
||||||
| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
|
|
||||||
| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
|
|
||||||
| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
|
|
||||||
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
|
|
||||||
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
|
|
||||||
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
|
|
||||||
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
|
|
||||||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
|
||||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
|
||||||
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
|
|
||||||
| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
|
|
||||||
| `imageRenderer.service.portName` | image-renderer service port name | `http` |
|
|
||||||
| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` |
|
|
||||||
| `imageRenderer.grafanaProtocol` | Protocol to use for image renderer callback url | `http` |
|
|
||||||
| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
|
|
||||||
| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
|
|
||||||
| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
|
|
||||||
| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
|
|
||||||
| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
|
|
||||||
| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` |
|
|
||||||
| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` |
|
|
||||||
| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` |
|
|
||||||
| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` |
|
|
||||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` |
|
|
||||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
|
||||||
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
|
|
||||||
| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` |
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Example ingress with path
|
|
||||||
|
|
||||||
With grafana 6.3 and above
|
|
||||||
```yaml
|
|
||||||
grafana.ini:
|
|
||||||
server:
|
|
||||||
domain: monitoring.example.com
|
|
||||||
root_url: "%(protocol)s://%(domain)s/grafana"
|
|
||||||
serve_from_sub_path: true
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
hosts:
|
|
||||||
- "monitoring.example.com"
|
|
||||||
path: "/grafana"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Example of extraVolumeMounts
|
|
||||||
|
|
||||||
Volume can be type persistentVolumeClaim or hostPath but not both at same time.
|
|
||||||
If none existingClaim or hostPath argument is givent then type is emptyDir.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- extraVolumeMounts:
|
|
||||||
- name: plugins
|
|
||||||
mountPath: /var/lib/grafana/plugins
|
|
||||||
subPath: configs/grafana/plugins
|
|
||||||
existingClaim: existing-grafana-claim
|
|
||||||
readOnly: false
|
|
||||||
- name: dashboards
|
|
||||||
mountPath: /var/lib/grafana/dashboards
|
|
||||||
hostPath: /usr/shared/grafana/dashboards
|
|
||||||
readOnly: false
|
|
||||||
```
|
|
||||||
|
|
||||||
## Import dashboards
|
|
||||||
|
|
||||||
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
dashboards:
|
|
||||||
default:
|
|
||||||
some-dashboard:
|
|
||||||
json: |
|
|
||||||
{
|
|
||||||
"annotations":
|
|
||||||
|
|
||||||
...
|
|
||||||
# Complete json file here
|
|
||||||
...
|
|
||||||
|
|
||||||
"title": "Some Dashboard",
|
|
||||||
"uid": "abcd1234",
|
|
||||||
"version": 1
|
|
||||||
}
|
|
||||||
custom-dashboard:
|
|
||||||
# This is a path to a file inside the dashboards directory inside the chart directory
|
|
||||||
file: dashboards/custom-dashboard.json
|
|
||||||
prometheus-stats:
|
|
||||||
# Ref: https://grafana.com/dashboards/2
|
|
||||||
gnetId: 2
|
|
||||||
revision: 2
|
|
||||||
datasource: Prometheus
|
|
||||||
local-dashboard:
|
|
||||||
url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
|
|
||||||
```
|
|
||||||
|
|
||||||
## BASE64 dashboards
|
|
||||||
|
|
||||||
Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
|
|
||||||
A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
|
|
||||||
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
|
|
||||||
|
|
||||||
### Gerrit use case
|
|
||||||
|
|
||||||
Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
|
|
||||||
{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
|
|
||||||
the url value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
|
|
||||||
|
|
||||||
## Sidecar for dashboards
|
|
||||||
|
|
||||||
If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
|
|
||||||
pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
|
|
||||||
a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
|
|
||||||
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
|
|
||||||
dashboards are deleted/updated.
|
|
||||||
|
|
||||||
A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
|
|
||||||
one configmap is currently not properly mirrored in grafana.
|
|
||||||
|
|
||||||
Example dashboard config:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: sample-grafana-dashboard
|
|
||||||
labels:
|
|
||||||
grafana_dashboard: "1"
|
|
||||||
data:
|
|
||||||
k8s-dashboard.json: |-
|
|
||||||
[...]
|
|
||||||
```
|
|
||||||
|
|
||||||
## Sidecar for datasources
|
|
||||||
|
|
||||||
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
|
|
||||||
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
|
|
||||||
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
|
|
||||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
|
||||||
the data sources in grafana can be imported.
|
|
||||||
|
|
||||||
Secrets are recommended over configmaps for this usecase because datasources usually contain private
|
|
||||||
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
|
||||||
|
|
||||||
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
datasources:
|
|
||||||
datasources.yaml:
|
|
||||||
apiVersion: 1
|
|
||||||
datasources:
|
|
||||||
# <string, required> name of the datasource. Required
|
|
||||||
- name: Graphite
|
|
||||||
# <string, required> datasource type. Required
|
|
||||||
type: graphite
|
|
||||||
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
|
|
||||||
access: proxy
|
|
||||||
# <int> org id. will default to orgId 1 if not specified
|
|
||||||
orgId: 1
|
|
||||||
# <string> url
|
|
||||||
url: http://localhost:8080
|
|
||||||
# <string> database password, if used
|
|
||||||
password:
|
|
||||||
# <string> database user, if used
|
|
||||||
user:
|
|
||||||
# <string> database name, if used
|
|
||||||
database:
|
|
||||||
# <bool> enable/disable basic auth
|
|
||||||
basicAuth:
|
|
||||||
# <string> basic auth username
|
|
||||||
basicAuthUser:
|
|
||||||
# <string> basic auth password
|
|
||||||
basicAuthPassword:
|
|
||||||
# <bool> enable/disable with credentials headers
|
|
||||||
withCredentials:
|
|
||||||
# <bool> mark as default datasource. Max one per org
|
|
||||||
isDefault:
|
|
||||||
# <map> fields that will be converted to json and stored in json_data
|
|
||||||
jsonData:
|
|
||||||
graphiteVersion: "1.1"
|
|
||||||
tlsAuth: true
|
|
||||||
tlsAuthWithCACert: true
|
|
||||||
# <string> json object of data that will be encrypted.
|
|
||||||
secureJsonData:
|
|
||||||
tlsCACert: "..."
|
|
||||||
tlsClientCert: "..."
|
|
||||||
tlsClientKey: "..."
|
|
||||||
version: 1
|
|
||||||
# <bool> allow users to edit datasources from the UI.
|
|
||||||
editable: false
|
|
||||||
```
|
|
||||||
|
|
||||||
## Sidecar for notifiers
|
|
||||||
|
|
||||||
If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
|
|
||||||
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
|
|
||||||
filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
|
|
||||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
|
||||||
the notification channels in grafana can be imported. The secrets must be created before
|
|
||||||
`helm install` so that the notifiers init container can list the secrets.
|
|
||||||
|
|
||||||
Secrets are recommended over configmaps for this usecase because alert notification channels usually contain
|
|
||||||
private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
|
||||||
|
|
||||||
Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels):
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
notifiers:
|
|
||||||
- name: notification-channel-1
|
|
||||||
type: slack
|
|
||||||
uid: notifier1
|
|
||||||
# either
|
|
||||||
org_id: 2
|
|
||||||
# or
|
|
||||||
org_name: Main Org.
|
|
||||||
is_default: true
|
|
||||||
send_reminder: true
|
|
||||||
frequency: 1h
|
|
||||||
disable_resolve_message: false
|
|
||||||
# See `Supported Settings` section for settings supporter for each
|
|
||||||
# alert notification type.
|
|
||||||
settings:
|
|
||||||
recipient: 'XXX'
|
|
||||||
token: 'xoxb'
|
|
||||||
uploadImage: true
|
|
||||||
url: https://slack.com
|
|
||||||
|
|
||||||
delete_notifiers:
|
|
||||||
- name: notification-channel-1
|
|
||||||
uid: notifier1
|
|
||||||
org_id: 2
|
|
||||||
- name: notification-channel-2
|
|
||||||
# default org_id: 1
|
|
||||||
```
|
|
||||||
|
|
||||||
## How to serve Grafana with a path prefix (/grafana)
|
|
||||||
|
|
||||||
In order to serve Grafana with a prefix (e.g., <http://example.com/grafana>), add the following to your values.yaml.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/rewrite-target: /$1
|
|
||||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
|
||||||
|
|
||||||
path: /grafana/?(.*)
|
|
||||||
hosts:
|
|
||||||
- k8s.example.dev
|
|
||||||
|
|
||||||
grafana.ini:
|
|
||||||
server:
|
|
||||||
root_url: http://localhost:3000/grafana # this host can be localhost
|
|
||||||
```
|
|
||||||
|
|
||||||
## How to securely reference secrets in grafana.ini
|
|
||||||
|
|
||||||
This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets.
|
|
||||||
|
|
||||||
In grafana.ini:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
grafana.ini:
|
|
||||||
[auth.generic_oauth]
|
|
||||||
enabled = true
|
|
||||||
client_id = $__file{/etc/secrets/auth_generic_oauth/client_id}
|
|
||||||
client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret}
|
|
||||||
```
|
|
||||||
|
|
||||||
Existing secret, or created along with helm:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: auth-generic-oauth-secret
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
client_id: <value>
|
|
||||||
client_secret: <value>
|
|
||||||
```
|
|
||||||
|
|
||||||
Include in the `extraSecretMounts` configuration flag:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- extraSecretMounts:
|
|
||||||
- name: auth-generic-oauth-secret-mount
|
|
||||||
secretName: auth-generic-oauth-secret
|
|
||||||
defaultMode: 0440
|
|
||||||
mountPath: /etc/secrets/auth_generic_oauth
|
|
||||||
readOnly: true
|
|
||||||
```
|
|
||||||
|
|
||||||
### extraSecretMounts using a Container Storage Interface (CSI) provider
|
|
||||||
|
|
||||||
This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- extraSecretMounts:
|
|
||||||
- name: secrets-store-inline
|
|
||||||
mountPath: /run/secrets
|
|
||||||
readOnly: true
|
|
||||||
csi:
|
|
||||||
driver: secrets-store.csi.k8s.io
|
|
||||||
readOnly: true
|
|
||||||
volumeAttributes:
|
|
||||||
secretProviderClass: "my-provider"
|
|
||||||
nodePublishSecretRef:
|
|
||||||
name: akv-creds
|
|
||||||
```
|
|
||||||
|
|
||||||
## Image Renderer Plug-In
|
|
||||||
|
|
||||||
This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker)
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
imageRenderer:
|
|
||||||
enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
### Image Renderer NetworkPolicy
|
|
||||||
|
|
||||||
By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance
|
|
||||||
|
|
||||||
### High Availability for unified alerting
|
|
||||||
|
|
||||||
If you want to run Grafana in a high availability cluster you need to enable
|
|
||||||
the headless service by setting `headlessService: true` in your `values.yaml`
|
|
||||||
file.
|
|
||||||
|
|
||||||
As next step you have to setup the `grafana.ini` in your `values.yaml` in a way
|
|
||||||
that it will make use of the headless service to obtain all the IPs of the
|
|
||||||
cluster. You should replace ``{{ Name }}`` with the name of your helm deployment.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
grafana.ini:
|
|
||||||
...
|
|
||||||
unified_alerting:
|
|
||||||
enabled: true
|
|
||||||
ha_peers: {{ Name }}-headless:9094
|
|
||||||
alerting:
|
|
||||||
enabled: false
|
|
||||||
```
|
|
|
@ -1 +0,0 @@
|
||||||
# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
|
|
|
@ -1,16 +0,0 @@
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- podAffinityTerm:
|
|
||||||
labelSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/instance: grafana-test
|
|
||||||
app.kubernetes.io/name: grafana
|
|
||||||
topologyKey: failure-domain.beta.kubernetes.io/zone
|
|
||||||
weight: 100
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/instance: grafana-test
|
|
||||||
app.kubernetes.io/name: grafana
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
|
@ -1,53 +0,0 @@
|
||||||
dashboards:
|
|
||||||
my-provider:
|
|
||||||
my-awesome-dashboard:
|
|
||||||
# An empty but valid dashboard
|
|
||||||
json: |
|
|
||||||
{
|
|
||||||
"__inputs": [],
|
|
||||||
"__requires": [
|
|
||||||
{
|
|
||||||
"type": "grafana",
|
|
||||||
"id": "grafana",
|
|
||||||
"name": "Grafana",
|
|
||||||
"version": "6.3.5"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"annotations": {
|
|
||||||
"list": [
|
|
||||||
{
|
|
||||||
"builtIn": 1,
|
|
||||||
"datasource": "-- Grafana --",
|
|
||||||
"enable": true,
|
|
||||||
"hide": true,
|
|
||||||
"iconColor": "rgba(0, 211, 255, 1)",
|
|
||||||
"name": "Annotations & Alerts",
|
|
||||||
"type": "dashboard"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"editable": true,
|
|
||||||
"gnetId": null,
|
|
||||||
"graphTooltip": 0,
|
|
||||||
"id": null,
|
|
||||||
"links": [],
|
|
||||||
"panels": [],
|
|
||||||
"schemaVersion": 19,
|
|
||||||
"style": "dark",
|
|
||||||
"tags": [],
|
|
||||||
"templating": {
|
|
||||||
"list": []
|
|
||||||
},
|
|
||||||
"time": {
|
|
||||||
"from": "now-6h",
|
|
||||||
"to": "now"
|
|
||||||
},
|
|
||||||
"timepicker": {
|
|
||||||
"refresh_intervals": ["5s"]
|
|
||||||
},
|
|
||||||
"timezone": "",
|
|
||||||
"title": "Dummy Dashboard",
|
|
||||||
"uid": "IdcYQooWk",
|
|
||||||
"version": 1
|
|
||||||
}
|
|
||||||
datasource: Prometheus
|
|
|
@ -1,19 +0,0 @@
|
||||||
dashboards:
|
|
||||||
my-provider:
|
|
||||||
my-awesome-dashboard:
|
|
||||||
gnetId: 10000
|
|
||||||
revision: 1
|
|
||||||
datasource: Prometheus
|
|
||||||
dashboardProviders:
|
|
||||||
dashboardproviders.yaml:
|
|
||||||
apiVersion: 1
|
|
||||||
providers:
|
|
||||||
- name: 'my-provider'
|
|
||||||
orgId: 1
|
|
||||||
folder: ''
|
|
||||||
type: file
|
|
||||||
updateIntervalSeconds: 10
|
|
||||||
disableDeletion: true
|
|
||||||
editable: true
|
|
||||||
options:
|
|
||||||
path: /var/lib/grafana/dashboards/my-provider
|
|
|
@ -1,7 +0,0 @@
|
||||||
extraConfigmapMounts:
|
|
||||||
- name: '{{ template "grafana.fullname" . }}'
|
|
||||||
configMap: '{{ template "grafana.fullname" . }}'
|
|
||||||
mountPath: /var/lib/grafana/dashboards/test-dashboard.json
|
|
||||||
# This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap
|
|
||||||
subPath: grafana.ini
|
|
||||||
readOnly: true
|
|
|
@ -1,19 +0,0 @@
|
||||||
podLabels:
|
|
||||||
customLableA: Aaaaa
|
|
||||||
imageRenderer:
|
|
||||||
enabled: true
|
|
||||||
env:
|
|
||||||
RENDERING_ARGS: --disable-gpu,--window-size=1280x758
|
|
||||||
RENDERING_MODE: clustered
|
|
||||||
podLabels:
|
|
||||||
customLableB: Bbbbb
|
|
||||||
networkPolicy:
|
|
||||||
limitIngress: true
|
|
||||||
limitEgress: true
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 1000m
|
|
||||||
memory: 1000Mi
|
|
||||||
requests:
|
|
||||||
cpu: 500m
|
|
||||||
memory: 50Mi
|
|
|
@ -1,3 +0,0 @@
|
||||||
persistence:
|
|
||||||
type: pvc
|
|
||||||
enabled: true
|
|
|
@ -1 +0,0 @@
|
||||||
{}
|
|
|
@ -1,54 +0,0 @@
|
||||||
1. Get your '{{ .Values.adminUser }}' user password by running:
|
|
||||||
|
|
||||||
kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
|
|
||||||
|
|
||||||
2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
|
|
||||||
|
|
||||||
{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local
|
|
||||||
{{ if .Values.ingress.enabled }}
|
|
||||||
If you bind grafana to 80, please update values in values.yaml and reinstall:
|
|
||||||
```
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 0
|
|
||||||
runAsGroup: 0
|
|
||||||
fsGroup: 0
|
|
||||||
|
|
||||||
command:
|
|
||||||
- "setcap"
|
|
||||||
- "'cap_net_bind_service=+ep'"
|
|
||||||
- "/usr/sbin/grafana-server &&"
|
|
||||||
- "sh"
|
|
||||||
- "/run.sh"
|
|
||||||
```
|
|
||||||
Details refer to https://grafana.com/docs/installation/configuration/#http-port.
|
|
||||||
Or grafana would always crash.
|
|
||||||
|
|
||||||
From outside the cluster, the server URL(s) are:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
http://{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{ else }}
|
|
||||||
Get the Grafana URL to visit by running these commands in the same shell:
|
|
||||||
{{ if contains "NodePort" .Values.service.type -}}
|
|
||||||
export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
|
|
||||||
export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
|
||||||
echo http://$NODE_IP:$NODE_PORT
|
|
||||||
{{ else if contains "LoadBalancer" .Values.service.type -}}
|
|
||||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
|
||||||
You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}'
|
|
||||||
export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
|
||||||
http://$SERVICE_IP:{{ .Values.service.port -}}
|
|
||||||
{{ else if contains "ClusterIP" .Values.service.type }}
|
|
||||||
export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
|
||||||
kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
|
|
||||||
|
|
||||||
{{- if not .Values.persistence.enabled }}
|
|
||||||
#################################################################################
|
|
||||||
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
|
||||||
###### the Grafana pod is terminated. #####
|
|
||||||
#################################################################################
|
|
||||||
{{- end }}
|
|
|
@ -1,163 +0,0 @@
|
||||||
{{/* vim: set filetype=mustache: */}}
|
|
||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.name" -}}
|
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create a default fully qualified app name.
|
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
||||||
If release name contains chart name it will be used as a full name.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.fullname" -}}
|
|
||||||
{{- if .Values.fullnameOverride -}}
|
|
||||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
||||||
{{- if contains $name .Release.Name -}}
|
|
||||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create the name of the service account
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.serviceAccountName" -}}
|
|
||||||
{{- if .Values.serviceAccount.create -}}
|
|
||||||
{{ default (include "grafana.fullname" .) .Values.serviceAccount.name }}
|
|
||||||
{{- else -}}
|
|
||||||
{{ default "default" .Values.serviceAccount.name }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- define "grafana.serviceAccountNameTest" -}}
|
|
||||||
{{- if .Values.serviceAccount.create -}}
|
|
||||||
{{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
|
|
||||||
{{- else -}}
|
|
||||||
{{ default "default" .Values.serviceAccount.nameTest }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.namespace" -}}
|
|
||||||
{{- if .Values.namespaceOverride -}}
|
|
||||||
{{- .Values.namespaceOverride -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- .Release.Namespace -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Common labels
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.labels" -}}
|
|
||||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
|
||||||
{{ include "grafana.selectorLabels" . }}
|
|
||||||
{{- if or .Chart.AppVersion .Values.image.tag }}
|
|
||||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- if .Values.extraLabels }}
|
|
||||||
{{ toYaml .Values.extraLabels }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Selector labels
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.selectorLabels" -}}
|
|
||||||
app.kubernetes.io/name: {{ include "grafana.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Common labels
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.imageRenderer.labels" -}}
|
|
||||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
|
||||||
{{ include "grafana.imageRenderer.selectorLabels" . }}
|
|
||||||
{{- if or .Chart.AppVersion .Values.image.tag }}
|
|
||||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Selector labels ImageRenderer
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.imageRenderer.selectorLabels" -}}
|
|
||||||
app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Looks if there's an existing secret and reuse its password. If not it generates
|
|
||||||
new password and use it.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.password" -}}
|
|
||||||
{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
|
|
||||||
{{- if $secret -}}
|
|
||||||
{{- index $secret "data" "admin-password" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- (randAlphaNum 40) | b64enc | quote -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return the appropriate apiVersion for rbac.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.rbac.apiVersion" -}}
|
|
||||||
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
|
|
||||||
{{- print "rbac.authorization.k8s.io/v1" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return the appropriate apiVersion for ingress.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.ingress.apiVersion" -}}
|
|
||||||
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}}
|
|
||||||
{{- print "networking.k8s.io/v1" -}}
|
|
||||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
|
|
||||||
{{- print "networking.k8s.io/v1beta1" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- print "extensions/v1beta1" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return if ingress is stable.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.ingress.isStable" -}}
|
|
||||||
{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return if ingress supports ingressClassName.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.ingress.supportsIngressClassName" -}}
|
|
||||||
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return if ingress supports pathType.
|
|
||||||
*/}}
|
|
||||||
{{- define "grafana.ingress.supportsPathType" -}}
|
|
||||||
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
|
|
||||||
{{- end -}}
|
|
|
@ -1,748 +0,0 @@
|
||||||
|
|
||||||
{{- define "grafana.pod" -}}
|
|
||||||
{{- if .Values.schedulerName }}
|
|
||||||
schedulerName: "{{ .Values.schedulerName }}"
|
|
||||||
{{- end }}
|
|
||||||
serviceAccountName: {{ template "grafana.serviceAccountName" . }}
|
|
||||||
automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }}
|
|
||||||
{{- if .Values.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{ toYaml .Values.securityContext | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.hostAliases }}
|
|
||||||
hostAliases:
|
|
||||||
{{ toYaml .Values.hostAliases | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.priorityClassName }}
|
|
||||||
priorityClassName: {{ .Values.priorityClassName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources)) }}
|
|
||||||
initContainers:
|
|
||||||
{{- end }}
|
|
||||||
{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }}
|
|
||||||
- name: init-chown-data
|
|
||||||
{{- if .Values.initChownData.image.sha }}
|
|
||||||
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }}
|
|
||||||
securityContext:
|
|
||||||
runAsNonRoot: false
|
|
||||||
runAsUser: 0
|
|
||||||
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"]
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.initChownData.resources | indent 6 }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: storage
|
|
||||||
mountPath: "/var/lib/grafana"
|
|
||||||
{{- if .Values.persistence.subPath }}
|
|
||||||
subPath: {{ tpl .Values.persistence.subPath . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.dashboards }}
|
|
||||||
- name: download-dashboards
|
|
||||||
{{- if .Values.downloadDashboardsImage.sha }}
|
|
||||||
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
|
|
||||||
command: ["/bin/sh"]
|
|
||||||
args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ]
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.downloadDashboards.resources | indent 6 }}
|
|
||||||
env:
|
|
||||||
{{- range $key, $value := .Values.downloadDashboards.env }}
|
|
||||||
- name: "{{ $key }}"
|
|
||||||
value: "{{ $value }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.downloadDashboards.envFromSecret }}
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: {{ tpl .Values.downloadDashboards.envFromSecret . }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: config
|
|
||||||
mountPath: "/etc/grafana/download_dashboards.sh"
|
|
||||||
subPath: download_dashboards.sh
|
|
||||||
- name: storage
|
|
||||||
mountPath: "/var/lib/grafana"
|
|
||||||
{{- if .Values.persistence.subPath }}
|
|
||||||
subPath: {{ tpl .Values.persistence.subPath . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.extraSecretMounts }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
mountPath: {{ .mountPath }}
|
|
||||||
readOnly: {{ .readOnly }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }}
|
|
||||||
- name: {{ template "grafana.name" . }}-init-sc-datasources
|
|
||||||
{{- if .Values.sidecar.image.sha }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
|
||||||
env:
|
|
||||||
- name: METHOD
|
|
||||||
value: "LIST"
|
|
||||||
- name: LABEL
|
|
||||||
value: "{{ .Values.sidecar.datasources.label }}"
|
|
||||||
{{- if .Values.sidecar.datasources.labelValue }}
|
|
||||||
- name: LABEL_VALUE
|
|
||||||
value: {{ quote .Values.sidecar.datasources.labelValue }}
|
|
||||||
{{- end }}
|
|
||||||
- name: FOLDER
|
|
||||||
value: "/etc/grafana/provisioning/datasources"
|
|
||||||
- name: RESOURCE
|
|
||||||
value: {{ quote .Values.sidecar.datasources.resource }}
|
|
||||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
|
||||||
- name: UNIQUE_FILENAMES
|
|
||||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.datasources.searchNamespace }}
|
|
||||||
- name: NAMESPACE
|
|
||||||
value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.skipTlsVerify }}
|
|
||||||
- name: SKIP_TLS_VERIFY
|
|
||||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
|
||||||
{{- if .Values.sidecar.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: sc-datasources-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/datasources"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.notifiers.enabled }}
|
|
||||||
- name: {{ template "grafana.name" . }}-sc-notifiers
|
|
||||||
{{- if .Values.sidecar.image.sha }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
|
||||||
env:
|
|
||||||
- name: METHOD
|
|
||||||
value: LIST
|
|
||||||
- name: LABEL
|
|
||||||
value: "{{ .Values.sidecar.notifiers.label }}"
|
|
||||||
- name: FOLDER
|
|
||||||
value: "/etc/grafana/provisioning/notifiers"
|
|
||||||
- name: RESOURCE
|
|
||||||
value: {{ quote .Values.sidecar.notifiers.resource }}
|
|
||||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
|
||||||
- name: UNIQUE_FILENAMES
|
|
||||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.notifiers.searchNamespace }}
|
|
||||||
- name: NAMESPACE
|
|
||||||
value: "{{ .Values.sidecar.notifiers.searchNamespace | join "," }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.skipTlsVerify }}
|
|
||||||
- name: SKIP_TLS_VERIFY
|
|
||||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.livenessProbe }}
|
|
||||||
livenessProbe:
|
|
||||||
{{ toYaml .Values.livenessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.readinessProbe }}
|
|
||||||
readinessProbe:
|
|
||||||
{{ toYaml .Values.readinessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
|
||||||
{{- if .Values.sidecar.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: sc-notifiers-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/notifiers"
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.extraInitContainers }}
|
|
||||||
{{ tpl (toYaml .Values.extraInitContainers) . | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.image.pullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- range .Values.image.pullSecrets }}
|
|
||||||
- name: {{ tpl . $root }}
|
|
||||||
{{- end}}
|
|
||||||
{{- end }}
|
|
||||||
{{- if not .Values.enableKubeBackwardCompatibility }}
|
|
||||||
enableServiceLinks: {{ .Values.enableServiceLinks }}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
{{- if .Values.sidecar.dashboards.enabled }}
|
|
||||||
- name: {{ template "grafana.name" . }}-sc-dashboard
|
|
||||||
{{- if .Values.sidecar.image.sha }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
|
||||||
env:
|
|
||||||
- name: METHOD
|
|
||||||
value: {{ .Values.sidecar.dashboards.watchMethod }}
|
|
||||||
- name: LABEL
|
|
||||||
value: "{{ .Values.sidecar.dashboards.label }}"
|
|
||||||
{{- if .Values.sidecar.dashboards.labelValue }}
|
|
||||||
- name: LABEL_VALUE
|
|
||||||
value: {{ quote .Values.sidecar.dashboards.labelValue }}
|
|
||||||
{{- end }}
|
|
||||||
- name: FOLDER
|
|
||||||
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
|
|
||||||
- name: RESOURCE
|
|
||||||
value: {{ quote .Values.sidecar.dashboards.resource }}
|
|
||||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
|
||||||
- name: UNIQUE_FILENAMES
|
|
||||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.dashboards.searchNamespace }}
|
|
||||||
- name: NAMESPACE
|
|
||||||
value: "{{ .Values.sidecar.dashboards.searchNamespace | join "," }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.skipTlsVerify }}
|
|
||||||
- name: SKIP_TLS_VERIFY
|
|
||||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.dashboards.folderAnnotation }}
|
|
||||||
- name: FOLDER_ANNOTATION
|
|
||||||
value: "{{ .Values.sidecar.dashboards.folderAnnotation }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.dashboards.script }}
|
|
||||||
- name: SCRIPT
|
|
||||||
value: "{{ .Values.sidecar.dashboards.script }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.dashboards.watchServerTimeout }}
|
|
||||||
- name: WATCH_SERVER_TIMEOUT
|
|
||||||
value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.dashboards.watchClientTimeout }}
|
|
||||||
- name: WATCH_CLIENT_TIMEOUT
|
|
||||||
value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.livenessProbe }}
|
|
||||||
livenessProbe:
|
|
||||||
{{ toYaml .Values.livenessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.readinessProbe }}
|
|
||||||
readinessProbe:
|
|
||||||
{{ toYaml .Values.readinessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
|
||||||
{{- if .Values.sidecar.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: sc-dashboard-volume
|
|
||||||
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
|
|
||||||
{{- if .Values.sidecar.dashboards.extraMounts }}
|
|
||||||
{{- toYaml .Values.sidecar.dashboards.extraMounts | trim | nindent 6}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.sidecar.datasources.enabled }}
|
|
||||||
- name: {{ template "grafana.name" . }}-sc-datasources
|
|
||||||
{{- if .Values.sidecar.image.sha }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
|
||||||
env:
|
|
||||||
- name: METHOD
|
|
||||||
value: {{ .Values.sidecar.datasources.watchMethod }}
|
|
||||||
- name: LABEL
|
|
||||||
value: "{{ .Values.sidecar.datasources.label }}"
|
|
||||||
{{- if .Values.sidecar.datasources.labelValue }}
|
|
||||||
- name: LABEL_VALUE
|
|
||||||
value: {{ quote .Values.sidecar.datasources.labelValue }}
|
|
||||||
{{- end }}
|
|
||||||
- name: FOLDER
|
|
||||||
value: "/etc/grafana/provisioning/datasources"
|
|
||||||
- name: RESOURCE
|
|
||||||
value: {{ quote .Values.sidecar.datasources.resource }}
|
|
||||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
|
||||||
- name: UNIQUE_FILENAMES
|
|
||||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.datasources.searchNamespace }}
|
|
||||||
- name: NAMESPACE
|
|
||||||
value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.skipTlsVerify }}
|
|
||||||
- name: SKIP_TLS_VERIFY
|
|
||||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
- name: REQ_USERNAME
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
|
||||||
key: {{ .Values.admin.userKey | default "admin-user" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
- name: REQ_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
|
||||||
key: {{ .Values.admin.passwordKey | default "admin-password" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if not .Values.sidecar.datasources.skipReload }}
|
|
||||||
- name: REQ_URL
|
|
||||||
value: {{ .Values.sidecar.datasources.reloadURL }}
|
|
||||||
- name: REQ_METHOD
|
|
||||||
value: POST
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.livenessProbe }}
|
|
||||||
livenessProbe:
|
|
||||||
{{ toYaml .Values.livenessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.readinessProbe }}
|
|
||||||
readinessProbe:
|
|
||||||
{{ toYaml .Values.readinessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
|
||||||
{{- if .Values.sidecar.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: sc-datasources-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/datasources"
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.sidecar.plugins.enabled }}
|
|
||||||
- name: {{ template "grafana.name" . }}-sc-plugins
|
|
||||||
{{- if .Values.sidecar.image.sha }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
|
||||||
env:
|
|
||||||
- name: METHOD
|
|
||||||
value: {{ .Values.sidecar.plugins.watchMethod }}
|
|
||||||
- name: LABEL
|
|
||||||
value: "{{ .Values.sidecar.plugins.label }}"
|
|
||||||
{{- if .Values.sidecar.plugins.labelValue }}
|
|
||||||
- name: LABEL_VALUE
|
|
||||||
value: {{ quote .Values.sidecar.plugins.labelValue }}
|
|
||||||
{{- end }}
|
|
||||||
- name: FOLDER
|
|
||||||
value: "/etc/grafana/provisioning/plugins"
|
|
||||||
- name: RESOURCE
|
|
||||||
value: {{ quote .Values.sidecar.plugins.resource }}
|
|
||||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
|
||||||
- name: UNIQUE_FILENAMES
|
|
||||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.plugins.searchNamespace }}
|
|
||||||
- name: NAMESPACE
|
|
||||||
value: "{{ .Values.sidecar.plugins.searchNamespace | join "," }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.skipTlsVerify }}
|
|
||||||
- name: SKIP_TLS_VERIFY
|
|
||||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
- name: REQ_USERNAME
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
|
||||||
key: {{ .Values.admin.userKey | default "admin-user" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
- name: REQ_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
|
||||||
key: {{ .Values.admin.passwordKey | default "admin-password" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if not .Values.sidecar.plugins.skipReload }}
|
|
||||||
- name: REQ_URL
|
|
||||||
value: {{ .Values.sidecar.plugins.reloadURL }}
|
|
||||||
- name: REQ_METHOD
|
|
||||||
value: POST
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.livenessProbe }}
|
|
||||||
livenessProbe:
|
|
||||||
{{ toYaml .Values.livenessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.readinessProbe }}
|
|
||||||
readinessProbe:
|
|
||||||
{{ toYaml .Values.readinessProbe | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
|
||||||
{{- if .Values.sidecar.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: sc-plugins-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/plugins"
|
|
||||||
{{- end}}
|
|
||||||
- name: {{ .Chart.Name }}
|
|
||||||
{{- if .Values.image.sha }}
|
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
||||||
{{- if .Values.command }}
|
|
||||||
command:
|
|
||||||
{{- range .Values.command }}
|
|
||||||
- {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.containerSecurityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.containerSecurityContext | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: config
|
|
||||||
mountPath: "/etc/grafana/grafana.ini"
|
|
||||||
subPath: grafana.ini
|
|
||||||
{{- if .Values.ldap.enabled }}
|
|
||||||
- name: ldap
|
|
||||||
mountPath: "/etc/grafana/ldap.toml"
|
|
||||||
subPath: ldap.toml
|
|
||||||
{{- end }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- range .Values.extraConfigmapMounts }}
|
|
||||||
- name: {{ tpl .name $root }}
|
|
||||||
mountPath: {{ tpl .mountPath $root }}
|
|
||||||
subPath: {{ (tpl .subPath $root) | default "" }}
|
|
||||||
readOnly: {{ .readOnly }}
|
|
||||||
{{- end }}
|
|
||||||
- name: storage
|
|
||||||
mountPath: "/var/lib/grafana"
|
|
||||||
{{- if .Values.persistence.subPath }}
|
|
||||||
subPath: {{ tpl .Values.persistence.subPath . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.dashboards }}
|
|
||||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
|
||||||
{{- range $key, $value := $dashboards }}
|
|
||||||
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
|
|
||||||
- name: dashboards-{{ $provider }}
|
|
||||||
mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
|
|
||||||
subPath: "{{ $key }}.json"
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.dashboardsConfigMaps }}
|
|
||||||
{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }}
|
|
||||||
- name: dashboards-{{ . }}
|
|
||||||
mountPath: "/var/lib/grafana/dashboards/{{ . }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.datasources }}
|
|
||||||
{{- range (keys .Values.datasources | sortAlpha) }}
|
|
||||||
- name: config
|
|
||||||
mountPath: "/etc/grafana/provisioning/datasources/{{ . }}"
|
|
||||||
subPath: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.notifiers }}
|
|
||||||
{{- range (keys .Values.notifiers | sortAlpha) }}
|
|
||||||
- name: config
|
|
||||||
mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}"
|
|
||||||
subPath: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.dashboardProviders }}
|
|
||||||
{{- range (keys .Values.dashboardProviders | sortAlpha) }}
|
|
||||||
- name: config
|
|
||||||
mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}"
|
|
||||||
subPath: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.dashboards.enabled }}
|
|
||||||
- name: sc-dashboard-volume
|
|
||||||
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
|
|
||||||
{{ if .Values.sidecar.dashboards.SCProvider }}
|
|
||||||
- name: sc-dashboard-provider
|
|
||||||
mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
|
|
||||||
subPath: provider.yaml
|
|
||||||
{{- end}}
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.sidecar.datasources.enabled }}
|
|
||||||
- name: sc-datasources-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/datasources"
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.sidecar.plugins.enabled }}
|
|
||||||
- name: sc-plugins-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/plugins"
|
|
||||||
{{- end}}
|
|
||||||
{{- if .Values.sidecar.notifiers.enabled }}
|
|
||||||
- name: sc-notifiers-volume
|
|
||||||
mountPath: "/etc/grafana/provisioning/notifiers"
|
|
||||||
{{- end}}
|
|
||||||
{{- range .Values.extraSecretMounts }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
mountPath: {{ .mountPath }}
|
|
||||||
readOnly: {{ .readOnly }}
|
|
||||||
subPath: {{ .subPath | default "" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.extraVolumeMounts }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
mountPath: {{ .mountPath }}
|
|
||||||
subPath: {{ .subPath | default "" }}
|
|
||||||
readOnly: {{ .readOnly }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.extraEmptyDirMounts }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
mountPath: {{ .mountPath }}
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
- name: {{ .Values.service.portName }}
|
|
||||||
containerPort: {{ .Values.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
- name: {{ .Values.podPortName }}
|
|
||||||
containerPort: 3000
|
|
||||||
protocol: TCP
|
|
||||||
env:
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
- name: GF_SECURITY_ADMIN_USER
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
|
||||||
key: {{ .Values.admin.userKey | default "admin-user" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
- name: GF_SECURITY_ADMIN_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
|
||||||
key: {{ .Values.admin.passwordKey | default "admin-password" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.plugins }}
|
|
||||||
- name: GF_INSTALL_PLUGINS
|
|
||||||
valueFrom:
|
|
||||||
configMapKeyRef:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
key: plugins
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.smtp.existingSecret }}
|
|
||||||
- name: GF_SMTP_USER
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ .Values.smtp.existingSecret }}
|
|
||||||
key: {{ .Values.smtp.userKey | default "user" }}
|
|
||||||
- name: GF_SMTP_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: {{ .Values.smtp.existingSecret }}
|
|
||||||
key: {{ .Values.smtp.passwordKey | default "password" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.imageRenderer.enabled }}
|
|
||||||
- name: GF_RENDERING_SERVER_URL
|
|
||||||
value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render
|
|
||||||
- name: GF_RENDERING_CALLBACK_URL
|
|
||||||
value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
|
|
||||||
{{- end }}
|
|
||||||
- name: GF_PATHS_DATA
|
|
||||||
value: {{ (get .Values "grafana.ini").paths.data }}
|
|
||||||
- name: GF_PATHS_LOGS
|
|
||||||
value: {{ (get .Values "grafana.ini").paths.logs }}
|
|
||||||
- name: GF_PATHS_PLUGINS
|
|
||||||
value: {{ (get .Values "grafana.ini").paths.plugins }}
|
|
||||||
- name: GF_PATHS_PROVISIONING
|
|
||||||
value: {{ (get .Values "grafana.ini").paths.provisioning }}
|
|
||||||
{{- range $key, $value := .Values.envValueFrom }}
|
|
||||||
- name: {{ $key | quote }}
|
|
||||||
valueFrom:
|
|
||||||
{{ tpl (toYaml $value) $ | indent 10 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range $key, $value := .Values.env }}
|
|
||||||
- name: "{{ tpl $key $ }}"
|
|
||||||
value: "{{ tpl (print $value) $ }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }}
|
|
||||||
envFrom:
|
|
||||||
{{- if .Values.envFromSecret }}
|
|
||||||
- secretRef:
|
|
||||||
name: {{ tpl .Values.envFromSecret . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.envRenderSecret }}
|
|
||||||
- secretRef:
|
|
||||||
name: {{ template "grafana.fullname" . }}-env
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.envFromSecrets }}
|
|
||||||
- secretRef:
|
|
||||||
name: {{ tpl .name $ }}
|
|
||||||
optional: {{ .optional | default false }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.envFromConfigMaps }}
|
|
||||||
- configMapRef:
|
|
||||||
name: {{ tpl .name $ }}
|
|
||||||
optional: {{ .optional | default false }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
livenessProbe:
|
|
||||||
{{ toYaml .Values.livenessProbe | indent 6 }}
|
|
||||||
readinessProbe:
|
|
||||||
{{ toYaml .Values.readinessProbe | indent 6 }}
|
|
||||||
{{- if .Values.lifecycleHooks }}
|
|
||||||
lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.resources | indent 6 }}
|
|
||||||
{{- with .Values.extraContainers }}
|
|
||||||
{{ tpl . $ | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{ toYaml . | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{ tpl (toYaml .) $root | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml . | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
configMap:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- range .Values.extraConfigmapMounts }}
|
|
||||||
- name: {{ tpl .name $root }}
|
|
||||||
configMap:
|
|
||||||
name: {{ tpl .configMap $root }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.dashboards }}
|
|
||||||
{{- range (keys .Values.dashboards | sortAlpha) }}
|
|
||||||
- name: dashboards-{{ . }}
|
|
||||||
configMap:
|
|
||||||
name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.dashboardsConfigMaps }}
|
|
||||||
{{ $root := . }}
|
|
||||||
{{- range $provider, $name := .Values.dashboardsConfigMaps }}
|
|
||||||
- name: dashboards-{{ $provider }}
|
|
||||||
configMap:
|
|
||||||
name: {{ tpl $name $root }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.ldap.enabled }}
|
|
||||||
- name: ldap
|
|
||||||
secret:
|
|
||||||
{{- if .Values.ldap.existingSecret }}
|
|
||||||
secretName: {{ .Values.ldap.existingSecret }}
|
|
||||||
{{- else }}
|
|
||||||
secretName: {{ template "grafana.fullname" . }}
|
|
||||||
{{- end }}
|
|
||||||
items:
|
|
||||||
- key: ldap-toml
|
|
||||||
path: ldap.toml
|
|
||||||
{{- end }}
|
|
||||||
{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }}
|
|
||||||
- name: storage
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ tpl (default .Values.persistence.existingClaim (include "grafana.fullname" .)) . }}
|
|
||||||
{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }}
|
|
||||||
# nothing
|
|
||||||
{{- else }}
|
|
||||||
- name: storage
|
|
||||||
{{- if .Values.persistence.inMemory.enabled }}
|
|
||||||
emptyDir:
|
|
||||||
medium: Memory
|
|
||||||
{{- if .Values.persistence.inMemory.sizeLimit }}
|
|
||||||
sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.sidecar.dashboards.enabled }}
|
|
||||||
- name: sc-dashboard-volume
|
|
||||||
{{- if .Values.sidecar.dashboards.sizeLimit }}
|
|
||||||
emptyDir:
|
|
||||||
sizeLimit: {{ .Values.sidecar.dashboards.sizeLimit }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.sidecar.dashboards.SCProvider }}
|
|
||||||
- name: sc-dashboard-provider
|
|
||||||
configMap:
|
|
||||||
name: {{ template "grafana.fullname" . }}-config-dashboards
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.sidecar.datasources.enabled }}
|
|
||||||
- name: sc-datasources-volume
|
|
||||||
{{- if .Values.sidecar.datasources.sizeLimit }}
|
|
||||||
emptyDir:
|
|
||||||
sizeLimit: {{ .Values.sidecar.datasources.sizeLimit }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.sidecar.plugins.enabled }}
|
|
||||||
- name: sc-plugins-volume
|
|
||||||
{{- if .Values.sidecar.plugins.sizeLimit }}
|
|
||||||
emptyDir:
|
|
||||||
sizeLimit: {{ .Values.sidecar.plugins.sizeLimit }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.sidecar.notifiers.enabled }}
|
|
||||||
- name: sc-notifiers-volume
|
|
||||||
{{- if .Values.sidecar.notifiers.sizeLimit }}
|
|
||||||
emptyDir:
|
|
||||||
sizeLimit: {{ .Values.sidecar.notifiers.sizeLimit }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- range .Values.extraSecretMounts }}
|
|
||||||
{{- if .secretName }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
secret:
|
|
||||||
secretName: {{ .secretName }}
|
|
||||||
defaultMode: {{ .defaultMode }}
|
|
||||||
{{- else if .projected }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
projected: {{- toYaml .projected | nindent 6 }}
|
|
||||||
{{- else if .csi }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
csi: {{- toYaml .csi | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.extraVolumeMounts }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
{{- if .existingClaim }}
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ .existingClaim }}
|
|
||||||
{{- else if .hostPath }}
|
|
||||||
hostPath:
|
|
||||||
path: {{ .hostPath }}
|
|
||||||
{{- else }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.extraEmptyDirMounts }}
|
|
||||||
- name: {{ .name }}
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.extraContainerVolumes }}
|
|
||||||
{{ toYaml .Values.extraContainerVolumes | indent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -1,25 +0,0 @@
|
||||||
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
|
|
||||||
kind: ClusterRole
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
name: {{ template "grafana.fullname" . }}-clusterrole
|
|
||||||
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }}
|
|
||||||
rules:
|
|
||||||
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }}
|
|
||||||
- apiGroups: [""] # "" indicates the core API group
|
|
||||||
resources: ["configmaps", "secrets"]
|
|
||||||
verbs: ["get", "watch", "list"]
|
|
||||||
{{- end}}
|
|
||||||
{{- with .Values.rbac.extraClusterRoleRules }}
|
|
||||||
{{ toYaml . | indent 0 }}
|
|
||||||
{{- end}}
|
|
||||||
{{- else }}
|
|
||||||
rules: []
|
|
||||||
{{- end}}
|
|
||||||
{{- end}}
|
|
|
@ -1,24 +0,0 @@
|
||||||
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-clusterrolebinding
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: {{ template "grafana.serviceAccountName" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
{{- if (not .Values.rbac.useExistingRole) }}
|
|
||||||
name: {{ template "grafana.fullname" . }}-clusterrole
|
|
||||||
{{- else }}
|
|
||||||
name: {{ .Values.rbac.useExistingRole }}
|
|
||||||
{{- end }}
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
{{- end -}}
|
|
|
@ -1,29 +0,0 @@
|
||||||
{{- if .Values.sidecar.dashboards.enabled }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
name: {{ template "grafana.fullname" . }}-config-dashboards
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
data:
|
|
||||||
provider.yaml: |-
|
|
||||||
apiVersion: 1
|
|
||||||
providers:
|
|
||||||
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
|
|
||||||
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
|
|
||||||
{{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
|
|
||||||
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
|
|
||||||
{{- end}}
|
|
||||||
type: {{ .Values.sidecar.dashboards.provider.type }}
|
|
||||||
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
|
|
||||||
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
|
|
||||||
updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
|
|
||||||
options:
|
|
||||||
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
|
|
||||||
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
|
|
||||||
{{- end}}
|
|
|
@ -1,88 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
data:
|
|
||||||
{{- if .Values.plugins }}
|
|
||||||
plugins: {{ join "," .Values.plugins }}
|
|
||||||
{{- end }}
|
|
||||||
grafana.ini: |
|
|
||||||
{{- range $key, $value := index .Values "grafana.ini" }}
|
|
||||||
[{{ $key }}]
|
|
||||||
{{- range $elem, $elemVal := $value }}
|
|
||||||
{{- if kindIs "invalid" $elemVal }}
|
|
||||||
{{ $elem }} =
|
|
||||||
{{- else if kindIs "string" $elemVal }}
|
|
||||||
{{ $elem }} = {{ tpl $elemVal $ }}
|
|
||||||
{{- else }}
|
|
||||||
{{ $elem }} = {{ $elemVal }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.datasources }}
|
|
||||||
{{ $root := . }}
|
|
||||||
{{- range $key, $value := .Values.datasources }}
|
|
||||||
{{ $key }}: |
|
|
||||||
{{ tpl (toYaml $value | indent 4) $root }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if .Values.notifiers }}
|
|
||||||
{{- range $key, $value := .Values.notifiers }}
|
|
||||||
{{ $key }}: |
|
|
||||||
{{ toYaml $value | indent 4 }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if .Values.dashboardProviders }}
|
|
||||||
{{- range $key, $value := .Values.dashboardProviders }}
|
|
||||||
{{ $key }}: |
|
|
||||||
{{ toYaml $value | indent 4 }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if .Values.dashboards }}
|
|
||||||
download_dashboards.sh: |
|
|
||||||
#!/usr/bin/env sh
|
|
||||||
set -euf
|
|
||||||
{{- if .Values.dashboardProviders }}
|
|
||||||
{{- range $key, $value := .Values.dashboardProviders }}
|
|
||||||
{{- range $value.providers }}
|
|
||||||
mkdir -p {{ .options.path }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{ $dashboardProviders := .Values.dashboardProviders }}
|
|
||||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
|
||||||
{{- range $key, $value := $dashboards }}
|
|
||||||
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
|
|
||||||
curl -skf \
|
|
||||||
--connect-timeout 60 \
|
|
||||||
--max-time 60 \
|
|
||||||
{{- if not $value.b64content }}
|
|
||||||
-H "Accept: application/json" \
|
|
||||||
{{- if $value.token }}
|
|
||||||
-H "Authorization: token {{ $value.token }}" \
|
|
||||||
{{- end }}
|
|
||||||
-H "Content-Type: application/json;charset=UTF-8" \
|
|
||||||
{{ end }}
|
|
||||||
{{- $dpPath := "" -}}
|
|
||||||
{{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers -}}
|
|
||||||
{{- if eq $kd.name $provider -}}
|
|
||||||
{{- $dpPath = $kd.options.path -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \
|
|
||||||
> "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{{- if .Values.dashboards }}
|
|
||||||
{{ $files := .Files }}
|
|
||||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }}
|
|
||||||
namespace: {{ template "grafana.namespace" $ }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" $ | nindent 4 }}
|
|
||||||
dashboard-provider: {{ $provider }}
|
|
||||||
{{- if $dashboards }}
|
|
||||||
data:
|
|
||||||
{{- $dashboardFound := false }}
|
|
||||||
{{- range $key, $value := $dashboards }}
|
|
||||||
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
|
|
||||||
{{- $dashboardFound = true }}
|
|
||||||
{{ print $key | indent 2 }}.json:
|
|
||||||
{{- if hasKey $value "json" }}
|
|
||||||
|-
|
|
||||||
{{ $value.json | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if hasKey $value "file" }}
|
|
||||||
{{ toYaml ( $files.Get $value.file ) | indent 4}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if not $dashboardFound }}
|
|
||||||
{}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
---
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- end }}
|
|
|
@ -1,50 +0,0 @@
|
||||||
{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }}
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.labels }}
|
|
||||||
{{ toYaml .Values.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }}
|
|
||||||
replicas: {{ .Values.replicas }}
|
|
||||||
{{- end }}
|
|
||||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- with .Values.deploymentStrategy }}
|
|
||||||
strategy:
|
|
||||||
{{ toYaml . | trim | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
|
||||||
{{- with .Values.podLabels }}
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
annotations:
|
|
||||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
||||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
|
||||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
|
||||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.envRenderSecret }}
|
|
||||||
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.podAnnotations }}
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- include "grafana.pod" . | nindent 6 }}
|
|
||||||
{{- end }}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{{ range .Values.extraObjects }}
|
|
||||||
---
|
|
||||||
{{ tpl (toYaml .) $ }}
|
|
||||||
{{ end }}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset"))}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-headless
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
clusterIP: None
|
|
||||||
selector:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 3000
|
|
||||||
targetPort: 3000
|
|
||||||
{{- end }}
|
|
|
@ -1,20 +0,0 @@
|
||||||
{{- if .Values.autoscaling.enabled }}
|
|
||||||
apiVersion: autoscaling/v2beta1
|
|
||||||
kind: HorizontalPodAutoscaler
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ template "grafana.name" . }}
|
|
||||||
helm.sh/chart: {{ template "grafana.chart" . }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
spec:
|
|
||||||
scaleTargetRef:
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
|
||||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
|
||||||
metrics:
|
|
||||||
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
|
|
||||||
{{- end }}
|
|
|
@ -1,121 +0,0 @@
|
||||||
{{ if .Values.imageRenderer.enabled }}
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-image-renderer
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.imageRenderer.labels }}
|
|
||||||
{{ toYaml .Values.imageRenderer.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.imageRenderer.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
replicas: {{ .Values.imageRenderer.replicas }}
|
|
||||||
revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- with .Values.imageRenderer.deploymentStrategy }}
|
|
||||||
strategy:
|
|
||||||
{{ toYaml . | trim | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }}
|
|
||||||
{{- with .Values.imageRenderer.podLabels }}
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
annotations:
|
|
||||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
||||||
{{- with .Values.imageRenderer.podAnnotations }}
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
|
|
||||||
{{- if .Values.imageRenderer.schedulerName }}
|
|
||||||
schedulerName: "{{ .Values.imageRenderer.schedulerName }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.imageRenderer.serviceAccountName }}
|
|
||||||
serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.imageRenderer.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.imageRenderer.securityContext | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.imageRenderer.hostAliases }}
|
|
||||||
hostAliases:
|
|
||||||
{{- toYaml .Values.imageRenderer.hostAliases | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.imageRenderer.priorityClassName }}
|
|
||||||
priorityClassName: {{ .Values.imageRenderer.priorityClassName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.imageRenderer.image.pullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- range .Values.imageRenderer.image.pullSecrets }}
|
|
||||||
- name: {{ tpl . $root }}
|
|
||||||
{{- end}}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
- name: {{ .Chart.Name }}-image-renderer
|
|
||||||
{{- if .Values.imageRenderer.image.sha }}
|
|
||||||
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
|
|
||||||
{{- else }}
|
|
||||||
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
|
|
||||||
{{- if .Values.imageRenderer.command }}
|
|
||||||
command:
|
|
||||||
{{- range .Values.imageRenderer.command }}
|
|
||||||
- {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end}}
|
|
||||||
ports:
|
|
||||||
- name: {{ .Values.imageRenderer.service.portName }}
|
|
||||||
containerPort: {{ .Values.imageRenderer.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: {{ .Values.imageRenderer.service.portName }}
|
|
||||||
env:
|
|
||||||
- name: HTTP_PORT
|
|
||||||
value: {{ .Values.imageRenderer.service.port | quote }}
|
|
||||||
{{- range $key, $value := .Values.imageRenderer.env }}
|
|
||||||
- name: {{ $key | quote }}
|
|
||||||
value: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
securityContext:
|
|
||||||
capabilities:
|
|
||||||
drop: ['all']
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /tmp
|
|
||||||
name: image-renderer-tmpfs
|
|
||||||
{{- with .Values.imageRenderer.resources }}
|
|
||||||
resources:
|
|
||||||
{{ toYaml . | indent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.imageRenderer.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- with .Values.imageRenderer.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{ tpl (toYaml .) $root | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.imageRenderer.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
- name: image-renderer-tmpfs
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end }}
|
|
|
@ -1,76 +0,0 @@
|
||||||
{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }}
|
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-image-renderer-ingress
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
annotations:
|
|
||||||
comment: Limit image-renderer ingress traffic from grafana
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- if .Values.imageRenderer.podLabels }}
|
|
||||||
{{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
policyTypes:
|
|
||||||
- Ingress
|
|
||||||
ingress:
|
|
||||||
- ports:
|
|
||||||
- port: {{ .Values.imageRenderer.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
from:
|
|
||||||
- namespaceSelector:
|
|
||||||
matchLabels:
|
|
||||||
name: {{ template "grafana.namespace" . }}
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 14 }}
|
|
||||||
{{- if .Values.podLabels }}
|
|
||||||
{{ toYaml .Values.podLabels | nindent 14 }}
|
|
||||||
{{- end }}
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }}
|
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-image-renderer-egress
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
annotations:
|
|
||||||
comment: Limit image-renderer egress traffic to grafana
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- if .Values.imageRenderer.podLabels }}
|
|
||||||
{{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
policyTypes:
|
|
||||||
- Egress
|
|
||||||
egress:
|
|
||||||
# allow dns resolution
|
|
||||||
- ports:
|
|
||||||
- port: 53
|
|
||||||
protocol: UDP
|
|
||||||
- port: 53
|
|
||||||
protocol: TCP
|
|
||||||
# talk only to grafana
|
|
||||||
- ports:
|
|
||||||
- port: {{ .Values.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
to:
|
|
||||||
- namespaceSelector:
|
|
||||||
matchLabels:
|
|
||||||
name: {{ template "grafana.namespace" . }}
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 14 }}
|
|
||||||
{{- if .Values.podLabels }}
|
|
||||||
{{ toYaml .Values.podLabels | nindent 14 }}
|
|
||||||
{{- end }}
|
|
||||||
{{ end }}
|
|
|
@ -1,30 +0,0 @@
|
||||||
{{ if .Values.imageRenderer.enabled }}
|
|
||||||
{{ if .Values.imageRenderer.service.enabled }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-image-renderer
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.imageRenderer.service.labels }}
|
|
||||||
{{ toYaml .Values.imageRenderer.service.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.imageRenderer.service.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
type: ClusterIP
|
|
||||||
{{- if .Values.imageRenderer.service.clusterIP }}
|
|
||||||
clusterIP: {{ .Values.imageRenderer.service.clusterIP }}
|
|
||||||
{{end}}
|
|
||||||
ports:
|
|
||||||
- name: {{ .Values.imageRenderer.service.portName }}
|
|
||||||
port: {{ .Values.imageRenderer.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: {{ .Values.imageRenderer.service.targetPort }}
|
|
||||||
selector:
|
|
||||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
|
|
||||||
{{ end }}
|
|
||||||
{{ end }}
|
|
|
@ -1,78 +0,0 @@
|
||||||
{{- if .Values.ingress.enabled -}}
|
|
||||||
{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}}
|
|
||||||
{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}}
|
|
||||||
{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}}
|
|
||||||
{{- $fullName := include "grafana.fullname" . -}}
|
|
||||||
{{- $servicePort := .Values.service.port -}}
|
|
||||||
{{- $ingressPath := .Values.ingress.path -}}
|
|
||||||
{{- $ingressPathType := .Values.ingress.pathType -}}
|
|
||||||
{{- $extraPaths := .Values.ingress.extraPaths -}}
|
|
||||||
apiVersion: {{ include "grafana.ingress.apiVersion" . }}
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.ingress.labels }}
|
|
||||||
{{ toYaml .Values.ingress.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.ingress.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.ingress.annotations }}
|
|
||||||
{{ $key }}: {{ tpl $value $ | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
|
|
||||||
ingressClassName: {{ .Values.ingress.ingressClassName }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if .Values.ingress.tls }}
|
|
||||||
tls:
|
|
||||||
{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
rules:
|
|
||||||
{{- if .Values.ingress.hosts }}
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
- host: {{ tpl . $}}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
{{- if $extraPaths }}
|
|
||||||
{{ toYaml $extraPaths | indent 10 }}
|
|
||||||
{{- end }}
|
|
||||||
- path: {{ $ingressPath }}
|
|
||||||
{{- if $ingressSupportsPathType }}
|
|
||||||
pathType: {{ $ingressPathType }}
|
|
||||||
{{- end }}
|
|
||||||
backend:
|
|
||||||
{{- if $ingressApiIsStable }}
|
|
||||||
service:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
port:
|
|
||||||
number: {{ $servicePort }}
|
|
||||||
{{- else }}
|
|
||||||
serviceName: {{ $fullName }}
|
|
||||||
servicePort: {{ $servicePort }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
- http:
|
|
||||||
paths:
|
|
||||||
- backend:
|
|
||||||
{{- if $ingressApiIsStable }}
|
|
||||||
service:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
port:
|
|
||||||
number: {{ $servicePort }}
|
|
||||||
{{- else }}
|
|
||||||
serviceName: {{ $fullName }}
|
|
||||||
servicePort: {{ $servicePort }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if $ingressPath }}
|
|
||||||
path: {{ $ingressPath }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if $ingressSupportsPathType }}
|
|
||||||
pathType: {{ $ingressPathType }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end }}
|
|
|
@ -1,37 +0,0 @@
|
||||||
{{- if .Values.networkPolicy.enabled }}
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.labels }}
|
|
||||||
{{ toYaml .Values.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
|
||||||
ingress:
|
|
||||||
- ports:
|
|
||||||
- port: {{ .Values.service.targetPort }}
|
|
||||||
{{- if not .Values.networkPolicy.allowExternal }}
|
|
||||||
from:
|
|
||||||
- podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{ template "grafana.fullname" . }}-client: "true"
|
|
||||||
{{- if .Values.networkPolicy.explicitNamespacesSelector }}
|
|
||||||
namespaceSelector:
|
|
||||||
{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
- podSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.labels" . | nindent 14 }}
|
|
||||||
role: read
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{{- if .Values.podDisruptionBudget }}
|
|
||||||
apiVersion: policy/v1beta1
|
|
||||||
kind: PodDisruptionBudget
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.labels }}
|
|
||||||
{{ toYaml .Values.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
|
||||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
|
||||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- end }}
|
|
|
@ -1,33 +0,0 @@
|
||||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.persistence.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.persistence.finalizers }}
|
|
||||||
finalizers:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
{{- range .Values.persistence.accessModes }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.persistence.size | quote }}
|
|
||||||
{{- if .Values.persistence.storageClassName }}
|
|
||||||
storageClassName: {{ .Values.persistence.storageClassName }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- with .Values.persistence.selectorLabels }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{ toYaml . | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
|
|
||||||
apiVersion: {{ template "grafana.rbac.apiVersion" . }}
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }}
|
|
||||||
rules:
|
|
||||||
{{- if .Values.rbac.pspEnabled }}
|
|
||||||
- apiGroups: ['extensions']
|
|
||||||
resources: ['podsecuritypolicies']
|
|
||||||
verbs: ['use']
|
|
||||||
resourceNames: [{{ template "grafana.fullname" . }}]
|
|
||||||
{{- end }}
|
|
||||||
{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }}
|
|
||||||
- apiGroups: [""] # "" indicates the core API group
|
|
||||||
resources: ["configmaps", "secrets"]
|
|
||||||
verbs: ["get", "watch", "list"]
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.rbac.extraRoleRules }}
|
|
||||||
{{ toYaml . | indent 0 }}
|
|
||||||
{{- end}}
|
|
||||||
{{- else }}
|
|
||||||
rules: []
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -1,25 +0,0 @@
|
||||||
{{- if .Values.rbac.create -}}
|
|
||||||
apiVersion: {{ template "grafana.rbac.apiVersion" . }}
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Role
|
|
||||||
{{- if (not .Values.rbac.useExistingRole) }}
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
{{- else }}
|
|
||||||
name: {{ .Values.rbac.useExistingRole }}
|
|
||||||
{{- end }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: {{ template "grafana.serviceAccountName" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
{{- end -}}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{{- if .Values.envRenderSecret }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-env
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
{{- range $key, $val := .Values.envRenderSecret }}
|
|
||||||
{{ $key }}: {{ $val | b64enc | quote }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end }}
|
|
|
@ -1,26 +0,0 @@
|
||||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
|
|
||||||
admin-user: {{ .Values.adminUser | b64enc | quote }}
|
|
||||||
{{- if .Values.adminPassword }}
|
|
||||||
admin-password: {{ .Values.adminPassword | b64enc | quote }}
|
|
||||||
{{- else }}
|
|
||||||
admin-password: {{ template "grafana.password" . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if not .Values.ldap.existingSecret }}
|
|
||||||
ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -1,51 +0,0 @@
|
||||||
{{ if .Values.service.enabled }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.service.labels }}
|
|
||||||
{{ toYaml .Values.service.labels | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.service.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
|
|
||||||
type: ClusterIP
|
|
||||||
{{- if .Values.service.clusterIP }}
|
|
||||||
clusterIP: {{ .Values.service.clusterIP }}
|
|
||||||
{{end}}
|
|
||||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
|
||||||
type: {{ .Values.service.type }}
|
|
||||||
{{- if .Values.service.loadBalancerIP }}
|
|
||||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.service.loadBalancerSourceRanges }}
|
|
||||||
loadBalancerSourceRanges:
|
|
||||||
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
|
|
||||||
{{- end -}}
|
|
||||||
{{- else }}
|
|
||||||
type: {{ .Values.service.type }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.service.externalIPs }}
|
|
||||||
externalIPs:
|
|
||||||
{{ toYaml .Values.service.externalIPs | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
- name: {{ .Values.service.portName }}
|
|
||||||
port: {{ .Values.service.port }}
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: {{ .Values.service.targetPort }}
|
|
||||||
{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
|
||||||
nodePort: {{.Values.service.nodePort}}
|
|
||||||
{{ end }}
|
|
||||||
{{- if .Values.extraExposePorts }}
|
|
||||||
{{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
|
||||||
{{ end }}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{{- if .Values.serviceAccount.create }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- with .Values.serviceAccount.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ tpl (toYaml . | indent 4) $root }}
|
|
||||||
{{- end }}
|
|
||||||
name: {{ template "grafana.serviceAccountName" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
{{- end }}
|
|
|
@ -1,44 +0,0 @@
|
||||||
{{- if .Values.serviceMonitor.enabled }}
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
{{- if .Values.serviceMonitor.namespace }}
|
|
||||||
namespace: {{ .Values.serviceMonitor.namespace }}
|
|
||||||
{{- else }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.serviceMonitor.labels }}
|
|
||||||
{{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
endpoints:
|
|
||||||
- port: {{ .Values.service.portName }}
|
|
||||||
{{- with .Values.serviceMonitor.interval }}
|
|
||||||
interval: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.serviceMonitor.scrapeTimeout }}
|
|
||||||
scrapeTimeout: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
honorLabels: true
|
|
||||||
path: {{ .Values.serviceMonitor.path }}
|
|
||||||
scheme: {{ .Values.serviceMonitor.scheme }}
|
|
||||||
{{- if .Values.serviceMonitor.tlsConfig }}
|
|
||||||
tlsConfig:
|
|
||||||
{{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.serviceMonitor.relabelings }}
|
|
||||||
relabelings:
|
|
||||||
{{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
jobLabel: "{{ .Release.Name }}"
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
|
||||||
namespaceSelector:
|
|
||||||
matchNames:
|
|
||||||
- {{ .Release.Namespace }}
|
|
||||||
{{- end }}
|
|
|
@ -1,52 +0,0 @@
|
||||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}}
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: StatefulSet
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
{{- with .Values.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
replicas: {{ .Values.replicas }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
|
||||||
serviceName: {{ template "grafana.fullname" . }}-headless
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
|
||||||
{{- with .Values.podLabels }}
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
annotations:
|
|
||||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
||||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
|
||||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
|
||||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
|
||||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.podAnnotations }}
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- include "grafana.pod" . | nindent 6 }}
|
|
||||||
volumeClaimTemplates:
|
|
||||||
- metadata:
|
|
||||||
name: storage
|
|
||||||
spec:
|
|
||||||
accessModes: {{ .Values.persistence.accessModes }}
|
|
||||||
storageClassName: {{ .Values.persistence.storageClassName }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.persistence.size }}
|
|
||||||
{{- with .Values.persistence.selectorLabels }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{ toYaml . | indent 10 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -1,17 +0,0 @@
|
||||||
{{- if .Values.testFramework.enabled }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
data:
|
|
||||||
run.sh: |-
|
|
||||||
@test "Test Health" {
|
|
||||||
url="http://{{ template "grafana.fullname" . }}/api/health"
|
|
||||||
|
|
||||||
code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}')
|
|
||||||
[ "$code" == "200" ]
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
|
@ -1,29 +0,0 @@
|
||||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
|
||||||
apiVersion: policy/v1beta1
|
|
||||||
kind: PodSecurityPolicy
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
privileged: false
|
|
||||||
hostNetwork: false
|
|
||||||
hostIPC: false
|
|
||||||
hostPID: false
|
|
||||||
fsGroup:
|
|
||||||
rule: RunAsAny
|
|
||||||
seLinux:
|
|
||||||
rule: RunAsAny
|
|
||||||
supplementalGroups:
|
|
||||||
rule: RunAsAny
|
|
||||||
runAsUser:
|
|
||||||
rule: RunAsAny
|
|
||||||
volumes:
|
|
||||||
- configMap
|
|
||||||
- downwardAPI
|
|
||||||
- emptyDir
|
|
||||||
- projected
|
|
||||||
- csi
|
|
||||||
- secret
|
|
||||||
{{- end }}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}}
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
rules:
|
|
||||||
- apiGroups: ['policy']
|
|
||||||
resources: ['podsecuritypolicies']
|
|
||||||
verbs: ['use']
|
|
||||||
resourceNames: [{{ template "grafana.fullname" . }}-test]
|
|
||||||
{{- end }}
|
|
|
@ -1,17 +0,0 @@
|
||||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}}
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Role
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: {{ template "grafana.serviceAccountNameTest" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
{{- end }}
|
|
|
@ -1,9 +0,0 @@
|
||||||
{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
name: {{ template "grafana.serviceAccountNameTest" . }}
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
{{- end }}
|
|
|
@ -1,51 +0,0 @@
|
||||||
{{- if .Values.testFramework.enabled }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
labels:
|
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
|
||||||
annotations:
|
|
||||||
"helm.sh/hook": test-success
|
|
||||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
|
||||||
namespace: {{ template "grafana.namespace" . }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }}
|
|
||||||
{{- if .Values.testFramework.securityContext }}
|
|
||||||
securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- if .Values.image.pullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- range .Values.image.pullSecrets }}
|
|
||||||
- name: {{ tpl . $root }}
|
|
||||||
{{- end}}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nodeSelector }}
|
|
||||||
nodeSelector:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- $root := . }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{ tpl (toYaml .) $root | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
- name: {{ .Release.Name }}-test
|
|
||||||
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
|
|
||||||
imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}"
|
|
||||||
command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /tests
|
|
||||||
name: tests
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
|
||||||
- name: tests
|
|
||||||
configMap:
|
|
||||||
name: {{ template "grafana.fullname" . }}-test
|
|
||||||
restartPolicy: Never
|
|
||||||
{{- end }}
|
|
|
@ -1,895 +0,0 @@
|
||||||
rbac:
|
|
||||||
create: true
|
|
||||||
## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
|
|
||||||
# useExistingRole: name-of-some-(cluster)role
|
|
||||||
pspEnabled: true
|
|
||||||
pspUseAppArmor: true
|
|
||||||
namespaced: false
|
|
||||||
extraRoleRules: []
|
|
||||||
# - apiGroups: []
|
|
||||||
# resources: []
|
|
||||||
# verbs: []
|
|
||||||
extraClusterRoleRules: []
|
|
||||||
# - apiGroups: []
|
|
||||||
# resources: []
|
|
||||||
# verbs: []
|
|
||||||
serviceAccount:
|
|
||||||
create: true
|
|
||||||
name:
|
|
||||||
nameTest:
|
|
||||||
## Service account annotations. Can be templated.
|
|
||||||
# annotations:
|
|
||||||
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
|
|
||||||
autoMount: true
|
|
||||||
|
|
||||||
replicas: 1
|
|
||||||
|
|
||||||
## Create a headless service for the deployment
|
|
||||||
headlessService: false
|
|
||||||
|
|
||||||
## Create HorizontalPodAutoscaler object for deployment type
|
|
||||||
#
|
|
||||||
autoscaling:
|
|
||||||
enabled: false
|
|
||||||
# minReplicas: 1
|
|
||||||
# maxReplicas: 10
|
|
||||||
# metrics:
|
|
||||||
# - type: Resource
|
|
||||||
# resource:
|
|
||||||
# name: cpu
|
|
||||||
# targetAverageUtilization: 60
|
|
||||||
# - type: Resource
|
|
||||||
# resource:
|
|
||||||
# name: memory
|
|
||||||
# targetAverageUtilization: 60
|
|
||||||
|
|
||||||
## See `kubectl explain poddisruptionbudget.spec` for more
|
|
||||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
||||||
podDisruptionBudget: {}
|
|
||||||
# minAvailable: 1
|
|
||||||
# maxUnavailable: 1
|
|
||||||
|
|
||||||
## See `kubectl explain deployment.spec.strategy` for more
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
||||||
deploymentStrategy:
|
|
||||||
type: RollingUpdate
|
|
||||||
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /api/health
|
|
||||||
port: 3000
|
|
||||||
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /api/health
|
|
||||||
port: 3000
|
|
||||||
initialDelaySeconds: 60
|
|
||||||
timeoutSeconds: 30
|
|
||||||
failureThreshold: 10
|
|
||||||
|
|
||||||
## Use an alternate scheduler, e.g. "stork".
|
|
||||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
||||||
##
|
|
||||||
# schedulerName: "default-scheduler"
|
|
||||||
|
|
||||||
image:
|
|
||||||
repository: grafana/grafana
|
|
||||||
tag: 8.5.0
|
|
||||||
sha: ""
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
## Optionally specify an array of imagePullSecrets.
|
|
||||||
## Secrets must be manually created in the namespace.
|
|
||||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
||||||
## Can be templated.
|
|
||||||
##
|
|
||||||
# pullSecrets:
|
|
||||||
# - myRegistrKeySecretName
|
|
||||||
|
|
||||||
testFramework:
|
|
||||||
enabled: true
|
|
||||||
image: "bats/bats"
|
|
||||||
tag: "v1.4.1"
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
securityContext: {}
|
|
||||||
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 472
|
|
||||||
runAsGroup: 472
|
|
||||||
fsGroup: 472
|
|
||||||
|
|
||||||
containerSecurityContext:
|
|
||||||
{}
|
|
||||||
|
|
||||||
# Extra configmaps to mount in grafana pods
|
|
||||||
# Values are templated.
|
|
||||||
extraConfigmapMounts: []
|
|
||||||
# - name: certs-configmap
|
|
||||||
# mountPath: /etc/grafana/ssl/
|
|
||||||
# subPath: certificates.crt # (optional)
|
|
||||||
# configMap: certs-configmap
|
|
||||||
# readOnly: true
|
|
||||||
|
|
||||||
|
|
||||||
extraEmptyDirMounts: []
|
|
||||||
# - name: provisioning-notifiers
|
|
||||||
# mountPath: /etc/grafana/provisioning/notifiers
|
|
||||||
|
|
||||||
|
|
||||||
# Apply extra labels to common labels.
|
|
||||||
extraLabels: {}
|
|
||||||
|
|
||||||
## Assign a PriorityClassName to pods if set
|
|
||||||
# priorityClassName:
|
|
||||||
|
|
||||||
downloadDashboardsImage:
|
|
||||||
repository: curlimages/curl
|
|
||||||
tag: 7.73.0
|
|
||||||
sha: ""
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
downloadDashboards:
|
|
||||||
env: {}
|
|
||||||
envFromSecret: ""
|
|
||||||
resources: {}
|
|
||||||
|
|
||||||
## Pod Annotations
|
|
||||||
# podAnnotations: {}
|
|
||||||
|
|
||||||
## Pod Labels
|
|
||||||
# podLabels: {}
|
|
||||||
|
|
||||||
podPortName: grafana
|
|
||||||
|
|
||||||
## Deployment annotations
|
|
||||||
# annotations: {}
|
|
||||||
|
|
||||||
## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
|
|
||||||
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
|
|
||||||
## ref: http://kubernetes.io/docs/user-guide/services/
|
|
||||||
##
|
|
||||||
service:
|
|
||||||
enabled: true
|
|
||||||
type: ClusterIP
|
|
||||||
port: 80
|
|
||||||
targetPort: 3000
|
|
||||||
# targetPort: 4181 To be used with a proxy extraContainer
|
|
||||||
annotations: {}
|
|
||||||
labels: {}
|
|
||||||
portName: service
|
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
## If true, a ServiceMonitor CRD is created for a prometheus operator
|
|
||||||
## https://github.com/coreos/prometheus-operator
|
|
||||||
##
|
|
||||||
enabled: false
|
|
||||||
path: /metrics
|
|
||||||
# namespace: monitoring (defaults to use the namespace this chart is deployed to)
|
|
||||||
labels: {}
|
|
||||||
interval: 1m
|
|
||||||
scheme: http
|
|
||||||
tlsConfig: {}
|
|
||||||
scrapeTimeout: 30s
|
|
||||||
relabelings: []
|
|
||||||
|
|
||||||
extraExposePorts: []
|
|
||||||
# - name: keycloak
|
|
||||||
# port: 8080
|
|
||||||
# targetPort: 8080
|
|
||||||
# type: ClusterIP
|
|
||||||
|
|
||||||
# overrides pod.spec.hostAliases in the grafana deployment's pods
|
|
||||||
hostAliases: []
|
|
||||||
# - ip: "1.2.3.4"
|
|
||||||
# hostnames:
|
|
||||||
# - "my.host.com"
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
|
||||||
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
|
||||||
# ingressClassName: nginx
|
|
||||||
# Values can be templated
|
|
||||||
annotations: {}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
labels: {}
|
|
||||||
path: /
|
|
||||||
|
|
||||||
# pathType is only for k8s >= 1.1=
|
|
||||||
pathType: Prefix
|
|
||||||
|
|
||||||
hosts:
|
|
||||||
- chart-example.local
|
|
||||||
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
|
|
||||||
extraPaths: []
|
|
||||||
# - path: /*
|
|
||||||
# backend:
|
|
||||||
# serviceName: ssl-redirect
|
|
||||||
# servicePort: use-annotation
|
|
||||||
## Or for k8s > 1.19
|
|
||||||
# - path: /*
|
|
||||||
# pathType: Prefix
|
|
||||||
# backend:
|
|
||||||
# service:
|
|
||||||
# name: ssl-redirect
|
|
||||||
# port:
|
|
||||||
# name: use-annotation
|
|
||||||
|
|
||||||
|
|
||||||
tls: []
|
|
||||||
# - secretName: chart-example-tls
|
|
||||||
# hosts:
|
|
||||||
# - chart-example.local
|
|
||||||
|
|
||||||
resources: {}
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
|
|
||||||
## Node labels for pod assignment
|
|
||||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
||||||
#
|
|
||||||
nodeSelector: {}
|
|
||||||
|
|
||||||
## Tolerations for pod assignment
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
||||||
##
|
|
||||||
tolerations: []
|
|
||||||
|
|
||||||
## Affinity for pod assignment (evaluated as template)
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
||||||
##
|
|
||||||
affinity: {}
|
|
||||||
|
|
||||||
## Additional init containers (evaluated as template)
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
||||||
##
|
|
||||||
extraInitContainers: []
|
|
||||||
|
|
||||||
## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
|
|
||||||
extraContainers: ""
|
|
||||||
# extraContainers: |
|
|
||||||
# - name: proxy
|
|
||||||
# image: quay.io/gambol99/keycloak-proxy:latest
|
|
||||||
# args:
|
|
||||||
# - -provider=github
|
|
||||||
# - -client-id=
|
|
||||||
# - -client-secret=
|
|
||||||
# - -github-org=<ORG_NAME>
|
|
||||||
# - -email-domain=*
|
|
||||||
# - -cookie-secret=
|
|
||||||
# - -http-address=http://0.0.0.0:4181
|
|
||||||
# - -upstream-url=http://127.0.0.1:3000
|
|
||||||
# ports:
|
|
||||||
# - name: proxy-web
|
|
||||||
# containerPort: 4181
|
|
||||||
|
|
||||||
## Volumes that can be used in init containers that will not be mounted to deployment pods
|
|
||||||
extraContainerVolumes: []
|
|
||||||
# - name: volume-from-secret
|
|
||||||
# secret:
|
|
||||||
# secretName: secret-to-mount
|
|
||||||
# - name: empty-dir-volume
|
|
||||||
# emptyDir: {}
|
|
||||||
|
|
||||||
## Enable persistence using Persistent Volume Claims
|
|
||||||
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
||||||
##
|
|
||||||
persistence:
|
|
||||||
type: pvc
|
|
||||||
enabled: false
|
|
||||||
# storageClassName: default
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
# annotations: {}
|
|
||||||
finalizers:
|
|
||||||
- kubernetes.io/pvc-protection
|
|
||||||
# selectorLabels: {}
|
|
||||||
## Sub-directory of the PV to mount. Can be templated.
|
|
||||||
# subPath: ""
|
|
||||||
## Name of an existing PVC. Can be templated.
|
|
||||||
# existingClaim:
|
|
||||||
|
|
||||||
## If persistence is not enabled, this allows to mount the
|
|
||||||
## local storage in-memory to improve performance
|
|
||||||
##
|
|
||||||
inMemory:
|
|
||||||
enabled: false
|
|
||||||
## The maximum usage on memory medium EmptyDir would be
|
|
||||||
## the minimum value between the SizeLimit specified
|
|
||||||
## here and the sum of memory limits of all containers in a pod
|
|
||||||
##
|
|
||||||
# sizeLimit: 300Mi
|
|
||||||
|
|
||||||
initChownData:
|
|
||||||
## If false, data ownership will not be reset at startup
|
|
||||||
## This allows the prometheus-server to be run with an arbitrary user
|
|
||||||
##
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
## initChownData container image
|
|
||||||
##
|
|
||||||
image:
|
|
||||||
repository: busybox
|
|
||||||
tag: "1.31.1"
|
|
||||||
sha: ""
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
## initChownData resource requests and limits
|
|
||||||
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
||||||
##
|
|
||||||
resources: {}
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 128Mi
|
|
||||||
|
|
||||||
|
|
||||||
# Administrator credentials when not using an existing secret (see below)
|
|
||||||
adminUser: admin
|
|
||||||
# adminPassword: strongpassword
|
|
||||||
|
|
||||||
# Use an existing secret for the admin user.
|
|
||||||
admin:
|
|
||||||
## Name of the secret. Can be templated.
|
|
||||||
existingSecret: ""
|
|
||||||
userKey: admin-user
|
|
||||||
passwordKey: admin-password
|
|
||||||
|
|
||||||
## Define command to be executed at startup by grafana container
|
|
||||||
## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)
|
|
||||||
## Default is "run.sh" as defined in grafana's Dockerfile
|
|
||||||
# command:
|
|
||||||
# - "sh"
|
|
||||||
# - "/run.sh"
|
|
||||||
|
|
||||||
## Use an alternate scheduler, e.g. "stork".
|
|
||||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
||||||
##
|
|
||||||
# schedulerName:
|
|
||||||
|
|
||||||
## Extra environment variables that will be pass onto deployment pods
|
|
||||||
##
|
|
||||||
## to provide grafana with access to CloudWatch on AWS EKS:
|
|
||||||
## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later)
|
|
||||||
## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the
|
|
||||||
## same oidc eks provider as noted before (same as the existing line)
|
|
||||||
## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name
|
|
||||||
##
|
|
||||||
## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana",
|
|
||||||
##
|
|
||||||
## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess
|
|
||||||
## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name)
|
|
||||||
##
|
|
||||||
## env:
|
|
||||||
## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
|
|
||||||
## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
|
|
||||||
## AWS_REGION: us-east-1
|
|
||||||
##
|
|
||||||
## 5. uncomment the EKS section in extraSecretMounts: below
|
|
||||||
## 6. uncomment the annotation section in the serviceAccount: above
|
|
||||||
## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn
|
|
||||||
|
|
||||||
env: {}
|
|
||||||
|
|
||||||
## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
|
|
||||||
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
|
|
||||||
## Renders in container spec as:
|
|
||||||
## env:
|
|
||||||
## ...
|
|
||||||
## - name: <key>
|
|
||||||
## valueFrom:
|
|
||||||
## <value rendered as YAML>
|
|
||||||
envValueFrom: {}
|
|
||||||
# ENV_NAME:
|
|
||||||
# configMapKeyRef:
|
|
||||||
# name: configmap-name
|
|
||||||
# key: value_key
|
|
||||||
|
|
||||||
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
|
|
||||||
## This can be useful for auth tokens, etc. Value is templated.
|
|
||||||
envFromSecret: ""
|
|
||||||
|
|
||||||
## Sensible environment variables that will be rendered as new secret object
|
|
||||||
## This can be useful for auth tokens, etc
|
|
||||||
envRenderSecret: {}
|
|
||||||
|
|
||||||
## The names of secrets in the same kubernetes namespace which contain values to be added to the environment
|
|
||||||
## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key.
|
|
||||||
## Name is templated.
|
|
||||||
envFromSecrets: []
|
|
||||||
## - name: secret-name
|
|
||||||
## optional: true
|
|
||||||
|
|
||||||
## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment
|
|
||||||
## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key.
|
|
||||||
## Name is templated.
|
|
||||||
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core
|
|
||||||
envFromConfigMaps: []
|
|
||||||
## - name: configmap-name
|
|
||||||
## optional: true
|
|
||||||
|
|
||||||
# Inject Kubernetes services as environment variables.
|
|
||||||
# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables
|
|
||||||
enableServiceLinks: true
|
|
||||||
|
|
||||||
## Additional grafana server secret mounts
|
|
||||||
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
|
|
||||||
extraSecretMounts: []
|
|
||||||
# - name: secret-files
|
|
||||||
# mountPath: /etc/secrets
|
|
||||||
# secretName: grafana-secret-files
|
|
||||||
# readOnly: true
|
|
||||||
# subPath: ""
|
|
||||||
#
|
|
||||||
# for AWS EKS (cloudwatch) use the following (see also instruction in env: above)
|
|
||||||
# - name: aws-iam-token
|
|
||||||
# mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
|
|
||||||
# readOnly: true
|
|
||||||
# projected:
|
|
||||||
# defaultMode: 420
|
|
||||||
# sources:
|
|
||||||
# - serviceAccountToken:
|
|
||||||
# audience: sts.amazonaws.com
|
|
||||||
# expirationSeconds: 86400
|
|
||||||
# path: token
|
|
||||||
#
|
|
||||||
# for CSI e.g. Azure Key Vault use the following
|
|
||||||
# - name: secrets-store-inline
|
|
||||||
# mountPath: /run/secrets
|
|
||||||
# readOnly: true
|
|
||||||
# csi:
|
|
||||||
# driver: secrets-store.csi.k8s.io
|
|
||||||
# readOnly: true
|
|
||||||
# volumeAttributes:
|
|
||||||
# secretProviderClass: "akv-grafana-spc"
|
|
||||||
# nodePublishSecretRef: # Only required when using service principal mode
|
|
||||||
# name: grafana-akv-creds # Only required when using service principal mode
|
|
||||||
|
|
||||||
## Additional grafana server volume mounts
|
|
||||||
# Defines additional volume mounts.
|
|
||||||
extraVolumeMounts: []
|
|
||||||
# - name: extra-volume-0
|
|
||||||
# mountPath: /mnt/volume0
|
|
||||||
# readOnly: true
|
|
||||||
# existingClaim: volume-claim
|
|
||||||
# - name: extra-volume-1
|
|
||||||
# mountPath: /mnt/volume1
|
|
||||||
# readOnly: true
|
|
||||||
# hostPath: /usr/shared/
|
|
||||||
|
|
||||||
## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request
|
|
||||||
lifecycleHooks: {}
|
|
||||||
# postStart:
|
|
||||||
# exec:
|
|
||||||
# command: []
|
|
||||||
|
|
||||||
## Pass the plugins you want installed as a list.
|
|
||||||
##
|
|
||||||
plugins: []
|
|
||||||
# - digrich-bubblechart-panel
|
|
||||||
# - grafana-clock-panel
|
|
||||||
|
|
||||||
## Configure grafana datasources
|
|
||||||
## ref: http://docs.grafana.org/administration/provisioning/#datasources
|
|
||||||
##
|
|
||||||
datasources: {}
|
|
||||||
# datasources.yaml:
|
|
||||||
# apiVersion: 1
|
|
||||||
# datasources:
|
|
||||||
# - name: Prometheus
|
|
||||||
# type: prometheus
|
|
||||||
# url: http://prometheus-prometheus-server
|
|
||||||
# access: proxy
|
|
||||||
# isDefault: true
|
|
||||||
# - name: CloudWatch
|
|
||||||
# type: cloudwatch
|
|
||||||
# access: proxy
|
|
||||||
# uid: cloudwatch
|
|
||||||
# editable: false
|
|
||||||
# jsonData:
|
|
||||||
# authType: default
|
|
||||||
# defaultRegion: us-east-1
|
|
||||||
|
|
||||||
## Configure notifiers
|
|
||||||
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels
|
|
||||||
##
|
|
||||||
notifiers: {}
|
|
||||||
# notifiers.yaml:
|
|
||||||
# notifiers:
|
|
||||||
# - name: email-notifier
|
|
||||||
# type: email
|
|
||||||
# uid: email1
|
|
||||||
# # either:
|
|
||||||
# org_id: 1
|
|
||||||
# # or
|
|
||||||
# org_name: Main Org.
|
|
||||||
# is_default: true
|
|
||||||
# settings:
|
|
||||||
# addresses: an_email_address@example.com
|
|
||||||
# delete_notifiers:
|
|
||||||
|
|
||||||
## Configure grafana dashboard providers
|
|
||||||
## ref: http://docs.grafana.org/administration/provisioning/#dashboards
|
|
||||||
##
|
|
||||||
## `path` must be /var/lib/grafana/dashboards/<provider_name>
|
|
||||||
##
|
|
||||||
dashboardProviders: {}
|
|
||||||
# dashboardproviders.yaml:
|
|
||||||
# apiVersion: 1
|
|
||||||
# providers:
|
|
||||||
# - name: 'default'
|
|
||||||
# orgId: 1
|
|
||||||
# folder: ''
|
|
||||||
# type: file
|
|
||||||
# disableDeletion: false
|
|
||||||
# editable: true
|
|
||||||
# options:
|
|
||||||
# path: /var/lib/grafana/dashboards/default
|
|
||||||
|
|
||||||
## Configure grafana dashboard to import
|
|
||||||
## NOTE: To use dashboards you must also enable/configure dashboardProviders
|
|
||||||
## ref: https://grafana.com/dashboards
|
|
||||||
##
|
|
||||||
## dashboards per provider, use provider name as key.
|
|
||||||
##
|
|
||||||
dashboards: {}
|
|
||||||
# default:
|
|
||||||
# some-dashboard:
|
|
||||||
# json: |
|
|
||||||
# $RAW_JSON
|
|
||||||
# custom-dashboard:
|
|
||||||
# file: dashboards/custom-dashboard.json
|
|
||||||
# prometheus-stats:
|
|
||||||
# gnetId: 2
|
|
||||||
# revision: 2
|
|
||||||
# datasource: Prometheus
|
|
||||||
# local-dashboard:
|
|
||||||
# url: https://example.com/repository/test.json
|
|
||||||
# token: ''
|
|
||||||
# local-dashboard-base64:
|
|
||||||
# url: https://example.com/repository/test-b64.json
|
|
||||||
# token: ''
|
|
||||||
# b64content: true
|
|
||||||
|
|
||||||
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
|
|
||||||
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
|
|
||||||
## ConfigMap data example:
|
|
||||||
##
|
|
||||||
## data:
|
|
||||||
## example-dashboard.json: |
|
|
||||||
## RAW_JSON
|
|
||||||
##
|
|
||||||
dashboardsConfigMaps: {}
|
|
||||||
# default: ""
|
|
||||||
|
|
||||||
## Grafana's primary configuration
|
|
||||||
## NOTE: values in map will be converted to ini format
|
|
||||||
## ref: http://docs.grafana.org/installation/configuration/
|
|
||||||
##
|
|
||||||
grafana.ini:
|
|
||||||
paths:
|
|
||||||
data: /var/lib/grafana/
|
|
||||||
logs: /var/log/grafana
|
|
||||||
plugins: /var/lib/grafana/plugins
|
|
||||||
provisioning: /etc/grafana/provisioning
|
|
||||||
analytics:
|
|
||||||
check_for_updates: true
|
|
||||||
log:
|
|
||||||
mode: console
|
|
||||||
grafana_net:
|
|
||||||
url: https://grafana.net
|
|
||||||
## grafana Authentication can be enabled with the following values on grafana.ini
|
|
||||||
# server:
|
|
||||||
# The full public facing url you use in browser, used for redirects and emails
|
|
||||||
# root_url:
|
|
||||||
# https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana
|
|
||||||
# auth.github:
|
|
||||||
# enabled: false
|
|
||||||
# allow_sign_up: false
|
|
||||||
# scopes: user:email,read:org
|
|
||||||
# auth_url: https://github.com/login/oauth/authorize
|
|
||||||
# token_url: https://github.com/login/oauth/access_token
|
|
||||||
# api_url: https://api.github.com/user
|
|
||||||
# team_ids:
|
|
||||||
# allowed_organizations:
|
|
||||||
# client_id:
|
|
||||||
# client_secret:
|
|
||||||
## LDAP Authentication can be enabled with the following values on grafana.ini
|
|
||||||
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
|
|
||||||
# auth.ldap:
|
|
||||||
# enabled: true
|
|
||||||
# allow_sign_up: true
|
|
||||||
# config_file: /etc/grafana/ldap.toml
|
|
||||||
|
|
||||||
## Grafana's LDAP configuration
|
|
||||||
## Templated by the template in _helpers.tpl
|
|
||||||
## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
|
|
||||||
## ref: http://docs.grafana.org/installation/configuration/#auth-ldap
|
|
||||||
## ref: http://docs.grafana.org/installation/ldap/#configuration
|
|
||||||
ldap:
|
|
||||||
enabled: false
|
|
||||||
# `existingSecret` is a reference to an existing secret containing the ldap configuration
|
|
||||||
# for Grafana in a key `ldap-toml`.
|
|
||||||
existingSecret: ""
|
|
||||||
# `config` is the content of `ldap.toml` that will be stored in the created secret
|
|
||||||
config: ""
|
|
||||||
# config: |-
|
|
||||||
# verbose_logging = true
|
|
||||||
|
|
||||||
# [[servers]]
|
|
||||||
# host = "my-ldap-server"
|
|
||||||
# port = 636
|
|
||||||
# use_ssl = true
|
|
||||||
# start_tls = false
|
|
||||||
# ssl_skip_verify = false
|
|
||||||
# bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"
|
|
||||||
|
|
||||||
## Grafana's SMTP configuration
|
|
||||||
## NOTE: To enable, grafana.ini must be configured with smtp.enabled
|
|
||||||
## ref: http://docs.grafana.org/installation/configuration/#smtp
|
|
||||||
smtp:
|
|
||||||
# `existingSecret` is a reference to an existing secret containing the smtp configuration
|
|
||||||
# for Grafana.
|
|
||||||
existingSecret: ""
|
|
||||||
userKey: "user"
|
|
||||||
passwordKey: "password"
|
|
||||||
|
|
||||||
## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders
|
|
||||||
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
|
|
||||||
sidecar:
|
|
||||||
image:
|
|
||||||
repository: quay.io/kiwigrid/k8s-sidecar
|
|
||||||
tag: 1.15.6
|
|
||||||
sha: ""
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
resources: {}
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 100Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 50m
|
|
||||||
# memory: 50Mi
|
|
||||||
securityContext: {}
|
|
||||||
# skipTlsVerify Set to true to skip tls verification for kube api calls
|
|
||||||
# skipTlsVerify: true
|
|
||||||
enableUniqueFilenames: false
|
|
||||||
readinessProbe: {}
|
|
||||||
livenessProbe: {}
|
|
||||||
dashboards:
|
|
||||||
enabled: false
|
|
||||||
SCProvider: true
|
|
||||||
# label that the configmaps with dashboards are marked with
|
|
||||||
label: grafana_dashboard
|
|
||||||
# value of label that the configmaps with dashboards are set to
|
|
||||||
labelValue: null
|
|
||||||
# folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set)
|
|
||||||
folder: /tmp/dashboards
|
|
||||||
# The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead
|
|
||||||
defaultFolderName: null
|
|
||||||
# Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces.
|
|
||||||
# Otherwise the namespace in which the sidecar is running will be used.
|
|
||||||
# It's also possible to specify ALL to search in all namespaces.
|
|
||||||
searchNamespace: null
|
|
||||||
# Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
|
|
||||||
watchMethod: WATCH
|
|
||||||
# search in configmap, secret or both
|
|
||||||
resource: both
|
|
||||||
# If specified, the sidecar will look for annotation with this name to create folder and put graph here.
|
|
||||||
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
|
|
||||||
folderAnnotation: null
|
|
||||||
# Absolute path to shell script to execute after a configmap got reloaded
|
|
||||||
script: null
|
|
||||||
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
|
|
||||||
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
|
|
||||||
# watchServerTimeout: 3600
|
|
||||||
#
|
|
||||||
# watchClientTimeout: is a client-side timeout, configuring your local socket.
|
|
||||||
# If you have a network outage dropping all packets with no RST/FIN,
|
|
||||||
# this is how long your client waits before realizing & dropping the connection.
|
|
||||||
# defaults to 66sec (sic!)
|
|
||||||
# watchClientTimeout: 60
|
|
||||||
#
|
|
||||||
# provider configuration that lets grafana manage the dashboards
|
|
||||||
provider:
|
|
||||||
# name of the provider, should be unique
|
|
||||||
name: sidecarProvider
|
|
||||||
# orgid as configured in grafana
|
|
||||||
orgid: 1
|
|
||||||
# folder in which the dashboards should be imported in grafana
|
|
||||||
folder: ''
|
|
||||||
# type of the provider
|
|
||||||
type: file
|
|
||||||
# disableDelete to activate a import-only behaviour
|
|
||||||
disableDelete: false
|
|
||||||
# allow updating provisioned dashboards from the UI
|
|
||||||
allowUiUpdates: false
|
|
||||||
# allow Grafana to replicate dashboard structure from filesystem
|
|
||||||
foldersFromFilesStructure: false
|
|
||||||
# Additional dashboard sidecar volume mounts
|
|
||||||
extraMounts: []
|
|
||||||
# Sets the size limit of the dashboard sidecar emptyDir volume
|
|
||||||
sizeLimit: {}
|
|
||||||
datasources:
|
|
||||||
enabled: false
|
|
||||||
# label that the configmaps with datasources are marked with
|
|
||||||
label: grafana_datasource
|
|
||||||
# value of label that the configmaps with datasources are set to
|
|
||||||
labelValue: null
|
|
||||||
# If specified, the sidecar will search for datasource config-maps inside this namespace.
|
|
||||||
# Otherwise the namespace in which the sidecar is running will be used.
|
|
||||||
# It's also possible to specify ALL to search in all namespaces
|
|
||||||
searchNamespace: null
|
|
||||||
# Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
|
|
||||||
watchMethod: WATCH
|
|
||||||
# search in configmap, secret or both
|
|
||||||
resource: both
|
|
||||||
# Endpoint to send request to reload datasources
|
|
||||||
reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
|
|
||||||
skipReload: false
|
|
||||||
# Deploy the datasource sidecar as an initContainer in addition to a container.
|
|
||||||
# This is needed if skipReload is true, to load any datasources defined at startup time.
|
|
||||||
initDatasources: false
|
|
||||||
# Sets the size limit of the datasource sidecar emptyDir volume
|
|
||||||
sizeLimit: {}
|
|
||||||
plugins:
|
|
||||||
enabled: false
|
|
||||||
# label that the configmaps with plugins are marked with
|
|
||||||
label: grafana_plugin
|
|
||||||
# value of label that the configmaps with plugins are set to
|
|
||||||
labelValue: null
|
|
||||||
# If specified, the sidecar will search for plugin config-maps inside this namespace.
|
|
||||||
# Otherwise the namespace in which the sidecar is running will be used.
|
|
||||||
# It's also possible to specify ALL to search in all namespaces
|
|
||||||
searchNamespace: null
|
|
||||||
# Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
|
|
||||||
watchMethod: WATCH
|
|
||||||
# search in configmap, secret or both
|
|
||||||
resource: both
|
|
||||||
# Endpoint to send request to reload plugins
|
|
||||||
reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload"
|
|
||||||
skipReload: false
|
|
||||||
# Deploy the datasource sidecar as an initContainer in addition to a container.
|
|
||||||
# This is needed if skipReload is true, to load any plugins defined at startup time.
|
|
||||||
initPlugins: false
|
|
||||||
# Sets the size limit of the plugin sidecar emptyDir volume
|
|
||||||
sizeLimit: {}
|
|
||||||
notifiers:
|
|
||||||
enabled: false
|
|
||||||
# label that the configmaps with notifiers are marked with
|
|
||||||
label: grafana_notifier
|
|
||||||
# If specified, the sidecar will search for notifier config-maps inside this namespace.
|
|
||||||
# Otherwise the namespace in which the sidecar is running will be used.
|
|
||||||
# It's also possible to specify ALL to search in all namespaces
|
|
||||||
searchNamespace: null
|
|
||||||
# search in configmap, secret or both
|
|
||||||
resource: both
|
|
||||||
# Sets the size limit of the notifier sidecar emptyDir volume
|
|
||||||
sizeLimit: {}
|
|
||||||
|
|
||||||
## Override the deployment namespace
|
|
||||||
##
|
|
||||||
namespaceOverride: ""
|
|
||||||
|
|
||||||
## Number of old ReplicaSets to retain
|
|
||||||
##
|
|
||||||
revisionHistoryLimit: 10
|
|
||||||
|
|
||||||
## Add a seperate remote image renderer deployment/service
|
|
||||||
imageRenderer:
|
|
||||||
# Enable the image-renderer deployment & service
|
|
||||||
enabled: false
|
|
||||||
replicas: 1
|
|
||||||
image:
|
|
||||||
# image-renderer Image repository
|
|
||||||
repository: grafana/grafana-image-renderer
|
|
||||||
# image-renderer Image tag
|
|
||||||
tag: latest
|
|
||||||
# image-renderer Image sha (optional)
|
|
||||||
sha: ""
|
|
||||||
# image-renderer ImagePullPolicy
|
|
||||||
pullPolicy: Always
|
|
||||||
# extra environment variables
|
|
||||||
env:
|
|
||||||
HTTP_HOST: "0.0.0.0"
|
|
||||||
# RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758
|
|
||||||
# RENDERING_MODE: clustered
|
|
||||||
# IGNORE_HTTPS_ERRORS: true
|
|
||||||
# image-renderer deployment serviceAccount
|
|
||||||
serviceAccountName: ""
|
|
||||||
# image-renderer deployment securityContext
|
|
||||||
securityContext: {}
|
|
||||||
# image-renderer deployment Host Aliases
|
|
||||||
hostAliases: []
|
|
||||||
# image-renderer deployment priority class
|
|
||||||
priorityClassName: ''
|
|
||||||
service:
|
|
||||||
# Enable the image-renderer service
|
|
||||||
enabled: true
|
|
||||||
# image-renderer service port name
|
|
||||||
portName: 'http'
|
|
||||||
# image-renderer service port used by both service and deployment
|
|
||||||
port: 8081
|
|
||||||
targetPort: 8081
|
|
||||||
# If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana
|
|
||||||
grafanaProtocol: http
|
|
||||||
# In case a sub_path is used this needs to be added to the image renderer callback
|
|
||||||
grafanaSubPath: ""
|
|
||||||
# name of the image-renderer port on the pod
|
|
||||||
podPortName: http
|
|
||||||
# number of image-renderer replica sets to keep
|
|
||||||
revisionHistoryLimit: 10
|
|
||||||
networkPolicy:
|
|
||||||
# Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods
|
|
||||||
limitIngress: true
|
|
||||||
# Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods
|
|
||||||
limitEgress: false
|
|
||||||
resources: {}
|
|
||||||
# limits:
|
|
||||||
# cpu: 100m
|
|
||||||
# memory: 100Mi
|
|
||||||
# requests:
|
|
||||||
# cpu: 50m
|
|
||||||
# memory: 50Mi
|
|
||||||
## Node labels for pod assignment
|
|
||||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
||||||
#
|
|
||||||
nodeSelector: {}
|
|
||||||
|
|
||||||
## Tolerations for pod assignment
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
||||||
##
|
|
||||||
tolerations: []
|
|
||||||
|
|
||||||
## Affinity for pod assignment (evaluated as template)
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
||||||
##
|
|
||||||
affinity: {}
|
|
||||||
|
|
||||||
networkPolicy:
|
|
||||||
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
|
|
||||||
##
|
|
||||||
enabled: false
|
|
||||||
## @param networkPolicy.allowExternal Don't require client label for connections
|
|
||||||
## The Policy model to apply. When set to false, only pods with the correct
|
|
||||||
## client label will have network access to grafana port defined.
|
|
||||||
## When true, grafana will accept connections from any source
|
|
||||||
## (with the correct destination port).
|
|
||||||
##
|
|
||||||
allowExternal: true
|
|
||||||
## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
|
|
||||||
## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
|
|
||||||
## and that match other criteria, the ones that have the good label, can reach the grafana.
|
|
||||||
## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
|
|
||||||
## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
|
|
||||||
##
|
|
||||||
## Example:
|
|
||||||
## explicitNamespacesSelector:
|
|
||||||
## matchLabels:
|
|
||||||
## role: frontend
|
|
||||||
## matchExpressions:
|
|
||||||
## - {key: role, operator: In, values: [frontend]}
|
|
||||||
##
|
|
||||||
explicitNamespacesSelector: {}
|
|
||||||
|
|
||||||
# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option
|
|
||||||
enableKubeBackwardCompatibility: false
|
|
||||||
|
|
||||||
# Create a dynamic manifests via values:
|
|
||||||
extraObjects: []
|
|
||||||
# - apiVersion: "kubernetes-client.io/v1"
|
|
||||||
# kind: ExternalSecret
|
|
||||||
# metadata:
|
|
||||||
# name: grafana-secrets
|
|
||||||
# spec:
|
|
||||||
# backendType: gcpSecretsManager
|
|
||||||
# data:
|
|
||||||
# - key: grafana-admin-password
|
|
||||||
# name: adminPassword
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/clusterrole.yaml
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
name: grafana-clusterrole
|
||||||
|
rules: []
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/clusterrolebinding.yaml
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: grafana-clusterrolebinding
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: grafana-clusterrole
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
|
@ -0,0 +1,78 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/configmap.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
data:
|
||||||
|
grafana.ini: |
|
||||||
|
[analytics]
|
||||||
|
check_for_updates = true
|
||||||
|
[grafana_net]
|
||||||
|
url = https://grafana.net
|
||||||
|
[log]
|
||||||
|
mode = console
|
||||||
|
[paths]
|
||||||
|
data = /var/lib/grafana/
|
||||||
|
logs = /var/log/grafana
|
||||||
|
plugins = /var/lib/grafana/plugins
|
||||||
|
provisioning = /etc/grafana/provisioning
|
||||||
|
|
||||||
|
datasources.yaml: |
|
||||||
|
apiVersion: 1
|
||||||
|
datasources:
|
||||||
|
- isDefault: true
|
||||||
|
name: Prometheus
|
||||||
|
type: prometheus
|
||||||
|
url: http://prometheus-server
|
||||||
|
dashboardproviders.yaml: |
|
||||||
|
apiVersion: 1
|
||||||
|
providers:
|
||||||
|
- disableDeletion: false
|
||||||
|
editable: true
|
||||||
|
folder: ""
|
||||||
|
name: default
|
||||||
|
options:
|
||||||
|
path: /var/lib/grafana/dashboards/default
|
||||||
|
orgId: 1
|
||||||
|
type: file
|
||||||
|
download_dashboards.sh: |
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
set -euf
|
||||||
|
mkdir -p /var/lib/grafana/dashboards/default
|
||||||
|
|
||||||
|
curl -skf \
|
||||||
|
--connect-timeout 60 \
|
||||||
|
--max-time 60 \
|
||||||
|
-H "Accept: application/json" \
|
||||||
|
-H "Content-Type: application/json;charset=UTF-8" \
|
||||||
|
"https://grafana.com/api/dashboards/12006/revisions/1/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\
|
||||||
|
> "/var/lib/grafana/dashboards/default/kubernetes-apiserver.json"
|
||||||
|
curl -skf \
|
||||||
|
--connect-timeout 60 \
|
||||||
|
--max-time 60 \
|
||||||
|
-H "Accept: application/json" \
|
||||||
|
-H "Content-Type: application/json;charset=UTF-8" \
|
||||||
|
"https://grafana.com/api/dashboards/9614/revisions/1/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\
|
||||||
|
> "/var/lib/grafana/dashboards/default/nginx-ingress.json"
|
||||||
|
curl -skf \
|
||||||
|
--connect-timeout 60 \
|
||||||
|
--max-time 60 \
|
||||||
|
-H "Accept: application/json" \
|
||||||
|
-H "Content-Type: application/json;charset=UTF-8" \
|
||||||
|
"https://grafana.com/api/dashboards/1860/revisions/26/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\
|
||||||
|
> "/var/lib/grafana/dashboards/default/node.json"
|
||||||
|
curl -skf \
|
||||||
|
--connect-timeout 60 \
|
||||||
|
--max-time 60 \
|
||||||
|
-H "Accept: application/json" \
|
||||||
|
-H "Content-Type: application/json;charset=UTF-8" \
|
||||||
|
"https://grafana.com/api/dashboards/9628/revisions/7/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\
|
||||||
|
> "/var/lib/grafana/dashboards/default/postgresql.json"
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/dashboards-json-configmap.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: grafana-dashboards-default
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
dashboard-provider: default
|
||||||
|
data:
|
||||||
|
{}
|
|
@ -0,0 +1,119 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/deployment.yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
revisionHistoryLimit: 10
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
strategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
annotations:
|
||||||
|
checksum/config: 8a616a59613b7d132be6411ac28ec9efa8482e7a6e98dce5a84c1279a03bf35f
|
||||||
|
checksum/dashboards-json-config: 60bfce132b37398fa9329494762f049aebef4ba473dabdd67d4f15d6a86a578c
|
||||||
|
checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||||
|
spec:
|
||||||
|
|
||||||
|
serviceAccountName: grafana
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 472
|
||||||
|
runAsGroup: 472
|
||||||
|
runAsUser: 472
|
||||||
|
initContainers:
|
||||||
|
- name: download-dashboards
|
||||||
|
image: "curlimages/curl:7.73.0"
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command: ["/bin/sh"]
|
||||||
|
args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ]
|
||||||
|
resources:
|
||||||
|
{}
|
||||||
|
env:
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: "/etc/grafana/download_dashboards.sh"
|
||||||
|
subPath: download_dashboards.sh
|
||||||
|
- name: storage
|
||||||
|
mountPath: "/var/lib/grafana"
|
||||||
|
enableServiceLinks: true
|
||||||
|
containers:
|
||||||
|
- name: grafana
|
||||||
|
image: "grafana/grafana:8.5.0"
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: "/etc/grafana/grafana.ini"
|
||||||
|
subPath: grafana.ini
|
||||||
|
- name: storage
|
||||||
|
mountPath: "/var/lib/grafana"
|
||||||
|
- name: config
|
||||||
|
mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
|
||||||
|
subPath: "datasources.yaml"
|
||||||
|
- name: config
|
||||||
|
mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
|
||||||
|
subPath: "dashboardproviders.yaml"
|
||||||
|
ports:
|
||||||
|
- name: service
|
||||||
|
containerPort: 80
|
||||||
|
protocol: TCP
|
||||||
|
- name: grafana
|
||||||
|
containerPort: 3000
|
||||||
|
protocol: TCP
|
||||||
|
env:
|
||||||
|
- name: GF_SECURITY_ADMIN_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: grafana-credentials
|
||||||
|
key: admin-user
|
||||||
|
- name: GF_SECURITY_ADMIN_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: grafana-credentials
|
||||||
|
key: admin-password
|
||||||
|
- name: GF_PATHS_DATA
|
||||||
|
value: /var/lib/grafana/
|
||||||
|
- name: GF_PATHS_LOGS
|
||||||
|
value: /var/log/grafana
|
||||||
|
- name: GF_PATHS_PLUGINS
|
||||||
|
value: /var/lib/grafana/plugins
|
||||||
|
- name: GF_PATHS_PROVISIONING
|
||||||
|
value: /etc/grafana/provisioning
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 10
|
||||||
|
httpGet:
|
||||||
|
path: /api/health
|
||||||
|
port: 3000
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
timeoutSeconds: 30
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /api/health
|
||||||
|
port: 3000
|
||||||
|
resources:
|
||||||
|
{}
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: grafana
|
||||||
|
- name: dashboards-default
|
||||||
|
configMap:
|
||||||
|
name: grafana-dashboards-default
|
||||||
|
- name: storage
|
||||||
|
emptyDir: {}
|
|
@ -1,17 +1,20 @@
|
||||||
{{- if .Values.rbac.pspEnabled }}
|
---
|
||||||
|
# Source: grafana/templates/podsecuritypolicy.yaml
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "grafana.fullname" . }}
|
name: grafana
|
||||||
labels:
|
labels:
|
||||||
{{- include "grafana.labels" . | nindent 4 }}
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
annotations:
|
annotations:
|
||||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
|
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
|
||||||
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||||
{{- if .Values.rbac.pspUseAppArmor }}
|
|
||||||
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
|
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
|
||||||
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||||
{{- end }}
|
|
||||||
spec:
|
spec:
|
||||||
privileged: false
|
privileged: false
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
@ -46,4 +49,3 @@ spec:
|
||||||
- min: 1
|
- min: 1
|
||||||
max: 65535
|
max: 65535
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
{{- end }}
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/role.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
rules:
|
||||||
|
- apiGroups: ['extensions']
|
||||||
|
resources: ['podsecuritypolicies']
|
||||||
|
verbs: ['use']
|
||||||
|
resourceNames: [grafana]
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/rolebinding.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: grafana
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/service.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: service
|
||||||
|
port: 80
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 3000
|
||||||
|
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Source: grafana/templates/serviceaccount.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: grafana-6.29.2
|
||||||
|
app.kubernetes.io/name: grafana
|
||||||
|
app.kubernetes.io/instance: grafana
|
||||||
|
app.kubernetes.io/version: "8.5.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
name: grafana
|
||||||
|
namespace: default
|
|
@ -28,6 +28,17 @@ resources:
|
||||||
- inflated/prometheus/templates/server/deploy.yaml
|
- inflated/prometheus/templates/server/deploy.yaml
|
||||||
- inflated/prometheus/templates/server/clusterrolebinding.yaml
|
- inflated/prometheus/templates/server/clusterrolebinding.yaml
|
||||||
- inflated/prometheus/templates/server/pvc.yaml
|
- inflated/prometheus/templates/server/pvc.yaml
|
||||||
|
# Grafana
|
||||||
|
- inflated/grafana/templates/serviceaccount.yaml
|
||||||
|
- inflated/grafana/templates/dashboards-json-configmap.yaml
|
||||||
|
- inflated/grafana/templates/rolebinding.yaml
|
||||||
|
- inflated/grafana/templates/deployment.yaml
|
||||||
|
- inflated/grafana/templates/role.yaml
|
||||||
|
- inflated/grafana/templates/service.yaml
|
||||||
|
- inflated/grafana/templates/clusterrole.yaml
|
||||||
|
- inflated/grafana/templates/podsecuritypolicy.yaml
|
||||||
|
- inflated/grafana/templates/configmap.yaml
|
||||||
|
- inflated/grafana/templates/clusterrolebinding.yaml
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: ingress-nginx
|
- name: ingress-nginx
|
||||||
|
@ -45,56 +56,3 @@ helmCharts:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/scrape: "true"
|
prometheus.io/scrape: "true"
|
||||||
prometheus.io/port: "10254"
|
prometheus.io/port: "10254"
|
||||||
- name: grafana
|
|
||||||
repo: https://grafana.github.io/helm-charts
|
|
||||||
version: "6.29.1"
|
|
||||||
releaseName: grafana
|
|
||||||
valuesInline:
|
|
||||||
admin:
|
|
||||||
existingSecret: grafana-credentials
|
|
||||||
# Seems to launch a failing container, disabling for now:
|
|
||||||
testFramework:
|
|
||||||
enabled: false
|
|
||||||
persistence:
|
|
||||||
enabled: false
|
|
||||||
# Note: datasources are patched in overlays to correct the URLs.
|
|
||||||
# Including here is required for the helm chart to mount the configmap
|
|
||||||
# volume.
|
|
||||||
datasources:
|
|
||||||
datasources.yaml:
|
|
||||||
apiVersion: 1
|
|
||||||
datasources:
|
|
||||||
- isDefault: true
|
|
||||||
name: Prometheus
|
|
||||||
type: prometheus
|
|
||||||
url: http://prometheus-server
|
|
||||||
dashboardProviders:
|
|
||||||
dashboardproviders.yaml:
|
|
||||||
apiVersion: 1
|
|
||||||
providers:
|
|
||||||
- name: 'default'
|
|
||||||
orgId: 1
|
|
||||||
folder: ''
|
|
||||||
type: file
|
|
||||||
disableDeletion: false
|
|
||||||
editable: true
|
|
||||||
options:
|
|
||||||
path: /var/lib/grafana/dashboards/default
|
|
||||||
dashboards:
|
|
||||||
default:
|
|
||||||
postgresql:
|
|
||||||
gnetId: 9628
|
|
||||||
revision: 7
|
|
||||||
datasource: Prometheus
|
|
||||||
node:
|
|
||||||
gnetId: 1860
|
|
||||||
revision: 26
|
|
||||||
datasource: Prometheus
|
|
||||||
nginx-ingress:
|
|
||||||
gnetId: 9614
|
|
||||||
revision: 1
|
|
||||||
datasource: Prometheus
|
|
||||||
kubernetes-apiserver:
|
|
||||||
gnetId: 12006
|
|
||||||
revision: 1
|
|
||||||
datasource: Prometheus
|
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
admin:
|
||||||
|
existingSecret: grafana-credentials
|
||||||
|
# Seems to launch a failing container, disabling for now:
|
||||||
|
testFramework:
|
||||||
|
enabled: false
|
||||||
|
persistence:
|
||||||
|
enabled: false
|
||||||
|
# Note: datasources are patched in overlays to correct the URLs.
|
||||||
|
# Including here is required for the helm chart to mount the configmap
|
||||||
|
# volume.
|
||||||
|
datasources:
|
||||||
|
datasources.yaml:
|
||||||
|
apiVersion: 1
|
||||||
|
datasources:
|
||||||
|
- isDefault: true
|
||||||
|
name: Prometheus
|
||||||
|
type: prometheus
|
||||||
|
url: http://prometheus-server
|
||||||
|
dashboardProviders:
|
||||||
|
dashboardproviders.yaml:
|
||||||
|
apiVersion: 1
|
||||||
|
providers:
|
||||||
|
- name: 'default'
|
||||||
|
orgId: 1
|
||||||
|
folder: ''
|
||||||
|
type: file
|
||||||
|
disableDeletion: false
|
||||||
|
editable: true
|
||||||
|
options:
|
||||||
|
path: /var/lib/grafana/dashboards/default
|
||||||
|
dashboards:
|
||||||
|
default:
|
||||||
|
postgresql:
|
||||||
|
gnetId: 9628
|
||||||
|
revision: 7
|
||||||
|
datasource: Prometheus
|
||||||
|
node:
|
||||||
|
gnetId: 1860
|
||||||
|
revision: 26
|
||||||
|
datasource: Prometheus
|
||||||
|
nginx-ingress:
|
||||||
|
gnetId: 9614
|
||||||
|
revision: 1
|
||||||
|
datasource: Prometheus
|
||||||
|
kubernetes-apiserver:
|
||||||
|
gnetId: 12006
|
||||||
|
revision: 1
|
||||||
|
datasource: Prometheus
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
#
|
||||||
|
# helm-chart-inflate.sh prometheus prometheus-community/prometheus
|
||||||
|
set -euo pipefail
|
||||||
|
IFS=$'\n\t'
|
||||||
|
|
||||||
|
name=$1
|
||||||
|
chart=$2
|
||||||
|
|
||||||
|
rm -rf base/inflated/$name
|
||||||
|
|
||||||
|
valuesfile="base/values/$name.yaml"
|
||||||
|
if [ -f $valuesfile ]; then
|
||||||
|
echo "Inflating template with values file: $valuesfile ..."
|
||||||
|
helm template $name $chart --output-dir base/inflated -f $valuesfile
|
||||||
|
else
|
||||||
|
echo "Inflating template with default values ..."
|
||||||
|
helm template $name $chart --output-dir base/inflated
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "YAML entries for base/kustomzation.yaml:"
|
||||||
|
find base/inflated/$name -iname '*.yaml' | xargs realpath --relative-to base | sed 's/^/- /'
|
Loading…
Reference in New Issue