From f394cb860cfd1173578c606a22cc7522969a2c6c Mon Sep 17 00:00:00 2001 From: William P Date: Mon, 12 May 2025 22:26:49 -0400 Subject: [PATCH] add grafana --- grafana/Chart.yaml | 28 +++ grafana/values.yaml | 521 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 549 insertions(+) create mode 100644 grafana/Chart.yaml create mode 100644 grafana/values.yaml diff --git a/grafana/Chart.yaml b/grafana/Chart.yaml new file mode 100644 index 0000000..c883c58 --- /dev/null +++ b/grafana/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: grafana +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "1.0" + +dependencies: +- name: grafana + version: 9.0.0 + repository: https://grafana.github.io/helm-charts \ No newline at end of file diff --git a/grafana/values.yaml b/grafana/values.yaml new file mode 100644 index 0000000..a6afa0e --- /dev/null +++ b/grafana/values.yaml @@ -0,0 +1,521 @@ +grafana: + admin: + existingSecret: grafana-admin + passwordKey: passwordKey + userKey: userKey + affinity: {} + alerting: {} + assertNoLeakedSecrets: true + automountServiceAccountToken: true + autoscaling: + behavior: {} + enabled: false + maxReplicas: 5 + minReplicas: 1 + targetCPU: "60" + targetMemory: "" + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + createConfigmap: true + dashboardProviders: {} + dashboards: {} + dashboardsConfigMaps: {} + datasources: {} + defaultCurlOptions: -skf + deploymentStrategy: + type: RollingUpdate + dnsConfig: {} + dnsPolicy: null + downloadDashboards: + env: {} + envFromSecret: "" + envValueFrom: {} + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + downloadDashboardsImage: + pullPolicy: IfNotPresent + registry: docker.io + repository: curlimages/curl + sha: "" + tag: 8.9.1 + enableKubeBackwardCompatibility: false + enableServiceLinks: true + env: {} + envFromConfigMaps: + - name: grafana-env + envFromSecret: "" + envFromSecrets: + - name: grafana-secretenv + envRenderSecret: {} + envValueFrom: {} + extraConfigmapMounts: [] + extraContainerVolumes: [] + extraContainers: "" + extraEmptyDirMounts: [] + extraExposePorts: [] + extraInitContainers: [] + extraLabels: {} + extraObjects: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: grafana-admin + spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: grafana + metadataPolicy: None + property: userKey + secretKey: userKey + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: grafana + metadataPolicy: None + property: passwordKey + secretKey: passwordKey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + creationPolicy: Owner + deletionPolicy: Retain + name: grafana-admin + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: grafana-secretenv + spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: grafana + metadataPolicy: None + property: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: grafana + metadataPolicy: None + property: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + creationPolicy: Owner + deletionPolicy: Retain + name: grafana-secretenv + - apiVersion: v1 + kind: ConfigMap + metadata: + name: grafana-env + data: + GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.dubyatp.xyz/application/o/userinfo/ + GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.dubyatp.xyz/application/o/authorize/ + GF_AUTH_GENERIC_OAUTH_ENABLED: "true" + GF_AUTH_GENERIC_OAUTH_NAME: authentik + GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' + GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email + GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.dubyatp.xyz/application/o/token/ + GF_AUTH_OAUTH_AUTO_LOGIN: "true" + GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.dubyatp.xyz/application/o/grafana-slug/end-session/ + GF_SERVER_ROOT_URL: https://grafana.infra.dubyatp.xyz + - apiVersion: v1 + kind: Secret + metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" + replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" + data: + tls.crt: "" + tls.key: "" + extraSecretMounts: [] + extraVolumeMounts: [] + extraVolumes: [] + global: + imagePullSecrets: [] + imageRegistry: null + gossipPortName: gossip + grafana.ini: + analytics: + check_for_updates: true + grafana_net: + url: https://grafana.net + log: + mode: console + paths: + data: /var/lib/grafana/ + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + server: + domain: '{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts + | first) . }}{{ else }}''''{{ end }}' + headlessService: false + hostAliases: [] + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: grafana/grafana + sha: "" + tag: "" + imageRenderer: + affinity: {} + automountServiceAccountToken: false + autoscaling: + behavior: {} + enabled: false + maxReplicas: 5 + minReplicas: 1 + targetCPU: "60" + targetMemory: "" + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + deploymentStrategy: {} + enabled: false + env: + HTTP_HOST: 0.0.0.0 + XDG_CACHE_HOME: /tmp/.chromium + XDG_CONFIG_HOME: /tmp/.chromium + envValueFrom: {} + extraConfigmapMounts: [] + extraSecretMounts: [] + extraVolumeMounts: [] + extraVolumes: [] + grafanaProtocol: http + grafanaSubPath: "" + hostAliases: [] + image: + pullPolicy: Always + pullSecrets: [] + registry: docker.io + repository: grafana/grafana-image-renderer + sha: "" + tag: latest + networkPolicy: + extraIngressSelectors: [] + limitEgress: false + limitIngress: true + nodeSelector: {} + podAnnotations: {} + podPortName: http + priorityClassName: "" + renderingCallbackURL: "" + replicas: 1 + resources: {} + revisionHistoryLimit: 10 + securityContext: {} + serverURL: "" + service: + appProtocol: "" + enabled: true + port: 8081 + portName: http + targetPort: 8081 + serviceAccountName: "" + serviceMonitor: + enabled: false + interval: 1m + labels: {} + path: /metrics + relabelings: [] + scheme: http + scrapeTimeout: 30s + targetLabels: [] + tlsConfig: {} + tolerations: [] + ingress: + annotations: {} + enabled: true + extraPaths: [] + hosts: + - grafana.infra.dubyatp.xyz + labels: {} + path: / + pathType: Prefix + tls: + - hosts: + - grafana.infra.dubyatp.xyz + secretName: cert-dubyatp-xyz + initChownData: + enabled: true + image: + pullPolicy: IfNotPresent + registry: docker.io + repository: library/busybox + sha: "" + tag: 1.31.1 + resources: {} + securityContext: + capabilities: + add: + - CHOWN + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + ldap: + config: "" + enabled: false + existingSecret: "" + lifecycleHooks: {} + livenessProbe: + failureThreshold: 10 + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + namespaceOverride: "" + networkPolicy: + allowExternal: true + egress: + blockDNSResolution: false + enabled: false + ports: [] + to: [] + enabled: false + explicitNamespacesSelector: {} + ingress: true + nodeSelector: {} + notifiers: {} + persistence: + accessModes: + - ReadWriteOnce + disableWarning: false + enabled: true + extraPvcLabels: {} + finalizers: + - kubernetes.io/pvc-protection + inMemory: + enabled: false + lookupVolumeName: true + size: 10Gi + type: pvc + volumeName: "" + plugins: [] + podDisruptionBudget: {} + podPortName: grafana + podAnnotations: + backup.velero.io/backup-volumes: "storage" + rbac: + create: true + extraClusterRoleRules: [] + extraRoleRules: [] + namespaced: false + pspEnabled: false + pspUseAppArmor: false + readinessProbe: + httpGet: + path: /api/health + port: 3000 + replicas: 1 + resources: {} + revisionHistoryLimit: 10 + route: + main: + additionalRules: [] + annotations: {} + apiVersion: gateway.networking.k8s.io/v1 + enabled: false + filters: [] + hostnames: [] + kind: HTTPRoute + labels: {} + matches: + - path: + type: PathPrefix + value: / + parentRefs: [] + securityContext: + fsGroup: 472 + runAsGroup: 472 + runAsNonRoot: true + runAsUser: 472 + service: + annotations: {} + appProtocol: "" + enabled: true + ipFamilies: [] + ipFamilyPolicy: "" + labels: {} + loadBalancerClass: "" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + port: 80 + portName: service + sessionAffinity: "" + targetPort: 3000 + type: ClusterIP + serviceAccount: + automountServiceAccountToken: false + create: true + labels: {} + name: null + nameTest: null + serviceMonitor: + basicAuth: {} + enabled: false + interval: 30s + labels: {} + metricRelabelings: [] + path: /metrics + relabelings: [] + scheme: http + scrapeTimeout: 30s + targetLabels: [] + tlsConfig: {} + shareProcessNamespace: false + sidecar: + alerts: + enabled: false + env: {} + extraMounts: [] + initAlerts: false + label: grafana_alert + labelValue: "" + reloadURL: http://localhost:3000/api/admin/provisioning/alerting/reload + resource: both + resourceName: "" + script: null + searchNamespace: null + sizeLimit: {} + skipReload: false + watchMethod: WATCH + dashboards: + SCProvider: true + defaultFolderName: null + enabled: false + env: {} + envValueFrom: {} + extraMounts: [] + folder: /tmp/dashboards + folderAnnotation: null + label: grafana_dashboard + labelValue: "" + provider: + allowUiUpdates: false + disableDelete: false + folder: "" + folderUid: "" + foldersFromFilesStructure: false + name: sidecarProvider + orgid: 1 + type: file + reloadURL: http://localhost:3000/api/admin/provisioning/dashboards/reload + resource: both + resourceName: "" + script: null + searchNamespace: null + sizeLimit: {} + skipReload: false + watchMethod: WATCH + datasources: + enabled: false + env: {} + envValueFrom: {} + extraMounts: [] + initDatasources: false + label: grafana_datasource + labelValue: "" + reloadURL: http://localhost:3000/api/admin/provisioning/datasources/reload + resource: both + resourceName: "" + script: null + searchNamespace: null + sizeLimit: {} + skipReload: false + watchMethod: WATCH + enableUniqueFilenames: false + image: + registry: quay.io + repository: kiwigrid/k8s-sidecar + sha: "" + tag: 1.30.0 + imagePullPolicy: IfNotPresent + livenessProbe: {} + notifiers: + enabled: false + env: {} + extraMounts: [] + initNotifiers: false + label: grafana_notifier + labelValue: "" + reloadURL: http://localhost:3000/api/admin/provisioning/notifications/reload + resource: both + resourceName: "" + script: null + searchNamespace: null + sizeLimit: {} + skipReload: false + watchMethod: WATCH + plugins: + enabled: false + env: {} + extraMounts: [] + initPlugins: false + label: grafana_plugin + labelValue: "" + reloadURL: http://localhost:3000/api/admin/provisioning/plugins/reload + resource: both + resourceName: "" + script: null + searchNamespace: null + sizeLimit: {} + skipReload: false + watchMethod: WATCH + readinessProbe: {} + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + smtp: + existingSecret: "" + passwordKey: password + userKey: user + testFramework: + containerSecurityContext: {} + enabled: true + image: + registry: docker.io + repository: bats/bats + tag: v1.4.1 + imagePullPolicy: IfNotPresent + resources: {} + securityContext: {} + tolerations: [] + topologySpreadConstraints: [] + useStatefulSet: false