infrastructure/core-apps
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

add grafana

Browse Source
This commit is contained in:
William P
2025-05-12 22:26:49 -04:00
parent b6bde0c026
commit f394cb860c
2 changed files with 549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
grafana/Chart.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v2
name: grafana
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "1.0"
dependencies:
- name: grafana
version: 9.0.0
repository: https://grafana.github.io/helm-charts

521
grafana/values.yaml Normal file
View File

@@ -0,0 +1,521 @@
grafana:
admin:
existingSecret: grafana-admin
passwordKey: passwordKey
userKey: userKey
affinity: {}
alerting: {}
assertNoLeakedSecrets: true
automountServiceAccountToken: true
autoscaling:
behavior: {}
enabled: false
maxReplicas: 5
minReplicas: 1
targetCPU: "60"
targetMemory: ""
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
createConfigmap: true
dashboardProviders: {}
dashboards: {}
dashboardsConfigMaps: {}
datasources: {}
defaultCurlOptions: -skf
deploymentStrategy:
type: RollingUpdate
dnsConfig: {}
dnsPolicy: null
downloadDashboards:
env: {}
envFromSecret: ""
envValueFrom: {}
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
downloadDashboardsImage:
pullPolicy: IfNotPresent
registry: docker.io
repository: curlimages/curl
sha: ""
tag: 8.9.1
enableKubeBackwardCompatibility: false
enableServiceLinks: true
env: {}
envFromConfigMaps:
- name: grafana-env
envFromSecret: ""
envFromSecrets:
- name: grafana-secretenv
envRenderSecret: {}
envValueFrom: {}
extraConfigmapMounts: []
extraContainerVolumes: []
extraContainers: ""
extraEmptyDirMounts: []
extraExposePorts: []
extraInitContainers: []
extraLabels: {}
extraObjects:
- apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-admin
spec:
data:
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: grafana
metadataPolicy: None
property: userKey
secretKey: userKey
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: grafana
metadataPolicy: None
property: passwordKey
secretKey: passwordKey
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: weyma-vault
target:
creationPolicy: Owner
deletionPolicy: Retain
name: grafana-admin
- apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-secretenv
spec:
data:
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: grafana
metadataPolicy: None
property: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: grafana
metadataPolicy: None
property: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: weyma-vault
target:
creationPolicy: Owner
deletionPolicy: Retain
name: grafana-secretenv
- apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-env
data:
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.dubyatp.xyz/application/o/userinfo/
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.dubyatp.xyz/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.dubyatp.xyz/application/o/token/
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.dubyatp.xyz/application/o/grafana-slug/end-session/
GF_SERVER_ROOT_URL: https://grafana.infra.dubyatp.xyz
- apiVersion: v1
kind: Secret
metadata:
name: cert-dubyatp-xyz
annotations:
replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
data:
tls.crt: ""
tls.key: ""
extraSecretMounts: []
extraVolumeMounts: []
extraVolumes: []
global:
imagePullSecrets: []
imageRegistry: null
gossipPortName: gossip
grafana.ini:
analytics:
check_for_updates: true
grafana_net:
url: https://grafana.net
log:
mode: console
paths:
data: /var/lib/grafana/
logs: /var/log/grafana
plugins: /var/lib/grafana/plugins
provisioning: /etc/grafana/provisioning
server:
domain: '{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts
| first) . }}{{ else }}''''{{ end }}'
headlessService: false
hostAliases: []
image:
pullPolicy: IfNotPresent
pullSecrets: []
registry: docker.io
repository: grafana/grafana
sha: ""
tag: ""
imageRenderer:
affinity: {}
automountServiceAccountToken: false
autoscaling:
behavior: {}
enabled: false
maxReplicas: 5
minReplicas: 1
targetCPU: "60"
targetMemory: ""
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
deploymentStrategy: {}
enabled: false
env:
HTTP_HOST: 0.0.0.0
XDG_CACHE_HOME: /tmp/.chromium
XDG_CONFIG_HOME: /tmp/.chromium
envValueFrom: {}
extraConfigmapMounts: []
extraSecretMounts: []
extraVolumeMounts: []
extraVolumes: []
grafanaProtocol: http
grafanaSubPath: ""
hostAliases: []
image:
pullPolicy: Always
pullSecrets: []
registry: docker.io
repository: grafana/grafana-image-renderer
sha: ""
tag: latest
networkPolicy:
extraIngressSelectors: []
limitEgress: false
limitIngress: true
nodeSelector: {}
podAnnotations: {}
podPortName: http
priorityClassName: ""
renderingCallbackURL: ""
replicas: 1
resources: {}
revisionHistoryLimit: 10
securityContext: {}
serverURL: ""
service:
appProtocol: ""
enabled: true
port: 8081
portName: http
targetPort: 8081
serviceAccountName: ""
serviceMonitor:
enabled: false
interval: 1m
labels: {}
path: /metrics
relabelings: []
scheme: http
scrapeTimeout: 30s
targetLabels: []
tlsConfig: {}
tolerations: []
ingress:
annotations: {}
enabled: true
extraPaths: []
hosts:
- grafana.infra.dubyatp.xyz
labels: {}
path: /
pathType: Prefix
tls:
- hosts:
- grafana.infra.dubyatp.xyz
secretName: cert-dubyatp-xyz
initChownData:
enabled: true
image:
pullPolicy: IfNotPresent
registry: docker.io
repository: library/busybox
sha: ""
tag: 1.31.1
resources: {}
securityContext:
capabilities:
add:
- CHOWN
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
ldap:
config: ""
enabled: false
existingSecret: ""
lifecycleHooks: {}
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 30
namespaceOverride: ""
networkPolicy:
allowExternal: true
egress:
blockDNSResolution: false
enabled: false
ports: []
to: []
enabled: false
explicitNamespacesSelector: {}
ingress: true
nodeSelector: {}
notifiers: {}
persistence:
accessModes:
- ReadWriteOnce
disableWarning: false
enabled: true
extraPvcLabels: {}
finalizers:
- kubernetes.io/pvc-protection
inMemory:
enabled: false
lookupVolumeName: true
size: 10Gi
type: pvc
volumeName: ""
plugins: []
podDisruptionBudget: {}
podPortName: grafana
podAnnotations:
backup.velero.io/backup-volumes: "storage"
rbac:
create: true
extraClusterRoleRules: []
extraRoleRules: []
namespaced: false
pspEnabled: false
pspUseAppArmor: false
readinessProbe:
httpGet:
path: /api/health
port: 3000
replicas: 1
resources: {}
revisionHistoryLimit: 10
route:
main:
additionalRules: []
annotations: {}
apiVersion: gateway.networking.k8s.io/v1
enabled: false
filters: []
hostnames: []
kind: HTTPRoute
labels: {}
matches:
- path:
type: PathPrefix
value: /
parentRefs: []
securityContext:
fsGroup: 472
runAsGroup: 472
runAsNonRoot: true
runAsUser: 472
service:
annotations: {}
appProtocol: ""
enabled: true
ipFamilies: []
ipFamilyPolicy: ""
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
port: 80
portName: service
sessionAffinity: ""
targetPort: 3000
type: ClusterIP
serviceAccount:
automountServiceAccountToken: false
create: true
labels: {}
name: null
nameTest: null
serviceMonitor:
basicAuth: {}
enabled: false
interval: 30s
labels: {}
metricRelabelings: []
path: /metrics
relabelings: []
scheme: http
scrapeTimeout: 30s
targetLabels: []
tlsConfig: {}
shareProcessNamespace: false
sidecar:
alerts:
enabled: false
env: {}
extraMounts: []
initAlerts: false
label: grafana_alert
labelValue: ""
reloadURL: http://localhost:3000/api/admin/provisioning/alerting/reload
resource: both
resourceName: ""
script: null
searchNamespace: null
sizeLimit: {}
skipReload: false
watchMethod: WATCH
dashboards:
SCProvider: true
defaultFolderName: null
enabled: false
env: {}
envValueFrom: {}
extraMounts: []
folder: /tmp/dashboards
folderAnnotation: null
label: grafana_dashboard
labelValue: ""
provider:
allowUiUpdates: false
disableDelete: false
folder: ""
folderUid: ""
foldersFromFilesStructure: false
name: sidecarProvider
orgid: 1
type: file
reloadURL: http://localhost:3000/api/admin/provisioning/dashboards/reload
resource: both
resourceName: ""
script: null
searchNamespace: null
sizeLimit: {}
skipReload: false
watchMethod: WATCH
datasources:
enabled: false
env: {}
envValueFrom: {}
extraMounts: []
initDatasources: false
label: grafana_datasource
labelValue: ""
reloadURL: http://localhost:3000/api/admin/provisioning/datasources/reload
resource: both
resourceName: ""
script: null
searchNamespace: null
sizeLimit: {}
skipReload: false
watchMethod: WATCH
enableUniqueFilenames: false
image:
registry: quay.io
repository: kiwigrid/k8s-sidecar
sha: ""
tag: 1.30.0
imagePullPolicy: IfNotPresent
livenessProbe: {}
notifiers:
enabled: false
env: {}
extraMounts: []
initNotifiers: false
label: grafana_notifier
labelValue: ""
reloadURL: http://localhost:3000/api/admin/provisioning/notifications/reload
resource: both
resourceName: ""
script: null
searchNamespace: null
sizeLimit: {}
skipReload: false
watchMethod: WATCH
plugins:
enabled: false
env: {}
extraMounts: []
initPlugins: false
label: grafana_plugin
labelValue: ""
reloadURL: http://localhost:3000/api/admin/provisioning/plugins/reload
resource: both
resourceName: ""
script: null
searchNamespace: null
sizeLimit: {}
skipReload: false
watchMethod: WATCH
readinessProbe: {}
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
smtp:
existingSecret: ""
passwordKey: password
userKey: user
testFramework:
containerSecurityContext: {}
enabled: true
image:
registry: docker.io
repository: bats/bats
tag: v1.4.1
imagePullPolicy: IfNotPresent
resources: {}
securityContext: {}
tolerations: []
topologySpreadConstraints: []
useStatefulSet: false