grafana: admin: existingSecret: grafana-admin passwordKey: passwordKey userKey: userKey affinity: {} alerting: {} assertNoLeakedSecrets: true automountServiceAccountToken: true autoscaling: behavior: {} enabled: false maxReplicas: 5 minReplicas: 1 targetCPU: "60" targetMemory: "" containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault createConfigmap: true dashboardProviders: {} dashboards: {} dashboardsConfigMaps: {} datasources: {} defaultCurlOptions: -skf deploymentStrategy: type: RollingUpdate dnsConfig: {} dnsPolicy: null downloadDashboards: env: {} envFromSecret: "" envValueFrom: {} resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault downloadDashboardsImage: pullPolicy: IfNotPresent registry: docker.io repository: curlimages/curl sha: "" tag: 8.9.1 enableKubeBackwardCompatibility: false enableServiceLinks: true env: {} envFromConfigMaps: - name: grafana-env envFromSecret: "" envFromSecrets: - name: grafana-secretenv envRenderSecret: {} envValueFrom: {} extraConfigmapMounts: [] extraContainerVolumes: [] extraContainers: "" extraEmptyDirMounts: [] extraExposePorts: [] extraInitContainers: [] extraLabels: {} extraObjects: - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: grafana-admin spec: data: - remoteRef: conversionStrategy: Default decodingStrategy: None key: grafana metadataPolicy: None property: userKey secretKey: userKey - remoteRef: conversionStrategy: Default decodingStrategy: None key: grafana metadataPolicy: None property: passwordKey secretKey: passwordKey refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: weyma-vault target: creationPolicy: Owner deletionPolicy: Retain name: grafana-admin - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: grafana-secretenv spec: data: - remoteRef: conversionStrategy: Default decodingStrategy: None key: grafana metadataPolicy: None property: GF_AUTH_GENERIC_OAUTH_CLIENT_ID secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - remoteRef: conversionStrategy: Default decodingStrategy: None key: grafana metadataPolicy: None property: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: weyma-vault target: creationPolicy: Owner deletionPolicy: Retain name: grafana-secretenv - apiVersion: v1 kind: ConfigMap metadata: name: grafana-env data: GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.dubyatp.xyz/application/o/userinfo/ GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.dubyatp.xyz/application/o/authorize/ GF_AUTH_GENERIC_OAUTH_ENABLED: "true" GF_AUTH_GENERIC_OAUTH_NAME: authentik GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.dubyatp.xyz/application/o/token/ GF_AUTH_OAUTH_AUTO_LOGIN: "true" GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.dubyatp.xyz/application/o/grafana-slug/end-session/ GF_SERVER_ROOT_URL: https://grafana.infra.dubyatp.xyz - apiVersion: v1 kind: Secret metadata: name: cert-dubyatp-xyz annotations: replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" data: tls.crt: "" tls.key: "" extraSecretMounts: [] extraVolumeMounts: [] extraVolumes: [] global: imagePullSecrets: [] imageRegistry: null gossipPortName: gossip grafana.ini: analytics: check_for_updates: true grafana_net: url: https://grafana.net log: mode: console paths: data: /var/lib/grafana/ logs: /var/log/grafana plugins: /var/lib/grafana/plugins provisioning: /etc/grafana/provisioning server: domain: '{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else }}''''{{ end }}' headlessService: false hostAliases: [] image: pullPolicy: IfNotPresent pullSecrets: [] registry: docker.io repository: grafana/grafana sha: "" tag: "" imageRenderer: affinity: {} automountServiceAccountToken: false autoscaling: behavior: {} enabled: false maxReplicas: 5 minReplicas: 1 targetCPU: "60" targetMemory: "" containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault deploymentStrategy: {} enabled: false env: HTTP_HOST: 0.0.0.0 XDG_CACHE_HOME: /tmp/.chromium XDG_CONFIG_HOME: /tmp/.chromium envValueFrom: {} extraConfigmapMounts: [] extraSecretMounts: [] extraVolumeMounts: [] extraVolumes: [] grafanaProtocol: http grafanaSubPath: "" hostAliases: [] image: pullPolicy: Always pullSecrets: [] registry: docker.io repository: grafana/grafana-image-renderer sha: "" tag: latest networkPolicy: extraIngressSelectors: [] limitEgress: false limitIngress: true nodeSelector: {} podAnnotations: {} podPortName: http priorityClassName: "" renderingCallbackURL: "" replicas: 1 resources: {} revisionHistoryLimit: 10 securityContext: {} serverURL: "" service: appProtocol: "" enabled: true port: 8081 portName: http targetPort: 8081 serviceAccountName: "" serviceMonitor: enabled: false interval: 1m labels: {} path: /metrics relabelings: [] scheme: http scrapeTimeout: 30s targetLabels: [] tlsConfig: {} tolerations: [] ingress: annotations: {} enabled: true extraPaths: [] hosts: - grafana.infra.dubyatp.xyz labels: {} path: / pathType: Prefix tls: - hosts: - grafana.infra.dubyatp.xyz secretName: cert-dubyatp-xyz initChownData: enabled: true image: pullPolicy: IfNotPresent registry: docker.io repository: library/busybox sha: "" tag: 1.31.1 resources: {} securityContext: capabilities: add: - CHOWN drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault ldap: config: "" enabled: false existingSecret: "" lifecycleHooks: {} livenessProbe: failureThreshold: 10 httpGet: path: /api/health port: 3000 initialDelaySeconds: 60 timeoutSeconds: 30 namespaceOverride: "" networkPolicy: allowExternal: true egress: blockDNSResolution: false enabled: false ports: [] to: [] enabled: false explicitNamespacesSelector: {} ingress: true nodeSelector: {} notifiers: {} persistence: accessModes: - ReadWriteOnce disableWarning: false enabled: true extraPvcLabels: {} finalizers: - kubernetes.io/pvc-protection inMemory: enabled: false lookupVolumeName: true size: 10Gi type: pvc volumeName: "" plugins: [] podDisruptionBudget: {} podPortName: grafana podAnnotations: backup.velero.io/backup-volumes: "storage" rbac: create: true extraClusterRoleRules: [] extraRoleRules: [] namespaced: false pspEnabled: false pspUseAppArmor: false readinessProbe: httpGet: path: /api/health port: 3000 replicas: 1 resources: {} revisionHistoryLimit: 10 route: main: additionalRules: [] annotations: {} apiVersion: gateway.networking.k8s.io/v1 enabled: false filters: [] hostnames: [] kind: HTTPRoute labels: {} matches: - path: type: PathPrefix value: / parentRefs: [] securityContext: fsGroup: 472 runAsGroup: 472 runAsNonRoot: true runAsUser: 472 service: annotations: {} appProtocol: "" enabled: true ipFamilies: [] ipFamilyPolicy: "" labels: {} loadBalancerClass: "" loadBalancerIP: "" loadBalancerSourceRanges: [] port: 80 portName: service sessionAffinity: "" targetPort: 3000 type: ClusterIP serviceAccount: automountServiceAccountToken: false create: true labels: {} name: null nameTest: null serviceMonitor: basicAuth: {} enabled: false interval: 30s labels: {} metricRelabelings: [] path: /metrics relabelings: [] scheme: http scrapeTimeout: 30s targetLabels: [] tlsConfig: {} shareProcessNamespace: false sidecar: alerts: enabled: false env: {} extraMounts: [] initAlerts: false label: grafana_alert labelValue: "" reloadURL: http://localhost:3000/api/admin/provisioning/alerting/reload resource: both resourceName: "" script: null searchNamespace: null sizeLimit: {} skipReload: false watchMethod: WATCH dashboards: SCProvider: true defaultFolderName: null enabled: false env: {} envValueFrom: {} extraMounts: [] folder: /tmp/dashboards folderAnnotation: null label: grafana_dashboard labelValue: "" provider: allowUiUpdates: false disableDelete: false folder: "" folderUid: "" foldersFromFilesStructure: false name: sidecarProvider orgid: 1 type: file reloadURL: http://localhost:3000/api/admin/provisioning/dashboards/reload resource: both resourceName: "" script: null searchNamespace: null sizeLimit: {} skipReload: false watchMethod: WATCH datasources: enabled: false env: {} envValueFrom: {} extraMounts: [] initDatasources: false label: grafana_datasource labelValue: "" reloadURL: http://localhost:3000/api/admin/provisioning/datasources/reload resource: both resourceName: "" script: null searchNamespace: null sizeLimit: {} skipReload: false watchMethod: WATCH enableUniqueFilenames: false image: registry: quay.io repository: kiwigrid/k8s-sidecar sha: "" tag: 1.30.3 imagePullPolicy: IfNotPresent livenessProbe: {} notifiers: enabled: false env: {} extraMounts: [] initNotifiers: false label: grafana_notifier labelValue: "" reloadURL: http://localhost:3000/api/admin/provisioning/notifications/reload resource: both resourceName: "" script: null searchNamespace: null sizeLimit: {} skipReload: false watchMethod: WATCH plugins: enabled: false env: {} extraMounts: [] initPlugins: false label: grafana_plugin labelValue: "" reloadURL: http://localhost:3000/api/admin/provisioning/plugins/reload resource: both resourceName: "" script: null searchNamespace: null sizeLimit: {} skipReload: false watchMethod: WATCH readinessProbe: {} resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault smtp: existingSecret: "" passwordKey: password userKey: user testFramework: containerSecurityContext: {} enabled: true image: registry: docker.io repository: bats/bats tag: 1.12.0 imagePullPolicy: IfNotPresent resources: {} securityContext: {} tolerations: [] topologySpreadConstraints: [] useStatefulSet: false