522 lines
12 KiB
YAML
522 lines
12 KiB
YAML
grafana:
|
|
admin:
|
|
existingSecret: grafana-admin
|
|
passwordKey: passwordKey
|
|
userKey: userKey
|
|
affinity: {}
|
|
alerting: {}
|
|
assertNoLeakedSecrets: true
|
|
automountServiceAccountToken: true
|
|
autoscaling:
|
|
behavior: {}
|
|
enabled: false
|
|
maxReplicas: 5
|
|
minReplicas: 1
|
|
targetCPU: "60"
|
|
targetMemory: ""
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
createConfigmap: true
|
|
dashboardProviders: {}
|
|
dashboards: {}
|
|
dashboardsConfigMaps: {}
|
|
datasources: {}
|
|
defaultCurlOptions: -skf
|
|
deploymentStrategy:
|
|
type: RollingUpdate
|
|
dnsConfig: {}
|
|
dnsPolicy: null
|
|
downloadDashboards:
|
|
env: {}
|
|
envFromSecret: ""
|
|
envValueFrom: {}
|
|
resources: {}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
downloadDashboardsImage:
|
|
pullPolicy: IfNotPresent
|
|
registry: docker.io
|
|
repository: curlimages/curl
|
|
sha: ""
|
|
tag: 8.9.1
|
|
enableKubeBackwardCompatibility: false
|
|
enableServiceLinks: true
|
|
env: {}
|
|
envFromConfigMaps:
|
|
- name: grafana-env
|
|
envFromSecret: ""
|
|
envFromSecrets:
|
|
- name: grafana-secretenv
|
|
envRenderSecret: {}
|
|
envValueFrom: {}
|
|
extraConfigmapMounts: []
|
|
extraContainerVolumes: []
|
|
extraContainers: ""
|
|
extraEmptyDirMounts: []
|
|
extraExposePorts: []
|
|
extraInitContainers: []
|
|
extraLabels: {}
|
|
extraObjects:
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: grafana-admin
|
|
spec:
|
|
data:
|
|
- remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: grafana
|
|
metadataPolicy: None
|
|
property: userKey
|
|
secretKey: userKey
|
|
- remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: grafana
|
|
metadataPolicy: None
|
|
property: passwordKey
|
|
secretKey: passwordKey
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: weyma-vault
|
|
target:
|
|
creationPolicy: Owner
|
|
deletionPolicy: Retain
|
|
name: grafana-admin
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: grafana-secretenv
|
|
spec:
|
|
data:
|
|
- remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: grafana
|
|
metadataPolicy: None
|
|
property: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
|
secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
|
- remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: grafana
|
|
metadataPolicy: None
|
|
property: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
|
secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: weyma-vault
|
|
target:
|
|
creationPolicy: Owner
|
|
deletionPolicy: Retain
|
|
name: grafana-secretenv
|
|
- apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: grafana-env
|
|
data:
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.dubyatp.xyz/application/o/userinfo/
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.dubyatp.xyz/application/o/authorize/
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
|
GF_AUTH_GENERIC_OAUTH_NAME: authentik
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.dubyatp.xyz/application/o/token/
|
|
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
|
|
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.dubyatp.xyz/application/o/grafana-slug/end-session/
|
|
GF_SERVER_ROOT_URL: https://grafana.infra.dubyatp.xyz
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cert-dubyatp-xyz
|
|
annotations:
|
|
replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
|
|
replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
|
|
data:
|
|
tls.crt: ""
|
|
tls.key: ""
|
|
extraSecretMounts: []
|
|
extraVolumeMounts: []
|
|
extraVolumes: []
|
|
global:
|
|
imagePullSecrets: []
|
|
imageRegistry: null
|
|
gossipPortName: gossip
|
|
grafana.ini:
|
|
analytics:
|
|
check_for_updates: true
|
|
grafana_net:
|
|
url: https://grafana.net
|
|
log:
|
|
mode: console
|
|
paths:
|
|
data: /var/lib/grafana/
|
|
logs: /var/log/grafana
|
|
plugins: /var/lib/grafana/plugins
|
|
provisioning: /etc/grafana/provisioning
|
|
server:
|
|
domain: '{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts
|
|
| first) . }}{{ else }}''''{{ end }}'
|
|
headlessService: false
|
|
hostAliases: []
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
pullSecrets: []
|
|
registry: docker.io
|
|
repository: grafana/grafana
|
|
sha: ""
|
|
tag: ""
|
|
imageRenderer:
|
|
affinity: {}
|
|
automountServiceAccountToken: false
|
|
autoscaling:
|
|
behavior: {}
|
|
enabled: false
|
|
maxReplicas: 5
|
|
minReplicas: 1
|
|
targetCPU: "60"
|
|
targetMemory: ""
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
deploymentStrategy: {}
|
|
enabled: false
|
|
env:
|
|
HTTP_HOST: 0.0.0.0
|
|
XDG_CACHE_HOME: /tmp/.chromium
|
|
XDG_CONFIG_HOME: /tmp/.chromium
|
|
envValueFrom: {}
|
|
extraConfigmapMounts: []
|
|
extraSecretMounts: []
|
|
extraVolumeMounts: []
|
|
extraVolumes: []
|
|
grafanaProtocol: http
|
|
grafanaSubPath: ""
|
|
hostAliases: []
|
|
image:
|
|
pullPolicy: Always
|
|
pullSecrets: []
|
|
registry: docker.io
|
|
repository: grafana/grafana-image-renderer
|
|
sha: ""
|
|
tag: latest
|
|
networkPolicy:
|
|
extraIngressSelectors: []
|
|
limitEgress: false
|
|
limitIngress: true
|
|
nodeSelector: {}
|
|
podAnnotations: {}
|
|
podPortName: http
|
|
priorityClassName: ""
|
|
renderingCallbackURL: ""
|
|
replicas: 1
|
|
resources: {}
|
|
revisionHistoryLimit: 10
|
|
securityContext: {}
|
|
serverURL: ""
|
|
service:
|
|
appProtocol: ""
|
|
enabled: true
|
|
port: 8081
|
|
portName: http
|
|
targetPort: 8081
|
|
serviceAccountName: ""
|
|
serviceMonitor:
|
|
enabled: false
|
|
interval: 1m
|
|
labels: {}
|
|
path: /metrics
|
|
relabelings: []
|
|
scheme: http
|
|
scrapeTimeout: 30s
|
|
targetLabels: []
|
|
tlsConfig: {}
|
|
tolerations: []
|
|
ingress:
|
|
annotations: {}
|
|
enabled: true
|
|
extraPaths: []
|
|
hosts:
|
|
- grafana.infra.dubyatp.xyz
|
|
labels: {}
|
|
path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- grafana.infra.dubyatp.xyz
|
|
secretName: cert-dubyatp-xyz
|
|
initChownData:
|
|
enabled: true
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
registry: docker.io
|
|
repository: library/busybox
|
|
sha: ""
|
|
tag: 1.31.1
|
|
resources: {}
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- CHOWN
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
ldap:
|
|
config: ""
|
|
enabled: false
|
|
existingSecret: ""
|
|
lifecycleHooks: {}
|
|
livenessProbe:
|
|
failureThreshold: 10
|
|
httpGet:
|
|
path: /api/health
|
|
port: 3000
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 30
|
|
namespaceOverride: ""
|
|
networkPolicy:
|
|
allowExternal: true
|
|
egress:
|
|
blockDNSResolution: false
|
|
enabled: false
|
|
ports: []
|
|
to: []
|
|
enabled: false
|
|
explicitNamespacesSelector: {}
|
|
ingress: true
|
|
nodeSelector: {}
|
|
notifiers: {}
|
|
persistence:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
disableWarning: false
|
|
enabled: true
|
|
extraPvcLabels: {}
|
|
finalizers:
|
|
- kubernetes.io/pvc-protection
|
|
inMemory:
|
|
enabled: false
|
|
lookupVolumeName: true
|
|
size: 10Gi
|
|
type: pvc
|
|
volumeName: ""
|
|
plugins: []
|
|
podDisruptionBudget: {}
|
|
podPortName: grafana
|
|
podAnnotations:
|
|
backup.velero.io/backup-volumes: "storage"
|
|
rbac:
|
|
create: true
|
|
extraClusterRoleRules: []
|
|
extraRoleRules: []
|
|
namespaced: false
|
|
pspEnabled: false
|
|
pspUseAppArmor: false
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/health
|
|
port: 3000
|
|
replicas: 1
|
|
resources: {}
|
|
revisionHistoryLimit: 10
|
|
route:
|
|
main:
|
|
additionalRules: []
|
|
annotations: {}
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
enabled: false
|
|
filters: []
|
|
hostnames: []
|
|
kind: HTTPRoute
|
|
labels: {}
|
|
matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
parentRefs: []
|
|
securityContext:
|
|
fsGroup: 472
|
|
runAsGroup: 472
|
|
runAsNonRoot: true
|
|
runAsUser: 472
|
|
service:
|
|
annotations: {}
|
|
appProtocol: ""
|
|
enabled: true
|
|
ipFamilies: []
|
|
ipFamilyPolicy: ""
|
|
labels: {}
|
|
loadBalancerClass: ""
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
port: 80
|
|
portName: service
|
|
sessionAffinity: ""
|
|
targetPort: 3000
|
|
type: ClusterIP
|
|
serviceAccount:
|
|
automountServiceAccountToken: false
|
|
create: true
|
|
labels: {}
|
|
name: null
|
|
nameTest: null
|
|
serviceMonitor:
|
|
basicAuth: {}
|
|
enabled: false
|
|
interval: 30s
|
|
labels: {}
|
|
metricRelabelings: []
|
|
path: /metrics
|
|
relabelings: []
|
|
scheme: http
|
|
scrapeTimeout: 30s
|
|
targetLabels: []
|
|
tlsConfig: {}
|
|
shareProcessNamespace: false
|
|
sidecar:
|
|
alerts:
|
|
enabled: false
|
|
env: {}
|
|
extraMounts: []
|
|
initAlerts: false
|
|
label: grafana_alert
|
|
labelValue: ""
|
|
reloadURL: http://localhost:3000/api/admin/provisioning/alerting/reload
|
|
resource: both
|
|
resourceName: ""
|
|
script: null
|
|
searchNamespace: null
|
|
sizeLimit: {}
|
|
skipReload: false
|
|
watchMethod: WATCH
|
|
dashboards:
|
|
SCProvider: true
|
|
defaultFolderName: null
|
|
enabled: false
|
|
env: {}
|
|
envValueFrom: {}
|
|
extraMounts: []
|
|
folder: /tmp/dashboards
|
|
folderAnnotation: null
|
|
label: grafana_dashboard
|
|
labelValue: ""
|
|
provider:
|
|
allowUiUpdates: false
|
|
disableDelete: false
|
|
folder: ""
|
|
folderUid: ""
|
|
foldersFromFilesStructure: false
|
|
name: sidecarProvider
|
|
orgid: 1
|
|
type: file
|
|
reloadURL: http://localhost:3000/api/admin/provisioning/dashboards/reload
|
|
resource: both
|
|
resourceName: ""
|
|
script: null
|
|
searchNamespace: null
|
|
sizeLimit: {}
|
|
skipReload: false
|
|
watchMethod: WATCH
|
|
datasources:
|
|
enabled: false
|
|
env: {}
|
|
envValueFrom: {}
|
|
extraMounts: []
|
|
initDatasources: false
|
|
label: grafana_datasource
|
|
labelValue: ""
|
|
reloadURL: http://localhost:3000/api/admin/provisioning/datasources/reload
|
|
resource: both
|
|
resourceName: ""
|
|
script: null
|
|
searchNamespace: null
|
|
sizeLimit: {}
|
|
skipReload: false
|
|
watchMethod: WATCH
|
|
enableUniqueFilenames: false
|
|
image:
|
|
registry: quay.io
|
|
repository: kiwigrid/k8s-sidecar
|
|
sha: ""
|
|
tag: 1.30.3
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe: {}
|
|
notifiers:
|
|
enabled: false
|
|
env: {}
|
|
extraMounts: []
|
|
initNotifiers: false
|
|
label: grafana_notifier
|
|
labelValue: ""
|
|
reloadURL: http://localhost:3000/api/admin/provisioning/notifications/reload
|
|
resource: both
|
|
resourceName: ""
|
|
script: null
|
|
searchNamespace: null
|
|
sizeLimit: {}
|
|
skipReload: false
|
|
watchMethod: WATCH
|
|
plugins:
|
|
enabled: false
|
|
env: {}
|
|
extraMounts: []
|
|
initPlugins: false
|
|
label: grafana_plugin
|
|
labelValue: ""
|
|
reloadURL: http://localhost:3000/api/admin/provisioning/plugins/reload
|
|
resource: both
|
|
resourceName: ""
|
|
script: null
|
|
searchNamespace: null
|
|
sizeLimit: {}
|
|
skipReload: false
|
|
watchMethod: WATCH
|
|
readinessProbe: {}
|
|
resources: {}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
smtp:
|
|
existingSecret: ""
|
|
passwordKey: password
|
|
userKey: user
|
|
testFramework:
|
|
containerSecurityContext: {}
|
|
enabled: true
|
|
image:
|
|
registry: docker.io
|
|
repository: bats/bats
|
|
tag: 1.12.0
|
|
imagePullPolicy: IfNotPresent
|
|
resources: {}
|
|
securityContext: {}
|
|
tolerations: []
|
|
topologySpreadConstraints: []
|
|
useStatefulSet: false
|