| #@ load("@ytt:data", "data") |
| |
| rbac: |
| create: true |
| pspEnabled: true |
| pspUseAppArmor: true |
| namespaced: false |
| extraRoleRules: [] |
| # - apiGroups: [] |
| # resources: [] |
| # verbs: [] |
| extraClusterRoleRules: [] |
| # - apiGroups: [] |
| # resources: [] |
| # verbs: [] |
| serviceAccount: |
| create: true |
| name: |
| nameTest: |
| # annotations: |
| |
| replicas: 1 |
| |
| ## See `kubectl explain poddisruptionbudget.spec` for more |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ |
| podDisruptionBudget: {} |
| # minAvailable: 1 |
| # maxUnavailable: 1 |
| |
| ## See `kubectl explain deployment.spec.strategy` for more |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy |
| deploymentStrategy: |
| type: RollingUpdate |
| |
| readinessProbe: |
| httpGet: |
| path: /api/health |
| port: 3000 |
| |
| livenessProbe: |
| httpGet: |
| path: /api/health |
| port: 3000 |
| initialDelaySeconds: 60 |
| timeoutSeconds: 30 |
| failureThreshold: 10 |
| |
| ## Use an alternate scheduler, e.g. "stork". |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ |
| ## |
| # schedulerName: "default-scheduler" |
| |
| image: |
| repository: grafana/grafana |
| tag: 6.7.1 |
| pullPolicy: IfNotPresent |
| |
| ## Optionally specify an array of imagePullSecrets. |
| ## Secrets must be manually created in the namespace. |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| ## |
| # pullSecrets: |
| # - myRegistrKeySecretName |
| |
| testFramework: |
| enabled: true |
| image: "bats/bats" |
| tag: "v1.1.0" |
| securityContext: {} |
| |
| securityContext: |
| runAsUser: 472 |
| fsGroup: 472 |
| |
| |
| extraConfigmapMounts: [] |
| # - name: certs-configmap |
| # mountPath: /etc/grafana/ssl/ |
| # subPath: certificates.crt # (optional) |
| # configMap: certs-configmap |
| # readOnly: true |
| |
| |
| extraEmptyDirMounts: [] |
| # - name: provisioning-notifiers |
| # mountPath: /etc/grafana/provisioning/notifiers |
| |
| |
| ## Assign a PriorityClassName to pods if set |
| # priorityClassName: |
| |
| downloadDashboardsImage: |
| repository: curlimages/curl |
| tag: 7.68.0 |
| pullPolicy: IfNotPresent |
| |
| downloadDashboards: |
| env: {} |
| |
| ## Pod Annotations |
| # podAnnotations: {} |
| |
| ## Pod Labels |
| podLabels: |
| app: grafana |
| |
| podPortName: grafana |
| |
| ## Deployment annotations |
| # annotations: {} |
| |
| ## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). |
| ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. |
| ## ref: http://kubernetes.io/docs/user-guide/services/ |
| ## |
| service: |
| type: ClusterIP |
| port: 80 |
| targetPort: 3000 |
| # targetPort: 4181 To be used with a proxy extraContainer |
| annotations: {} |
| labels: {} |
| portName: service |
| |
| ingress: |
| enabled: true |
| annotations: |
| kubernetes.io/ingress.class: nginx |
| # kubernetes.io/tls-acme: "true" |
| labels: {} |
| path: / |
| hosts: |
| - #@ data.values.monitoring.grafana.host |
| ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. |
| extraPaths: [] |
| # - path: /* |
| # backend: |
| # serviceName: ssl-redirect |
| # servicePort: use-annotation |
| tls: |
| - secretName: grafana-server-tls |
| hosts: |
| - #@ data.values.monitoring.grafana.host |
| |
| resources: |
| limits: |
| cpu: 100m |
| memory: 128Mi |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| |
| ## Node labels for pod assignment |
| ## ref: https://kubernetes.io/docs/user-guide/node-selection/ |
| # |
| nodeSelector: {} |
| |
| ## Tolerations for pod assignment |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| ## |
| tolerations: [] |
| |
| ## Affinity for pod assignment |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| ## |
| affinity: {} |
| |
| extraInitContainers: [] |
| |
| ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod |
| extraContainers: | |
| # - name: proxy |
| # image: quay.io/gambol99/keycloak-proxy:latest |
| # args: |
| # - -provider=github |
| # - -client-id= |
| # - -client-secret= |
| # - -github-org=<ORG_NAME> |
| # - -email-domain=* |
| # - -cookie-secret= |
| # - -http-address=http://0.0.0.0:4181 |
| # - -upstream-url=http://127.0.0.1:3000 |
| # ports: |
| # - name: proxy-web |
| # containerPort: 4181 |
| |
| ## Enable persistence using Persistent Volume Claims |
| ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| ## |
| persistence: |
| type: pvc |
| enabled: true |
| # storageClassName: default |
| accessModes: |
| - ReadWriteOnce |
| size: 10Gi |
| # annotations: {} |
| finalizers: |
| - kubernetes.io/pvc-protection |
| # subPath: "" |
| existingClaim: grafana-pvc |
| |
| initChownData: |
| ## If false, data ownership will not be reset at startup |
| ## This allows the prometheus-server to be run with an arbitrary user |
| ## |
| enabled: true |
| |
| ## initChownData container image |
| ## |
| image: |
| repository: busybox |
| tag: "1.31.1" |
| pullPolicy: IfNotPresent |
| |
| ## initChownData resource requests and limits |
| ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ |
| ## |
| resources: |
| limits: |
| cpu: 100m |
| memory: 128Mi |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| |
| |
| # Administrator credentials when not using an existing secret (see below) |
| adminUser: admin |
| # adminPassword: strongpassword |
| |
| # Use an existing secret for the admin user. |
| admin: |
| existingSecret: "grafana-credentials" |
| userKey: admin-user |
| passwordKey: admin-password |
| |
| ## Define command to be executed at startup by grafana container |
| ## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) |
| ## Default is "run.sh" as defined in grafana's Dockerfile |
| # command: |
| # - "sh" |
| # - "/run.sh" |
| |
| ## Use an alternate scheduler, e.g. "stork". |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ |
| ## |
| # schedulerName: |
| |
| ## Extra environment variables that will be pass onto deployment pods |
| env: {} |
| |
| ## "valueFrom" environment variable references that will be added to deployment pods |
| ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core |
| ## Renders in container spec as: |
| ## env: |
| ## ... |
| ## - name: <key> |
| ## valueFrom: |
| ## <value rendered as YAML> |
| envValueFrom: {} |
| |
| ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment |
| ## This can be useful for auth tokens, etc |
| envFromSecret: "" |
| |
| ## Sensible environment variables that will be rendered as new secret object |
| ## This can be useful for auth tokens, etc |
| envRenderSecret: {} |
| |
| ## Additional grafana server secret mounts |
| # Defines additional mounts with secrets. Secrets must be manually created in the namespace. |
| extraSecretMounts: |
| #@ if data.values.monitoring.grafana.ldap.enabled and not data.values.tls.skipVerify: |
| - name: tls-ca |
| mountPath: /etc/secrets |
| secretName: grafana-ca |
| readOnly: true |
| #@ end |
| |
| ## Additional grafana server volume mounts |
| # Defines additional volume mounts. |
| extraVolumeMounts: [] |
| # - name: extra-volume |
| # mountPath: /mnt/volume |
| # readOnly: true |
| # existingClaim: volume-claim |
| |
| ## Pass the plugins you want installed as a list. |
| ## |
| plugins: [] |
| # - digrich-bubblechart-panel |
| # - grafana-clock-panel |
| |
| ## Configure grafana datasources |
| ## ref: http://docs.grafana.org/administration/provisioning/#datasources |
| ## |
| datasources: |
| datasources.yaml: |
| apiVersion: 1 |
| datasources: |
| - name: Prometheus |
| type: prometheus |
| url: #@ "http://prometheus-{}-server.{}.svc.cluster.local".format(data.values.namespace, data.values.namespace) |
| access: proxy |
| isDefault: true |
| - name: LokiLogQL |
| type: loki |
| url: #@ "http://loki-{}.{}.svc.cluster.local:3100".format(data.values.namespace, data.values.namespace) |
| access: proxy |
| isDefault: false |
| jsonData: |
| maxLines: 10000 |
| - name: LokiPromQL |
| type: prometheus |
| url: #@ "http://loki-{}.{}.svc.cluster.local:3100/loki".format(data.values.namespace, data.values.namespace) |
| access: proxy |
| isDefault: false |
| |
| ## Configure notifiers |
| ## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels |
| ## |
| notifiers: {} |
| # notifiers.yaml: |
| # notifiers: |
| # - name: email-notifier |
| # type: email |
| # uid: email1 |
| # # either: |
| # org_id: 1 |
| # # or |
| # org_name: Main Org. |
| # is_default: true |
| # settings: |
| # addresses: an_email_address@example.com |
| # delete_notifiers: |
| |
| ## Configure grafana dashboard providers |
| ## ref: http://docs.grafana.org/administration/provisioning/#dashboards |
| ## |
| ## `path` must be /var/lib/grafana/dashboards/<provider_name> |
| ## |
| dashboardProviders: {} |
| |
| ## Configure grafana dashboard to import |
| ## NOTE: To use dashboards you must also enable/configure dashboardProviders |
| ## ref: https://grafana.com/dashboards |
| ## |
| ## dashboards per provider, use provider name as key. |
| ## |
| dashboards: {} |
| # default: |
| # some-dashboard: |
| # json: | |
| # $RAW_JSON |
| # custom-dashboard: |
| # file: dashboards/custom-dashboard.json |
| # prometheus-stats: |
| # gnetId: 2 |
| # revision: 2 |
| # datasource: Prometheus |
| # local-dashboard: |
| # url: https://example.com/repository/test.json |
| # local-dashboard-base64: |
| # url: https://example.com/repository/test-b64.json |
| # b64content: true |
| |
| ## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value. |
| ## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. |
| ## ConfigMap data example: |
| ## |
| ## data: |
| ## example-dashboard.json: | |
| ## RAW_JSON |
| ## |
| dashboardsConfigMaps: {} |
| |
| ## Grafana's primary configuration |
| ## NOTE: values in map will be converted to ini format |
| ## ref: http://docs.grafana.org/installation/configuration/ |
| ## |
| grafana.ini: |
| paths: |
| data: /var/lib/grafana/data |
| logs: /var/log/grafana |
| plugins: /var/lib/grafana/plugins |
| provisioning: /etc/grafana/provisioning |
| analytics: |
| check_for_updates: true |
| log: |
| mode: console |
| grafana_net: |
| url: https://grafana.net |
| users: |
| auto_assign_org_role: Editor |
| ## LDAP Authentication can be enabled with the following values on grafana.ini |
| ## NOTE: Grafana will fail to start if the value for ldap.toml is invalid |
| auth.ldap: |
| enabled: #@ data.values.monitoring.grafana.ldap.enabled |
| allow_sign_up: true |
| config_file: /etc/grafana/ldap.toml |
| |
| ## Grafana's LDAP configuration |
| ## Templated by the template in _helpers.tpl |
| ## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled |
| ## ref: http://docs.grafana.org/installation/configuration/#auth-ldap |
| ## ref: http://docs.grafana.org/installation/ldap/#configuration |
| ldap: |
| enabled: #@ data.values.monitoring.grafana.ldap.enabled |
| # `existingSecret` is a reference to an existing secret containing the ldap configuration |
| # for Grafana in a key `ldap-toml`. |
| existingSecret: "grafana-credentials" |
| # `config` is the content of `ldap.toml` that will be stored in the created secret |
| # config: "" |
| # config: |- |
| # verbose_logging = true |
| |
| # [[servers]] |
| # host = "my-ldap-server" |
| # port = 636 |
| # use_ssl = true |
| # start_tls = false |
| # ssl_skip_verify = false |
| # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" |
| |
| ## Grafana's SMTP configuration |
| ## NOTE: To enable, grafana.ini must be configured with smtp.enabled |
| ## ref: http://docs.grafana.org/installation/configuration/#smtp |
| smtp: |
| # `existingSecret` is a reference to an existing secret containing the smtp configuration |
| # for Grafana. |
| existingSecret: "" |
| userKey: "user" |
| passwordKey: "password" |
| |
| ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders |
| ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards |
| sidecar: |
| image: kiwigrid/k8s-sidecar:0.1.99 |
| imagePullPolicy: IfNotPresent |
| resources: |
| limits: |
| cpu: 100m |
| memory: 100Mi |
| requests: |
| cpu: 50m |
| memory: 50Mi |
| # skipTlsVerify Set to true to skip tls verification for kube api calls |
| # skipTlsVerify: true |
| dashboards: |
| enabled: true |
| ## Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. |
| watchMethod: WATCH |
| SCProvider: true |
| # label that the configmaps with dashboards are marked with |
| label: grafana_dashboard |
| # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) |
| folder: /var/dashboards |
| # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead |
| defaultFolderName: null |
| # If specified, the sidecar will search for dashboard config-maps inside this namespace. |
| # Otherwise the namespace in which the sidecar is running will be used. |
| # It's also possible to specify ALL to search in all namespaces |
| searchNamespace: null |
| # provider configuration that lets grafana manage the dashboards |
| provider: |
| # name of the provider, should be unique |
| name: sidecarProvider |
| # orgid as configured in grafana |
| orgid: 1 |
| # folder in which the dashboards should be imported in grafana |
| folder: '' |
| # type of the provider |
| type: file |
| # disableDelete to activate a import-only behaviour |
| disableDelete: true |
| # allow updating provisioned dashboards from the UI |
| allowUiUpdates: #@ data.values.monitoring.grafana.dashboards.editable |
| datasources: |
| enabled: false |
| ## Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. |
| watchMethod: WATCH |
| # label that the configmaps with datasources are marked with |
| label: grafana_datasource |
| # If specified, the sidecar will search for datasource config-maps inside this namespace. |
| # Otherwise the namespace in which the sidecar is running will be used. |
| # It's also possible to specify ALL to search in all namespaces |
| searchNamespace: null |
| |
| ## Override the deployment namespace |
| ## |
| namespaceOverride: "" |