Update grafana chart to 6.31.5 (Grafana 7.5.16)
This is required to be compatible with Kubernetes 1.22+.
Change-Id: I4d1eb753cf14df19f46e9aade29ce1a590040e37
diff --git a/charts/grafana/Version b/charts/grafana/Version
index ca06394..efb48db 100644
--- a/charts/grafana/Version
+++ b/charts/grafana/Version
@@ -1 +1 @@
-6.2.2
+6.31.1
diff --git a/charts/grafana/grafana.yaml b/charts/grafana/grafana.yaml
index 42085de..c1d9ab5 100644
--- a/charts/grafana/grafana.yaml
+++ b/charts/grafana/grafana.yaml
@@ -19,11 +19,32 @@
create: true
name:
nameTest:
+## Service account annotations. Can be templated.
# annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
+ autoMount: true
replicas: 1
+## Create a headless service for the deployment
+headlessService: false
+
+## Create HorizontalPodAutoscaler object for deployment type
+#
+autoscaling:
+ enabled: false
+# minReplicas: 1
+# maxReplicas: 10
+# metrics:
+# - type: Resource
+# resource:
+# name: cpu
+# targetAverageUtilization: 60
+# - type: Resource
+# resource:
+# name: memory
+# targetAverageUtilization: 60
+
## See `kubectl explain poddisruptionbudget.spec` for more
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget: {}
@@ -55,13 +76,15 @@
image:
repository: grafana/grafana
- tag: 7.3.5
- sha: "f129cbbe45d1af23d13cb3ba4cbb1fd6f5d937af4880de9a61e8e6c7d548184e"
+ # Overrides the Grafana image tag whose default is the chart appVersion
+ tag: 7.5.16
+ sha: "a7bdee2d72187ffe16dfd6079a89c39ca97a807df0987dd0d81ca87c616c2bd5"
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Can be templated.
##
# pullSecrets:
# - myRegistrKeySecretName
@@ -69,7 +92,7 @@
testFramework:
enabled: true
image: "bats/bats"
- tag: "v1.1.0"
+ tag: "v1.4.1"
imagePullPolicy: IfNotPresent
securityContext: {}
@@ -81,6 +104,8 @@
containerSecurityContext:
{}
+# Extra configmaps to mount in grafana pods
+# Values are templated.
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /etc/grafana/ssl/
@@ -93,6 +118,8 @@
# - name: provisioning-notifiers
# mountPath: /etc/grafana/provisioning/notifiers
+# Apply extra labels to common labels.
+extraLabels: {}
## Assign a PriorityClassName to pods if set
# priorityClassName:
@@ -105,6 +132,7 @@
downloadDashboards:
env: {}
+ envFromSecret: ""
resources: {}
## Pod Annotations
@@ -124,6 +152,7 @@
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
+ enabled: true
type: ClusterIP
port: 80
targetPort: 3000
@@ -170,6 +199,10 @@
# kubernetes.io/tls-acme: "true"
labels: {}
path: /
+
+ # pathType is only for k8s >= 1.1=
+ pathType: Prefix
+
hosts:
- #@ data.values.monitoring.grafana.host
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
@@ -178,6 +211,16 @@
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
+ ## Or for k8s > 1.19
+ # - path: /*
+ # pathType: Prefix
+ # backend:
+ # service:
+ # name: ssl-redirect
+ # port:
+ # name: use-annotation
+
+
tls:
- secretName: grafana-server-tls
hosts:
@@ -201,15 +244,19 @@
##
tolerations: []
-## Affinity for pod assignment
+## Affinity for pod assignment (evaluated as template)
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
+## Additional init containers (evaluated as template)
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+##
extraInitContainers: []
## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
-extraContainers: |
+extraContainers: ""
+# extraContainers: |
# - name: proxy
# image: quay.io/gambol99/keycloak-proxy:latest
# args:
@@ -247,9 +294,22 @@
finalizers:
- kubernetes.io/pvc-protection
# selectorLabels: {}
+ ## Sub-directory of the PV to mount. Can be templated.
# subPath: ""
+ ## Name of an existing PVC. Can be templated.
existingClaim: grafana-pvc
+ ## If persistence is not enabled, this allows to mount the
+ ## local storage in-memory to improve performance
+ ##
+ inMemory:
+ enabled: false
+ ## The maximum usage on memory medium EmptyDir would be
+ ## the minimum value between the SizeLimit specified
+ ## here and the sum of memory limits of all containers in a pod
+ ##
+ # sizeLimit: 300Mi
+
initChownData:
## If false, data ownership will not be reset at startup
## This allows the prometheus-server to be run with an arbitrary user
@@ -282,6 +342,7 @@
# Use an existing secret for the admin user.
admin:
+ ## Name of the secret. Can be templated.
existingSecret: "grafana-credentials"
userKey: admin-user
passwordKey: admin-password
@@ -322,8 +383,8 @@
env: {}
-## "valueFrom" environment variable references that will be added to deployment pods
-## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core
+## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
+## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
## Renders in container spec as:
## env:
## ...
@@ -331,6 +392,10 @@
## valueFrom:
## <value rendered as YAML>
envValueFrom: {}
+ # ENV_NAME:
+ # configMapKeyRef:
+ # name: configmap-name
+ # key: value_key
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
## This can be useful for auth tokens, etc. Value is templated.
@@ -340,6 +405,25 @@
## This can be useful for auth tokens, etc
envRenderSecret: {}
+## The names of secrets in the same kubernetes namespace which contain values to be added to the environment
+## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key.
+## Name is templated.
+envFromSecrets: []
+## - name: secret-name
+## optional: true
+
+## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment
+## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key.
+## Name is templated.
+## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core
+envFromConfigMaps: []
+## - name: configmap-name
+## optional: true
+
+# Inject Kubernetes services as environment variables.
+# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables
+enableServiceLinks: true
+
## Additional grafana server secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts:
@@ -376,10 +460,20 @@
## Additional grafana server volume mounts
# Defines additional volume mounts.
extraVolumeMounts: []
- # - name: extra-volume
- # mountPath: /mnt/volume
+ # - name: extra-volume-0
+ # mountPath: /mnt/volume0
# readOnly: true
# existingClaim: volume-claim
+ # - name: extra-volume-1
+ # mountPath: /mnt/volume1
+ # readOnly: true
+ # hostPath: /usr/shared/
+
+## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request
+lifecycleHooks: {}
+ # postStart:
+ # exec:
+ # command: []
## Pass the plugins you want installed as a list.
##
@@ -467,8 +561,10 @@
# datasource: Prometheus
# local-dashboard:
# url: https://example.com/repository/test.json
+ # token: ''
# local-dashboard-base64:
# url: https://example.com/repository/test-b64.json
+ # token: ''
# b64content: true
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
@@ -488,7 +584,7 @@
##
grafana.ini:
paths:
- data: /var/lib/grafana/data
+ data: /var/lib/grafana/
logs: /var/log/grafana
plugins: /var/lib/grafana/plugins
provisioning: /etc/grafana/provisioning
@@ -560,8 +656,8 @@
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
sidecar:
image:
- repository: kiwigrid/k8s-sidecar
- tag: 1.1.0
+ repository: quay.io/kiwigrid/k8s-sidecar
+ tag: 1.19.2
sha: "3d1e7bfda06ca8d00e20e60733d1551bdbb3adb13685167185489b1931365f05"
imagePullPolicy: IfNotPresent
resources:
@@ -571,9 +667,12 @@
requests:
cpu: 50m
memory: 50Mi
+ securityContext: {}
# skipTlsVerify Set to true to skip tls verification for kube api calls
# skipTlsVerify: true
enableUniqueFilenames: false
+ readinessProbe: {}
+ livenessProbe: {}
dashboards:
enabled: true
SCProvider: true
@@ -583,13 +682,27 @@
folder: /var/dashboards
# The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead
defaultFolderName: null
- # If specified, the sidecar will search for dashboard config-maps inside this namespace.
+ # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces.
# Otherwise the namespace in which the sidecar is running will be used.
- # It's also possible to specify ALL to search in all namespaces
+ # It's also possible to specify ALL to search in all namespaces.
searchNamespace: null
- # If specified, the sidecar will look for annotation with this name to create folder and put graph here.
- # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
folderAnnotation: null
+ # Absolute path to shell script to execute after a configmap got reloaded
+ script: null
+ # watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
+ # watchServerTimeout: 3600
+ #
+ # watchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # defaults to 66sec (sic!)
+ # watchClientTimeout: 60
+ #
# provider configuration that lets grafana manage the dashboards
provider:
# name of the provider, should be unique
@@ -606,6 +719,10 @@
allowUiUpdates: #@ data.values.monitoring.grafana.dashboards.editable
# allow Grafana to replicate dashboard structure from filesystem
foldersFromFilesStructure: false
+ # Additional dashboard sidecar volume mounts
+ extraMounts: []
+ # Sets the size limit of the dashboard sidecar emptyDir volume
+ sizeLimit: {}
datasources:
enabled: false
# label that the configmaps with datasources are marked with
@@ -614,6 +731,40 @@
# Otherwise the namespace in which the sidecar is running will be used.
# It's also possible to specify ALL to search in all namespaces
searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # Endpoint to send request to reload datasources
+ reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
+ skipReload: false
+ # Deploy the datasource sidecar as an initContainer in addition to a container.
+ # This is needed if skipReload is true, to load any datasources defined at startup time.
+ initDatasources: false
+ # Sets the size limit of the datasource sidecar emptyDir volume
+ sizeLimit: {}
+ plugins:
+ enabled: false
+ # label that the configmaps with plugins are marked with
+ label: grafana_plugin
+ # value of label that the configmaps with plugins are set to
+ labelValue: null
+ # If specified, the sidecar will search for plugin config-maps inside this namespace.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces
+ searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # Endpoint to send request to reload plugins
+ reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload"
+ skipReload: false
+ # Deploy the datasource sidecar as an initContainer in addition to a container.
+ # This is needed if skipReload is true, to load any plugins defined at startup time.
+ initPlugins: false
+ # Sets the size limit of the plugin sidecar emptyDir volume
+ sizeLimit: {}
notifiers:
enabled: false
# label that the configmaps with notifiers are marked with
@@ -622,6 +773,10 @@
# Otherwise the namespace in which the sidecar is running will be used.
# It's also possible to specify ALL to search in all namespaces
searchNamespace: null
+ # search in configmap, secret or both
+ resource: both
+ # Sets the size limit of the notifier sidecar emptyDir volume
+ sizeLimit: {}
## Override the deployment namespace
##
@@ -647,8 +802,9 @@
# extra environment variables
env:
HTTP_HOST: "0.0.0.0"
- # RENDERING_ARGS: --disable-gpu,--window-size=1280x758
+ # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758
# RENDERING_MODE: clustered
+ # IGNORE_HTTPS_ERRORS: true
# image-renderer deployment serviceAccount
serviceAccountName: ""
# image-renderer deployment securityContext
@@ -658,11 +814,17 @@
# image-renderer deployment priority class
priorityClassName: ''
service:
+ # Enable the image-renderer service
+ enabled: true
# image-renderer service port name
portName: 'http'
# image-renderer service port used by both service and deployment
port: 8081
targetPort: 8081
+ # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana
+ grafanaProtocol: http
+ # In case a sub_path is used this needs to be added to the image renderer callback
+ grafanaSubPath: ""
# name of the image-renderer port on the pod
podPortName: http
# number of image-renderer replica sets to keep
@@ -679,3 +841,86 @@
# requests:
# cpu: 50m
# memory: 50Mi
+ ## Node labels for pod assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ #
+ nodeSelector: {}
+
+ ## Tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+
+ ## Affinity for pod assignment (evaluated as template)
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ##
+ affinity: {}
+
+networkPolicy:
+ ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
+ ##
+ enabled: false
+ ## @param networkPolicy.allowExternal Don't require client label for connections
+ ## The Policy model to apply. When set to false, only pods with the correct
+ ## client label will have network access to grafana port defined.
+ ## When true, grafana will accept connections from any source
+ ## (with the correct destination port).
+ ##
+ ingress: true
+ ## @param networkPolicy.ingress When true enables the creation
+ ## an ingress network policy
+ ##
+ allowExternal: true
+ ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
+ ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
+ ## and that match other criteria, the ones that have the good label, can reach the grafana.
+ ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
+ ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
+ ##
+ ## Example:
+ ## explicitNamespacesSelector:
+ ## matchLabels:
+ ## role: frontend
+ ## matchExpressions:
+ ## - {key: role, operator: In, values: [frontend]}
+ ##
+ explicitNamespacesSelector: {}
+ ##
+ ##
+ ##
+ ##
+ ##
+ ##
+ egress:
+ ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be
+ ## created allowing grafana to connect to external data sources from kubernetes cluster.
+ enabled: false
+ ##
+ ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress
+ ports: []
+ ## Add ports to the egress by specifying - port: <port number>
+ ## E.X.
+ ## ports:
+ ## - port: 80
+ ## - port: 443
+ ##
+ ##
+ ##
+ ##
+ ##
+ ##
+
+# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option
+enableKubeBackwardCompatibility: false
+useStatefulSet: false
+# Create a dynamic manifests via values:
+extraObjects: []
+ # - apiVersion: "kubernetes-client.io/v1"
+ # kind: ExternalSecret
+ # metadata:
+ # name: grafana-secrets
+ # spec:
+ # backendType: gcpSecretsManager
+ # data:
+ # - key: grafana-admin-password
+ # name: adminPassword
