gitea_admin/application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add helm charts

Browse Source
This commit is contained in:
Ybehrooz
2025-11-09 13:22:40 +03:30
parent 282c3e52d0
commit 38e4d749ad
1352 changed files with 190457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
backing-services/grafana/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
backing-services/grafana/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.0
digest: sha256:48db3c388ecbd5be84bd65f85c2247c466c99cbe3badaa1e7b4e1ce5814d8149
generated: "2023-12-19T17:49:07.683877863Z"

34
backing-services/grafana/Chart.yaml Normal file
View File

@@ -0,0 +1,34 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
annotations:
category: Analytics
licenses: Apache-2.0
images: |
- name: grafana
image: docker.io/bitnami/grafana:10.2.3-debian-11-r0
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92
apiVersion: v2
appVersion: 10.2.3
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
description: Grafana is an open source metric analytics and visualization suite for visualizing time series data that supports various types of data sources.
home: https://bitnami.com
icon: https://bitnami.com/assets/stacks/grafana/img/grafana-stack-220x234.png
keywords:
- analytics
- monitoring
- metrics
- logs
maintainers:
- name: VMware, Inc.
url: https://github.com/bitnami/charts
name: grafana
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/grafana
version: 9.6.6

715
backing-services/grafana/README.md Normal file
View File

@@ -0,0 +1,715 @@
<!--- app-name: Grafana -->
# Bitnami package for Grafana
Grafana is an open source metric analytics and visualization suite for visualizing time series data that supports various types of data sources.
[Overview of Grafana](https://grafana.com/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/grafana
```
Looking to use Grafana in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction
This chart bootstraps a [grafana](https://github.com/bitnami/containers/tree/main/bitnami/grafana) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.23+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/grafana
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy grafana on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release. Use the option `--purge` to delete all persistent volumes too.
## Differences between the Bitnami Grafana chart and the Bitnami Grafana Operator chart
In the Bitnami catalog we offer both the bitnami/grafana and bitnami/grafana-operator charts. Each solution covers different needs and use cases.
The *bitnami/grafana* chart deploys a single Grafana installation using a Kubernetes Deployment object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing *helm install*:
```text
+--------------+ +-----+
| | | |
Service & Ingress | Grafana +<------------+ PVC |
<-------------------+ | | |
| Deployment | +-----+
| |
+-----------+--+
^ +------------+
| | |
+----------------+ Configmaps |
| Secrets |
| |
+------------+
```
Its lifecycle is managed using Helm and, at the Grafana container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The chart also allows deploying dashboards and data sources using ConfigMaps. The Deployments do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations.
The *bitnami/grafana-operator* chart deploys a Grafana Operator installation using a Kubernetes Deployment. The figure below shows the Grafana operator deployment after executing *helm install*:
```text
+--------------------+
| | +---------------+
| Grafana Operator | | |
| | | RBAC |
| Deployment | | Privileges |
| | | |
+-------+------------+ +-------+-------+
^ |
| +-----------------+ |
+---+ Service Account +<----+
+-----------------+
```
The operator will extend the Kubernetes API with the following objects: *Grafana*, *GrafanaDashboards* and *GrafanaDataSources*. From that moment, the user will be able to deploy objects of these kinds and the previously deployed Operator will take care of deploying all the required Deployments, ConfigMaps and Services for running a Grafana instance. Its lifecycle is managed using *kubectl* on the Grafana, GrafanaDashboards and GrafanaDataSource objects. The following figure shows the deployed objects after
deploying a *Grafana* object using *kubectl*:
```text
+--------------------+
| | +---------------+
| Grafana Operator | | |
| | | RBAC |
| Deployment | | Privileges |
| | | |
+--+----+------------+ +-------+-------+
| ^ |
| | +-----------------+ |
| +---+ Service Account +<----+
| +-----------------+
|
|
|
|
| Grafana
| +---------------------------------------------------------------------------+
| | |
| | +--------------+ +-----+ |
| | | | | | |
+-------------------->+ Service & Ingress | Grafana +<------------+ PVC | |
| <-------------------+ | | | |
| | Deployment | +-----+ |
| | | |
| +-----------+--+ |
| ^ +------------+ |
| | | | |
| +----------------+ Configmaps | |
| | Secrets | |
| | | |
| +------------+ |
| |
+---------------------------------------------------------------------------+
```
This solution allows to easily deploy multiple Grafana instances compared to the *bitnami/grafana* chart. As the operator automatically deploys Grafana installations, the Grafana Operator pods will require a ServiceAccount with privileges to create and destroy mulitple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
### Common parameters
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `nameOverride` | String to partially override grafana.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override grafana.fullname template | `""` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
### Grafana parameters
| Name | Description | Value |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `image.registry` | Grafana image registry | `REGISTRY_NAME` |
| `image.repository` | Grafana image repository | `REPOSITORY_NAME/grafana` |
| `image.digest` | Grafana image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Grafana image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Grafana image pull secrets | `[]` |
| `admin.user` | Grafana admin username | `admin` |
| `admin.password` | Admin password. If a password is not provided a random password will be generated | `""` |
| `admin.existingSecret` | Name of the existing secret containing admin password | `""` |
| `admin.existingSecretPasswordKey` | Password key on the existing secret | `password` |
| `smtp.enabled` | Enable SMTP configuration | `false` |
| `smtp.user` | SMTP user | `user` |
| `smtp.password` | SMTP password | `password` |
| `smtp.host` | Custom host for the smtp server | `""` |
| `smtp.fromAddress` | From address | `""` |
| `smtp.fromName` | From name | `""` |
| `smtp.skipVerify` | Enable skip verify | `false` |
| `smtp.existingSecret` | Name of existing secret containing SMTP credentials (user and password) | `""` |
| `smtp.existingSecretUserKey` | User key on the existing secret | `user` |
| `smtp.existingSecretPasswordKey` | Password key on the existing secret | `password` |
| `plugins` | Grafana plugins to be installed in deployment time separated by commas | `""` |
| `ldap.enabled` | Enable LDAP for Grafana | `false` |
| `ldap.allowSignUp` | Allows LDAP sign up for Grafana | `false` |
| `ldap.configuration` | Specify content for ldap.toml configuration file | `""` |
| `ldap.configMapName` | Name of the ConfigMap with the ldap.toml configuration file for Grafana | `""` |
| `ldap.secretName` | Name of the Secret with the ldap.toml configuration file for Grafana | `""` |
| `ldap.uri` | Server URI, eg. ldap://ldap_server:389 | `""` |
| `ldap.binddn` | DN of the account used to search in the LDAP server. | `""` |
| `ldap.bindpw` | Password for binddn account. | `""` |
| `ldap.basedn` | Base DN path where binddn account will search for the users. | `""` |
| `ldap.searchAttribute` | Field used to match with the user name (uid, samAccountName, cn, etc). This value will be ignored if 'ldap.searchFilter' is set | `uid` |
| `ldap.searchFilter` | User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(|(sAMAccountName=%s)(userPrincipalName=%s)" | `""` |
| `ldap.extraConfiguration` | Extra ldap configuration. | `""` |
| `ldap.tls.enabled` | Enabled TLS configuration. | `false` |
| `ldap.tls.startTls` | Use STARTTLS instead of LDAPS. | `false` |
| `ldap.tls.skipVerify` | Skip any SSL verification (hostanames or certificates) | `false` |
| `ldap.tls.certificatesMountPath` | Where LDAP certifcates are mounted. | `/opt/bitnami/grafana/conf/ldap/` |
| `ldap.tls.certificatesSecret` | Secret with LDAP certificates. | `""` |
| `ldap.tls.CAFilename` | CA certificate filename. Should match with the CA entry key in the ldap.tls.certificatesSecret. | `""` |
| `ldap.tls.certFilename` | Client certificate filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. | `""` |
| `ldap.tls.certKeyFilename` | Client Key filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. | `""` |
| `imageRenderer.enabled` | Enable using a remote rendering service to render PNG images | `false` |
| `imageRenderer.serverURL` | URL of the remote rendering service | `""` |
| `imageRenderer.callbackURL` | URL of the callback service | `""` |
| `config.useGrafanaIniFile` | Allows to load a `grafana.ini` file | `false` |
| `config.grafanaIniConfigMap` | Name of the ConfigMap containing the `grafana.ini` file | `""` |
| `config.grafanaIniSecret` | Name of the Secret containing the `grafana.ini` file | `""` |
| `dashboardsProvider.enabled` | Enable the use of a Grafana dashboard provider | `false` |
| `dashboardsProvider.configMapName` | Name of a ConfigMap containing a custom dashboard provider | `""` |
| `dashboardsConfigMaps` | Array with the names of a series of ConfigMaps containing dashboards files | `[]` |
| `datasources.secretName` | The name of an externally-managed secret containing custom datasource files. | `""` |
| `datasources.secretDefinition` | The contents of a secret defining a custom datasource file. Only used if datasources.secretName is empty or not defined. | `{}` |
| `notifiers.configMapName` | Name of a ConfigMap containing Grafana notifiers configuration | `""` |
| `alerting.configMapName` | Name of a ConfigMap containing Grafana alerting configuration | `""` |
### Grafana Deployment parameters
| Name | Description | Value |
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ---------------- |
| `grafana.replicaCount` | Number of Grafana nodes | `1` |
| `grafana.updateStrategy.type` | Set up update strategy for Grafana installation. | `RollingUpdate` |
| `grafana.hostAliases` | Add deployment host aliases | `[]` |
| `grafana.schedulerName` | Alternative scheduler | `""` |
| `grafana.terminationGracePeriodSeconds` | In seconds, time the given to the Grafana pod needs to terminate gracefully | `""` |
| `grafana.priorityClassName` | Priority class name | `""` |
| `grafana.podLabels` | Extra labels for Grafana pods | `{}` |
| `grafana.podAnnotations` | Grafana Pod annotations | `{}` |
| `grafana.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `grafana.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `grafana.containerPorts.grafana` | Grafana container port | `3000` |
| `grafana.extraPorts` | Extra ports for Grafana deployment | `[]` |
| `grafana.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `grafana.nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `grafana.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `grafana.affinity` | Affinity for pod assignment | `{}` |
| `grafana.nodeSelector` | Node labels for pod assignment | `{}` |
| `grafana.tolerations` | Tolerations for pod assignment | `[]` |
| `grafana.topologySpreadConstraints` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in | `[]` |
| `grafana.podSecurityContext.enabled` | Enable securityContext on for Grafana deployment | `true` |
| `grafana.podSecurityContext.fsGroup` | Group to configure permissions for volumes | `1001` |
| `grafana.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `grafana.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `grafana.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `grafana.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `grafana.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `grafana.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `grafana.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `grafana.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `grafana.resources.limits` | The resources limits for Grafana containers | `{}` |
| `grafana.resources.requests` | The requested resources for Grafana containers | `{}` |
| `grafana.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `grafana.livenessProbe.path` | Path for livenessProbe | `/api/health` |
| `grafana.livenessProbe.scheme` | Scheme for livenessProbe | `HTTP` |
| `grafana.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `grafana.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `grafana.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `grafana.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `grafana.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `grafana.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `grafana.readinessProbe.path` | Path for readinessProbe | `/api/health` |
| `grafana.readinessProbe.scheme` | Scheme for readinessProbe | `HTTP` |
| `grafana.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `grafana.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `grafana.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `grafana.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `grafana.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `grafana.startupProbe.enabled` | Enable startupProbe | `false` |
| `grafana.startupProbe.path` | Path for readinessProbe | `/api/health` |
| `grafana.startupProbe.scheme` | Scheme for readinessProbe | `HTTP` |
| `grafana.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `grafana.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `grafana.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `grafana.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `grafana.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `grafana.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `grafana.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `grafana.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `grafana.lifecycleHooks` | for the Grafana container(s) to automate configuration before or after startup | `{}` |
| `grafana.sidecars` | Attach additional sidecar containers to the Grafana pod | `[]` |
| `grafana.initContainers` | Add additional init containers to the Grafana pod(s) | `[]` |
| `grafana.extraVolumes` | Additional volumes for the Grafana pod | `[]` |
| `grafana.extraVolumeMounts` | Additional volume mounts for the Grafana container | `[]` |
| `grafana.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Grafana nodes | `""` |
| `grafana.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Grafana nodes | `""` |
| `grafana.extraEnvVars` | Array containing extra env vars to configure Grafana | `[]` |
| `grafana.extraConfigmaps` | Array to mount extra ConfigMaps to configure Grafana | `[]` |
| `grafana.command` | Override default container command (useful when using custom images) | `[]` |
| `grafana.args` | Override default container args (useful when using custom images) | `[]` |
### Persistence parameters
| Name | Description | Value |
| --------------------------- | --------------------------------------------------------------------------------------------------------- | --------------- |
| `persistence.enabled` | Enable persistence | `true` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `persistence.accessMode` | Persistent Volume Access Mode | `ReadWriteOnce` |
| `persistence.accessModes` | Persistent Volume Access Modes | `[]` |
| `persistence.storageClass` | Storage class to use with the PVC | `""` |
| `persistence.existingClaim` | If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable | `""` |
| `persistence.size` | Size for the PV | `10Gi` |
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` |
| `serviceAccount.annotations` | Annotations to add to the ServiceAccount Metadata | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the application controller service account | `false` |
### Traffic exposure parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.clusterIP` | Grafana service Cluster IP | `""` |
| `service.ports.grafana` | Grafana service port | `3000` |
| `service.nodePorts.grafana` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` |
| `service.loadBalancerIP` | loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific) | `""` |
| `service.loadBalancerClass` | loadBalancerClass if Grafana service type is `LoadBalancer` (optional, cloud specific) | `""` |
| `service.loadBalancerSourceRanges` | loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific) | `[]` |
| `service.annotations` | Provide any additional annotations which may be required. | `{}` |
| `service.externalTrafficPolicy` | Grafana service external traffic policy | `Cluster` |
| `service.extraPorts` | Extra port to expose on Grafana service | `[]` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `ingress.enabled` | Set to true to enable ingress record generation | `false` |
| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` |
| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `grafana.local` |
| `ingress.path` | Default path for the ingress resource | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.secrets` | It is also possible to create and manage the certificates outside of this helm chart | `[]` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
### Metrics parameters
| Name | Description | Value |
| ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | Labels to honor to add to the scrape endpoint | `false` |
| `metrics.serviceMonitor.labels` | Additional custom labels for the ServiceMonitor | `{}` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | PrometheusRule rules to configure | `[]` |
### Volume permissions init Container Parameters
| Name | Description | Value |
| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
### Diagnostic Mode Parameters
| Name | Description | Value |
| ------------------------ | --------------------------------------------------------------------------------------- | -------------- |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set admin.user=admin-user oci://REGISTRY_NAME/REPOSITORY_NAME/grafana
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the Grafana admin user to `admin-user`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/grafana
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/grafana/values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Using custom configuration
Grafana supports multiples configuration files. Using kubernetes you can mount a file using a ConfigMap or a Secret. For example, to mount a custom `grafana.ini` file or `custom.ini` file you can create a ConfigMap like the following:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
data:
grafana.ini: |-
# Raw text of the file
```
And now you need to pass the ConfigMap name, to the corresponding parameters: `config.useGrafanaIniFile=true` and `config.grafanaIniConfigMap=myconfig`.
To provide dashboards on deployment time, Grafana needs a dashboards provider and the dashboards themselves.
A default provider is created if enabled, or you can mount your own provider using a ConfigMap, but have in mind that the path to the dashboard folder must be `/opt/bitnami/grafana/dashboards`.
1. To create a dashboard, it is needed to have a datasource for it. The datasources must be created mounting a secret with all the datasource files in it. In this case, it is not a ConfigMap because the datasource could contain sensitive information.
2. To load the dashboards themselves you need to create a ConfigMap for each one containing the `json` file that defines the dashboard and set the array with the ConfigMap names into the `dashboardsConfigMaps` parameter.
Note the difference between the datasources and the dashboards creation. For the datasources we can use just one secret with all of the files, while for the dashboards we need one ConfigMap per file.
For example, create the dashboard ConfigMap(s) and datasource Secret as described below:
```console
kubectl create secret generic datasource-secret --from-file=datasource-secret.yaml
kubectl create configmap my-dashboard-1 --from-file=my-dashboard-1.json
kubectl create configmap my-dashboard-2 --from-file=my-dashboard-2.json
```
> Note: the commands above assume you had previously exported your dashboards in the JSON files: *my-dashboard-1.json* and *my-dashboard-2.json*
> Note: the commands above assume you had previously created a datasource config file *datasource-secret.yaml*. Find an example at <https://grafana.com/docs/grafana/latest/administration/provisioning/#example-datasource-config-file>
Once you have them, use the following parameters to deploy Grafana with 2 custom dashboards:
```console
dashboardsProvider.enabled=true
datasources.secretName=datasource-secret
dashboardsConfigMaps[0].configMapName=my-dashboard-1
dashboardsConfigMaps[0].fileName=my-dashboard-1.json
dashboardsConfigMaps[1].configMapName=my-dashboard-2
dashboardsConfigMaps[1].fileName=my-dashboard-2.json
```
More info at [Grafana documentation](https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards).
### LDAP configuration
To enable LDAP authentication it is necessary to provide a ConfigMap with the Grafana LDAP configuration file. For instance:
**configmap.yaml**:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ldap-config
data:
ldap.toml: |-
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "ldap"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "cn=admin,dc=example,dc=org"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = 'admin'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = "(uid=%s)"
# An array of base dns to search through
search_base_dns = ["ou=People,dc=support,dc=example,dc=org"]
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_filter_user_attribute = "distinguishedName"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
```
Create the ConfigMap into the cluster and deploy the Grafana Helm Chart using the existing ConfigMap and the following parameters:
```console
ldap.enabled=true
ldap.configMapName=ldap-config
ldap.allowSignUp=true
```
### Installing Grafana Image Renderer Plugin
In order to install the [Grafana Image Renderer Plugin](https://github.com/grafana/grafana-image-renderer) so you rely on it to render images and save memory on Grafana pods, follow the steps below:
1. Create a Grafana Image Renderer deployment and service using the K8s manifests below:
```yaml
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-image-renderer
namespace: default
labels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
app.kubernetes.io/part-of: grafana
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
template:
metadata:
labels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
app.kubernetes.io/part-of: grafana
spec:
securityContext:
fsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
containers:
- name: grafana-image-renderer
image: docker.io/bitnami/grafana-image-renderer:3
securityContext:
runAsUser: 1001
env:
- name: HTTP_HOST
value: "::"
- name: HTTP_PORT
value: "8080"
ports:
- name: http
containerPort: 8080
protocol: TCP
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: grafana-image-renderer
namespace: default
labels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
app.kubernetes.io/part-of: grafana
spec:
type: ClusterIP
sessionAffinity: None
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
```
1. Upgrade your chart release adding the following block to your `values.yaml` file:
```yaml
imageRenderer:
enabled: true
serverURL: "http://grafana-image-renderer.default.svc.cluster.local:8080/render"
callbackURL: "http://grafana.default.svc.cluster.local:3000/"
```
> Note: the steps above assume an installation in the `default` namespace. If you are installing the chart in a different namespace, adjust the manifests and the `serverURL` & `callbackURL` values accordingly.
### Supporting HA (High Availability)
To support HA Grafana just need an external database where store dashboards, users and other persistent data.
To configure the external database provide a configuration file containing the [database section](https://grafana.com/docs/installation/configuration/#database)
More information about Grafana HA [here](https://grafana.com/docs/tutorials/ha_setup/)
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
## Persistence
The [Bitnami Grafana](https://github.com/bitnami/containers/tree/main/bitnami/grafana) image stores the Grafana data and configurations at the `/opt/bitnami/grafana/data` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
### To 9.4.0
This version stops shipping the Grafana Image Renderer in the chart. In order to use this plugin, refer to the [Installing Grafana Image Renderer Plugin](#installing-grafana-image-renderer-plugin) instructions.
### To 8.0.0
This major release only bumps the Grafana version to 9.x. No major issues are expected during the upgrade. See the upstream changelog <https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-0/> for more info about the changes included in this new major version of the application
### To 7.0.0
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
Since the volume access mode when persistence is enabled is `ReadWriteOnce` in order to upgrade the deployment you will need to either use the `Recreate` strategy or delete the old deployment.
```console
kubectl delete deployment <deployment-name>
helm upgrade <release-name> oci://REGISTRY_NAME/REPOSITORY_NAME/grafana
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 4.1.0
This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
### To 4.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
#### Useful links
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
### To 3.0.0
Deployment label selector is immutable after it gets created, so you cannot "upgrade".
In <https://github.com/bitnami/charts/pull/2773> the deployment label selectors of the resources were updated to add the component name. Resulting in compatibility breakage.
In order to "upgrade" from a previous version, you will need to [uninstall](#uninstalling-the-chart) the existing chart manually.
This major version signifies this change.
## License
Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

BIN
backing-services/grafana/charts/common-2.14.0.tgz Normal file
View File

Binary file not shown.

18
backing-services/grafana/hospital-bahman-production.values.yaml Normal file
View File

@@ -0,0 +1,18 @@
image:
registry: 172.16.16.1:30516
repository: bitnami/grafana
tag: 10.2.3-debian-11-r0
volumePermissions:
enabled: false
image:
registry: 172.16.16.1:30516
repository: bitnami/os-shell
tag: 11-debian-11-r92
admin:
user: "admin"
password: "Tavana123$"
service:
type: NodePort

33
backing-services/grafana/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,33 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{ ternary "https" "http" .Values.ingress.tls }}://{{ .Values.ingress.hostname }}{{ .Values.ingress.path }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.ports.grafana }}
{{- else if contains "ClusterIP" .Values.service.type }}
echo "Browse to http://127.0.0.1:8080"
kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.ports.grafana }} &
{{- end }}
2. Get the admin credentials:
echo "User: {{ .Values.admin.user }}"
echo "Password: $(kubectl get secret {{ include "grafana.adminSecretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.{{ include "grafana.adminSecretPasswordKey" . }}}" | base64 -d)"
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{ include "grafana.validateValues" . }}
{{ include "grafana.validateValues.database" . }}

245
backing-services/grafana/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,245 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Grafana image name
*/}}
{{- define "grafana.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "grafana.imagePullSecrets" -}}
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) -}}
{{- end }}
{{/*
Return the proper Storage Class
*/}}
{{- define "grafana.storageClass" -}}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
{{- end -}}
{{/*
Return the Grafana admin credentials secret
*/}}
{{- define "grafana.adminSecretName" -}}
{{- if .Values.admin.existingSecret -}}
{{- printf "%s" (tpl .Values.admin.existingSecret $) -}}
{{- else -}}
{{- printf "%s-admin" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana admin password key
*/}}
{{- define "grafana.adminSecretPasswordKey" -}}
{{- if and .Values.admin.existingSecret .Values.admin.existingSecretPasswordKey -}}
{{- printf "%s" (tpl .Values.admin.existingSecretPasswordKey $) -}}
{{- else -}}
{{- printf "GF_SECURITY_ADMIN_PASSWORD" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "grafana.createAdminSecret" -}}
{{- if not .Values.admin.existingSecret }}
{{- true -}}
{{- else -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana SMTP credentials secret
*/}}
{{- define "grafana.smtpSecretName" -}}
{{- if .Values.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana SMTP user key
*/}}
{{- define "grafana.smtpSecretUserKey" -}}
{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretUserKey -}}
{{- printf "%s" (tpl .Values.smtp.existingSecretUserKey $) -}}
{{- else -}}
{{- printf "GF_SMTP_USER" -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana SMTP password key
*/}}
{{- define "grafana.smtpSecretPasswordKey" -}}
{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretPasswordKey -}}
{{- printf "%s" (tpl .Values.smtp.existingSecretPasswordKey $) -}}
{{- else -}}
{{- printf "GF_SMTP_PASSWORD" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "grafana.createSMTPSecret" -}}
{{- if and .Values.smtp.enabled (not .Values.smtp.existingSecret) }}
{{- true -}}
{{- else -}}
{{- end -}}
{{- end -}}
{{/*
Returns the proper service account name depending if an explicit service account name is set
in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create
is true or default otherwise.
*/}}
{{- define "grafana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return LDAP configuration generated from ldap properties.
*/}}
{{- define "grafana.ldap.config" -}}
{{- $hostPort := get (urlParse (required "You must set ldap.uri" .Values.ldap.uri)) "host" -}}
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = {{ index (splitList ":" $hostPort) 0 | quote }}
# Default port is 389 or 636 if use_ssl = true
port = {{ index (splitList ":" $hostPort) 1 | default 389 }}
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
{{- if .Values.ldap.tls.enabled }}
use_ssl = {{ .Values.ldap.tls.enabled }}
ssl_skip_verify = {{ .Values.ldap.tls.skipVerify }}
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = {{ .Values.ldap.tls.startTls }}
{{- if .Values.ldap.tls.CAFilename }}
# set to the path to your root CA certificate or leave unset to use system defaults
root_ca_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.CAFilename | quote }}
{{- end }}
{{- if .Values.ldap.tls.certFilename }}
# Authentication against LDAP servers requiring client certificates
client_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.certFilename | quote }}
client_key = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath (required "ldap.tls.certKeyFilename is required when ldap.tls.certFilename is defined" .Values.ldap.tls.certKeyFilename) | quote }}
{{- end }}
{{- end }}
{{- if .Values.ldap.binddn }}
# Search user bind dn
bind_dn = {{ .Values.ldap.binddn | quote }}
{{- end }}
{{- if .Values.ldap.bindpw }}
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = {{ .Values.ldap.bindpw | quote }}
{{- end }}
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
{{- if .Values.ldap.searchFilter }}
search_filter = {{ .Values.ldap.searchFilter | quote }}
{{- else if .Values.ldap.searchAttribute }}
search_filter = "({{ .Values.ldap.searchAttribute }}=%s)"
{{- end }}
# An array of base dns to search through
search_base_dns = [{{ (required "You must set ldap.basedn" .Values.ldap.basedn) | quote }}]
{{ .Values.ldap.extraConfiguration }}
{{- end -}}
{{/*
Validate values for Grafana.
*/}}
{{- define "grafana.validateValues" -}}
# Note: Do not include grafana.validateValues.database here. See https://github.com/bitnami/charts/issues/20629
{{- $messages := list -}}
{{- $messages := append $messages (include "grafana.validateValues.configmapsOrSecrets" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.ldap.configuration" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.ldap.configmapsecret" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.ldap.tls" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.imageRenderer" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - A ConfigMap or Secret name must be provided when loading a custom grafana.ini file */}}
{{- define "grafana.validateValues.configmapsOrSecrets" -}}
{{- if and .Values.config.useGrafanaIniFile (not .Values.config.grafanaIniSecret) (not .Values.config.grafanaIniConfigMap) -}}
grafana: config.useGrafanaIniFile config.grafanaIniSecret and config.grafanaIniConfigMap
You enabled config.useGrafanaIniFile but did not specify config.grafanaIniSecret nor config.grafanaIniConfigMap
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - A custom ldap.toml file must be provided when enabling LDAP */}}
{{- define "grafana.validateValues.ldap.configuration" -}}
{{- if and .Values.ldap.enabled (empty .Values.ldap.uri) (empty .Values.ldap.basedn) (empty .Values.ldap.configuration) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) -}}
grafana: ldap.enabled ldap.uri ldap.basedn ldap.configuration ldap.configMapName and ldap.secretName
You must provide the uri and basedn of your LDAP Sever (--set ldap.uri="aaa" --set ldap.basedn="bbb")
or the content of your custom ldap.toml file when enabling LDAP (--set ldap.configuration="xxx")
As an alternative, you can set the name of an existing ConfigMap (--set ldap.configMapName="yyy") or
an an existing Secret (--set ldap.secretName="zzz") containging the custom ldap.toml file.
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - Only a ConfigMap or Secret name must be provided when loading a custom ldap.toml file */}}
{{- define "grafana.validateValues.ldap.configmapsecret" -}}
{{- if and .Values.ldap.enabled (not (empty .Values.ldap.configMapName)) (not (empty .Values.ldap.secretName)) -}}
grafana: ldap.enabled ldap.configMapName and ldap.secretName
You cannot load a custom ldap.toml file both from a ConfigMap and a Secret simultaneously
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - LDAP TLS validation */}}
{{- define "grafana.validateValues.ldap.tls" -}}
{{- if and .Values.ldap.enabled .Values.ldap.tls.enabled (empty .Values.ldap.tls.certificatesSecret) (or (not (empty .Values.ldap.tls.CAFilename)) (not (empty .Values.ldap.tls.certFilename)) (not (empty .Values.ldap.tls.certKeyFilename))) -}}
grafana: ldap.enabled ldap.tls.enabled ldap.tls.certificatesSecret ldap.tls.CAFilename ldap.tls.certFilename and ldap.tls.certKeyFilename
You must set ldap.tls.certificatesSecret if you want to specify any certificate for LDAP TLS connection
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - Requirements to use an external database */}}
{{- define "grafana.validateValues.database" -}}
{{- $replicaCount := int .Values.grafana.replicaCount }}
{{- if gt $replicaCount 1 -}}
grafana: replicaCount
Using more than one replica requires using an external database to share data between Grafana instances.
By default Grafana uses an internal sqlite3 per instance but you can configure an external MySQL or PostgreSQL.
Please, ensure you provide a configuration file configuring the external database to share data between replicas.
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - Requirements to use Grafana Image Renderer */}}
{{- define "grafana.validateValues.imageRenderer" -}}
{{- if and .Values.imageRenderer.enabled (or (empty .Values.imageRenderer.serverURL) (empty .Values.imageRenderer.callbackURL)) -}}
grafana: imageRenderer.enabled imageRenderer.serverURL and imageRenderer.callbackURL
You must provide the serverURL and callbackURL for Grafana Image Renderer when enabling it.
(--set imageRenderer.serverURL="http://image-renderer-url/render" --set imageRenderer.callbackURL="http://grafana-url:3000/")
{{- end -}}
{{- end -}}

34
backing-services/grafana/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-envvars
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | quote }}
{{- if .Values.imageRenderer.enabled }}
GF_RENDERING_SERVER_URL: {{ .Values.imageRenderer.serverURL | quote }}
GF_RENDERING_CALLBACK_URL: {{ .Values.imageRenderer.callbackURL | quote }}
{{- end }}
{{- if .Values.plugins }}
GF_INSTALL_PLUGINS: {{ .Values.plugins | quote }}
{{- else }}
GF_INSTALL_PLUGINS: ""
{{- end }}
GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins"
GF_AUTH_LDAP_ENABLED: {{ .Values.ldap.enabled | quote }}
GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml"
GF_AUTH_LDAP_ALLOW_SIGN_UP: {{ .Values.ldap.allowSignUp | quote }}
GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning"
GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini"
GF_PATHS_DATA: "/opt/bitnami/grafana/data"
GF_PATHS_LOGS: "/opt/bitnami/grafana/logs"

43
backing-services/grafana/templates/dashboard-provider.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.dashboardsProvider.enabled (not .Values.dashboardsProvider.configMapName) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-provider
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
default-provider.yaml: |-
apiVersion: 1
providers:
# <string> an unique provider name
- name: 'default-provider'
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string, required> name of the dashboard folder. Required
folder: dashboards
# <string> folder UID. will be automatically generated if not specified
folderUid: ''
# <string, required> provider type. Required
type: file
# <bool> disable dashboard deletion
disableDeletion: false
# <bool> enable dashboard editing
editable: true
# <int> how often Grafana will scan for changed dashboards
updateIntervalSeconds: 10
options:
# <string, required> path to dashboard files on disk. Required
path: /opt/bitnami/grafana/dashboards
# <bool> enable folders creation for dashboards
#foldersFromFilesStructure: true
{{- end }}

20
backing-services/grafana/templates/datasources-secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.datasources.secretDefinition }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-datasources
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
datasources.yaml: {{ include "common.tplvalues.render" ( dict "value" .Values.datasources.secretDefinition "context" $ ) | b64enc | nindent 4 }}
{{- end }}

354
backing-services/grafana/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,354 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.grafana.replicaCount }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.grafana.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: grafana
{{- if .Values.grafana.updateStrategy }}
strategy: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.updateStrategy "context" $) | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: grafana
annotations:
{{- if (include "grafana.createAdminSecret" .) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if (include "grafana.createSMTPSecret" .) }}
checksum/smtp-secret: {{ include (print $.Template.BasePath "/smtp-secret.yaml") . | sha256sum }}
{{- end }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/dashboard-provider: {{ include (print $.Template.BasePath "/dashboard-provider.yaml") . | sha256sum }}
{{- if and .Values.ldap.enabled (or (not (empty .Values.ldap.configuration)) (not (empty .Values.ldap.uri))) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) }}
checksum/ldap: {{ include (print $.Template.BasePath "/ldap-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.grafana.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "grafana.imagePullSecrets" . | nindent 6 }}
{{- if .Values.grafana.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.hostAliases "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "grafana.serviceAccountName" . }}
{{- if .Values.grafana.schedulerName }}
schedulerName: {{ .Values.grafana.schedulerName | quote }}
{{- end }}
{{- if .Values.grafana.priorityClassName }}
priorityClassName: {{ .Values.grafana.priorityClassName | quote }}
{{- end }}
{{- if .Values.grafana.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.grafana.podAffinityPreset "component" "grafana" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.grafana.podAntiAffinityPreset "component" "grafana" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.grafana.nodeAffinityPreset.type "key" .Values.grafana.nodeAffinityPreset.key "values" .Values.grafana.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.grafana.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.grafana.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.grafana.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.grafana.podSecurityContext.enabled }}
securityContext: {{- omit .Values.grafana.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.grafana.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.grafana.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if .Values.volumePermissions.enabled }}
- name: volume-permissions
image: {{ include "volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p /bitnami/grafana
find /bitnami/grafana -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.grafana.containerSecurityContext.runAsUser }}:{{ .Values.grafana.podSecurityContext.fsGroup }}
securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
{{- if .Values.volumePermissions.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/grafana
{{- end }}
{{- if .Values.grafana.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: grafana
image: {{ include "grafana.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.grafana.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.grafana.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.grafana.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.grafana.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.args "context" $) | nindent 12 }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "common.names.fullname" . }}-envvars
{{- if .Values.grafana.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.grafana.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVarsSecret "context" $) }}
{{- end }}
env:
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "grafana.adminSecretName" . }}
key: {{ include "grafana.adminSecretPasswordKey" . }}
{{- if .Values.smtp.enabled }}
- name: GF_SMTP_ENABLED
value: "true"
{{- if .Values.smtp.host }}
- name: GF_SMTP_HOST
value: {{ .Values.smtp.host }}
{{- end }}
{{- if .Values.smtp.fromAddress }}
- name: GF_SMTP_FROM_ADDRESS
value: {{ .Values.smtp.fromAddress }}
{{- end }}
{{- if .Values.smtp.fromName }}
- name: GF_SMTP_FROM_NAME
value: {{ .Values.smtp.fromName }}
{{- end }}
{{- if .Values.smtp.skipVerify }}
- name: GF_SMTP_SKIP_VERIFY
value: "{{ .Values.smtp.skipVerify }}"
{{- end }}
- name: GF_SMTP_USER
valueFrom:
secretKeyRef:
name: {{ include "grafana.smtpSecretName" . }}
key: {{ include "grafana.smtpSecretUserKey" . }}
- name: GF_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "grafana.smtpSecretName" . }}
key: {{ include "grafana.smtpSecretPasswordKey" . }}
{{- end }}
{{- if .Values.grafana.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.config.useGrafanaIniFile }}
- name: grafana-ini
mountPath: /opt/bitnami/grafana/conf/grafana.ini
subPath: grafana.ini
{{- end }}
- name: data
mountPath: /opt/bitnami/grafana/data
{{- if .Values.dashboardsProvider.enabled }}
- name: dashboards-provider
mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards
{{- end }}
{{- range .Values.dashboardsConfigMaps }}
- name: {{ include "common.tplvalues.render" ( dict "value" .configMapName "context" $ ) }}
{{- if .folderName }}
mountPath: /opt/bitnami/grafana/dashboards/{{ .folderName }}/{{ .fileName }}
{{- else }}
mountPath: /opt/bitnami/grafana/dashboards/{{ .fileName }}
{{- end }}
subPath: {{ .fileName }}
{{- end }}
{{- if or (.Values.datasources.secretName) (.Values.datasources.secretDefinition) }}
- name: datasources
mountPath: /opt/bitnami/grafana/conf/provisioning/datasources
{{- end }}
{{- if .Values.notifiers.configMapName }}
- name: notifiers
mountPath: /opt/bitnami/grafana/conf/provisioning/notifiers
{{- end }}
{{- if .Values.alerting.configMapName }}
- name: alerting
mountPath: /opt/bitnami/grafana/conf/provisioning/alerting
{{- end }}
{{- if .Values.ldap.enabled }}
- name: ldap
mountPath: /opt/bitnami/grafana/conf/ldap.toml
subPath: ldap.toml
{{- end }}
{{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }}
- name: ldap-tls
mountPath: {{ .Values.ldap.tls.certificatesMountPath }}
{{- end }}
{{- range .Values.grafana.extraConfigmaps }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.grafana.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
ports:
- name: dashboard
containerPort: {{ .Values.grafana.containerPorts.grafana }}
protocol: TCP
{{- if .Values.grafana.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraPorts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.grafana.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.grafana.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.grafana.livenessProbe.path }}
port: dashboard
scheme: {{ .Values.grafana.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.grafana.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.grafana.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.grafana.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.grafana.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.grafana.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.grafana.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.grafana.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.grafana.readinessProbe.path }}
port: dashboard
scheme: {{ .Values.grafana.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.grafana.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.grafana.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.grafana.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.grafana.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.grafana.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.grafana.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.grafana.startupProbe.enabled }}
startupProbe:
httpGet:
path: {{ .Values.grafana.startupProbe.path }}
port: dashboard
scheme: {{ .Values.grafana.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.grafana.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.grafana.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.grafana.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.grafana.startupProbe.successThreshold }}
failureThreshold: {{ .Values.grafana.startupProbe.failureThreshold }}
{{- end }}
{{- if .Values.grafana.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.grafana.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.resources "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.grafana.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.ldap.enabled }}
- name: ldap
{{- if not (empty .Values.ldap.configMapName) }}
configMap:
name: {{ .Values.ldap.configMapName }}
{{- else if not (empty .Values.ldap.secretName) }}
secret:
secretName: {{ .Values.ldap.secretName }}
{{- else }}
secret:
secretName: {{ printf "%s-ldap-conf" (include "common.names.fullname" .) }}
{{- end }}
{{- end }}
{{- if .Values.dashboardsProvider.enabled }}
- name: dashboards-provider
configMap:
{{- if .Values.dashboardsProvider.configMapName }}
name: {{ include "common.tplvalues.render" ( dict "value" .Values.dashboardsProvider.configMapName "context" $) }}
{{- else }}
name: {{ include "common.names.fullname" . }}-provider
{{- end }}
{{- end }}
{{- range .Values.dashboardsConfigMaps }}
- name: {{ include "common.tplvalues.render" ( dict "value" .configMapName "context" $ ) }}
configMap:
name: {{ include "common.tplvalues.render" ( dict "value" .configMapName "context" $ ) }}
{{- end }}
{{- if .Values.datasources.secretName }}
- name: datasources
secret:
secretName: {{ .Values.datasources.secretName }}
{{- else if .Values.datasources.secretDefinition }}
- name: datasources
secret:
secretName: {{ include "common.names.fullname" . }}-datasources
{{- end }}
{{- if .Values.notifiers.configMapName }}
- name: notifiers
configMap:
name: {{ .Values.notifiers.configMapName }}
{{- end }}
{{- if .Values.alerting.configMapName }}
- name: alerting
configMap:
name: {{ .Values.alerting.configMapName }}
{{- end }}
{{- if .Values.config.useGrafanaIniFile }}
- name: grafana-ini
{{- if .Values.config.grafanaIniConfigMap }}
configMap:
name: {{ .Values.config.grafanaIniConfigMap }}
{{- else if .Values.config.grafanaIniSecret }}
secret:
secretName: {{ .Values.config.grafanaIniSecret }}
{{- end }}
{{- end }}
{{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }}
- name: ldap-tls
secret:
secretName: {{ .Values.ldap.tls.certificatesSecret }}
{{- end }}
{{- range .Values.grafana.extraConfigmaps }}
- name: {{ .name }}
configMap:
name: {{ .name }}
{{- end }}
{{- if .Values.grafana.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraVolumes "context" $) | nindent 8 }}
{{- end }}

9
backing-services/grafana/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

66
backing-services/grafana/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.hostname }}
- http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if ne .Values.ingress.hostname "*" }}
host: {{ include "common.tplvalues.render" (dict "value" .Values.ingress.hostname "context" $) }}
{{- end }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

25
backing-services/grafana/templates/ldap-secret.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.ldap.enabled (or (not (empty .Values.ldap.configuration)) (not (empty .Values.ldap.uri))) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-ldap-conf" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{if .Values.ldap.configuration }}
ldap.toml: |-
{{- include "common.tplvalues.render" (dict "value" .Values.ldap.configuration "context" $) | b64enc | nindent 4 }}
{{- else }}
ldap.toml: |-
{{- include "grafana.ldap.config" . | b64enc | nindent 4 }}
{{- end }}
{{- end }}

24
backing-services/grafana/templates/prometheusrules.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "common.names.fullname" . }}
rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }}
{{- end }}

31
backing-services/grafana/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- if not (empty .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
{{- else }}
- {{ .Values.persistence.accessMode | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "grafana.storageClass" . }}
{{- end -}}

20
backing-services/grafana/templates/secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if (include "grafana.createAdminSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-admin
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
GF_SECURITY_ADMIN_PASSWORD: {{ ternary (randAlphaNum 10) .Values.admin.password (empty .Values.admin.password) | b64enc | quote }}
{{- end }}

61
backing-services/grafana/templates/service.yaml Normal file
View File

@@ -0,0 +1,61 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if or (and .Values.metrics.enabled .Values.metrics.service.annotations) .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerClass)) }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- port: {{ .Values.service.ports.grafana }}
targetPort: dashboard
protocol: TCP
name: http
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.grafana)) }}
nodePort: {{ .Values.service.nodePorts.grafana }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.grafana.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana

28
backing-services/grafana/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
secrets:
- name: {{ include "common.names.fullname" . }}-admin
{{- if .Values.datasources.secretName }}
- name: {{ .Values.datasources.secretName }}
{{- else if .Values.datasources.secretDefinition }}
- name: {{ include "common.names.fullname" . }}-datasources
{{- end }}
{{- if (include "grafana.createSMTPSecret" .) }}
- name: {{ include "common.names.fullname" . }}-smtp
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

50
backing-services/grafana/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: grafana
endpoints:
- port: http
path: "/metrics"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
{{- end }}

21
backing-services/grafana/templates/smtp-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if (include "grafana.createSMTPSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-smtp
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
GF_SMTP_USER: {{ .Values.smtp.user | b64enc | quote }}
GF_SMTP_PASSWORD: {{ .Values.smtp.password | b64enc | quote }}
{{- end }}

46
backing-services/grafana/templates/tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "grafana-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

919
backing-services/grafana/values.yaml Normal file
View File

@@ -0,0 +1,919 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## @param nameOverride String to partially override grafana.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override grafana.fullname template
##
fullnameOverride: ""
## @param clusterDomain Default Kubernetes cluster domain
##
clusterDomain: cluster.local
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @section Grafana parameters
## Bitnami Grafana image version
## ref: https://hub.docker.com/r/bitnami/grafana/tags/
## @param image.registry [default: REGISTRY_NAME] Grafana image registry
## @param image.repository [default: REPOSITORY_NAME/grafana] Grafana image repository
## @skip image.tag Grafana image tag (immutable tags are recommended)
## @param image.digest Grafana image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Grafana image pull policy
## @param image.pullSecrets Grafana image pull secrets
##
image:
registry: docker.io
repository: bitnami/grafana
tag: 10.2.3-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
## pullSecrets:
## - myRegistryKeySecretName
pullSecrets: []
## Admin credentials configuration
##
admin:
## @param admin.user Grafana admin username
##
user: "admin"
## @param admin.password Admin password. If a password is not provided a random password will be generated
##
password: ""
## @param admin.existingSecret Name of the existing secret containing admin password
##
existingSecret: ""
## @param admin.existingSecretPasswordKey Password key on the existing secret
##
existingSecretPasswordKey: password
## SMTP configuration
##
smtp:
## @param smtp.enabled Enable SMTP configuration
##
enabled: false
## @param smtp.user SMTP user
##
user: user
## @param smtp.password SMTP password
##
password: password
## @param smtp.host Custom host for the smtp server
## e.g:
## host: mysmtphost.com
##
host: ""
## @param smtp.fromAddress From address
##
fromAddress: ""
## @param smtp.fromName From name
##
fromName: ""
## @param smtp.skipVerify Enable skip verify
##
skipVerify: "false"
## @param smtp.existingSecret Name of existing secret containing SMTP credentials (user and password)
##
existingSecret: ""
## @param smtp.existingSecretUserKey User key on the existing secret
##
existingSecretUserKey: user
## @param smtp.existingSecretPasswordKey Password key on the existing secret
##
existingSecretPasswordKey: password
## @param plugins Grafana plugins to be installed in deployment time separated by commas
## Specify plugins as a list separated by commas ( you will need to scape them when specifying from command line )
## Example:
## plugins: grafana-kubernetes-app,grafana-example-app
##
plugins: ""
## Ldap configuration for Grafana
##
ldap:
## @param ldap.enabled Enable LDAP for Grafana
##
enabled: false
## @param ldap.allowSignUp Allows LDAP sign up for Grafana
##
allowSignUp: false
## @param ldap.configuration Specify content for ldap.toml configuration file
## e.g:
## configuration: |-
## [[servers]]
## host = "127.0.0.1"
## port = 389
## use_ssl = false
## ...
##
configuration: ""
## @param ldap.configMapName Name of the ConfigMap with the ldap.toml configuration file for Grafana
## NOTE: When it's set the ldap.configuration parameter is ignored
##
configMapName: ""
## @param ldap.secretName Name of the Secret with the ldap.toml configuration file for Grafana
## NOTE: When it's set the ldap.configuration parameter is ignored
##
secretName: ""
## @param ldap.uri Server URI, eg. ldap://ldap_server:389
##
uri: ""
## @param ldap.binddn DN of the account used to search in the LDAP server.
##
binddn: ""
## @param ldap.bindpw Password for binddn account.
##
bindpw: ""
## @param ldap.basedn Base DN path where binddn account will search for the users.
##
basedn: ""
## @param ldap.searchAttribute Field used to match with the user name (uid, samAccountName, cn, etc). This value will be ignored if 'ldap.searchFilter' is set
##
searchAttribute: "uid"
## @param ldap.searchFilter User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(|(sAMAccountName=%s)(userPrincipalName=%s)"
##
searchFilter: ""
## @param ldap.extraConfiguration Extra ldap configuration.
## Example:
## extraConfiguration: |-
## # set to true if you want to skip SSL cert validation
## ssl_skip_verify = false
## # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
## # group_search_filter_user_attribute = "distinguishedName"
## # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
## # Specify names of the LDAP attributes your LDAP uses
## [servers.attributes]
## # member_of = "memberOf"
## # email = "email"
##
extraConfiguration: ""
## @param ldap.tls.enabled Enabled TLS configuration.
## @param ldap.tls.startTls Use STARTTLS instead of LDAPS.
## @param ldap.tls.skipVerify Skip any SSL verification (hostanames or certificates)
## @param ldap.tls.certificatesMountPath Where LDAP certifcates are mounted.
## @param ldap.tls.certificatesSecret Secret with LDAP certificates.
## @param ldap.tls.CAFilename CA certificate filename. Should match with the CA entry key in the ldap.tls.certificatesSecret.
## @param ldap.tls.certFilename Client certificate filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret.
## @param ldap.tls.certKeyFilename Client Key filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret.
##
tls:
enabled: false
startTls: false
skipVerify: false
certificatesMountPath: /opt/bitnami/grafana/conf/ldap/
certificatesSecret: ""
CAFilename: ""
certFilename: ""
certKeyFilename: ""
## Grafana Image Renderer configuration for Grafana
##
imageRenderer:
## @param imageRenderer.enabled Enable using a remote rendering service to render PNG images
##
enabled: false
## @param imageRenderer.serverURL URL of the remote rendering service
##
serverURL: ""
## @param imageRenderer.callbackURL URL of the callback service
##
callbackURL: ""
## Parameters to override the default grafana.ini file.
## It is needed to create a configmap or a secret containing the grafana.ini file.
## @param config.useGrafanaIniFile Allows to load a `grafana.ini` file
## @param config.grafanaIniConfigMap Name of the ConfigMap containing the `grafana.ini` file
## @param config.grafanaIniSecret Name of the Secret containing the `grafana.ini` file
##
config:
useGrafanaIniFile: false
grafanaIniConfigMap: ""
grafanaIniSecret: ""
## Create dasboard provider to load dashboards, a default one is created to load dashboards
## from "/opt/bitnami/grafana/dashboards"
## @param dashboardsProvider.enabled Enable the use of a Grafana dashboard provider
## @param dashboardsProvider.configMapName Name of a ConfigMap containing a custom dashboard provider
##
dashboardsProvider:
enabled: false
## Important to set the Path to "/opt/bitnami/grafana/dashboards"
## Evaluated as a template.
##
configMapName: ""
## @param dashboardsConfigMaps Array with the names of a series of ConfigMaps containing dashboards files
## They will be mounted by the default dashboard provider if it is enabled
## Use an array with the configMap names.
## In order to use subfolders, uncomment "#foldersFromFilesStructure: true" line in default provider config. or create your own dashboard provider.
## Example:
## dashboardsConfigMaps:
## - configMapName: mydashboard
## folderName: foo
## fileName: mydashboard.json
## - configMapName: myotherdashboard
## folderName: bar
## fileName: myotherdashboard.json
##
dashboardsConfigMaps: []
## Import datasources from an externally-managed secret, or a secret definition set via Helm values.
##
datasources:
## @param datasources.secretName The name of an externally-managed secret containing custom datasource files.
##
secretName: ""
## @param datasources.secretDefinition The contents of a secret defining a custom datasource file. Only used if datasources.secretName is empty or not defined.
## Example:
## secretDefinition:
## apiVersion: 1
## datasources:
## - name: Prometheus
## type: prometheus
## url: http://prometheus-prometheus-server
## access: proxy
## isDefault: true
##
secretDefinition: {}
## Create notifiers from a configMap
## The notifiersName must contain the files
## @param notifiers.configMapName Name of a ConfigMap containing Grafana notifiers configuration
##
notifiers:
configMapName: ""
## Create alerting rules, contact points, notification policies, templates, and mute timings from a configMap
## @param alerting.configMapName Name of a ConfigMap containing Grafana alerting configuration
##
alerting:
configMapName: ""
## @section Grafana Deployment parameters
grafana:
## @param grafana.replicaCount Number of Grafana nodes
##
replicaCount: 1
## @param grafana.updateStrategy.type Set up update strategy for Grafana installation.
## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param grafana.hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param grafana.schedulerName Alternative scheduler
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param grafana.terminationGracePeriodSeconds In seconds, time the given to the Grafana pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param grafana.priorityClassName Priority class name
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param grafana.podLabels Extra labels for Grafana pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param grafana.podAnnotations Grafana Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param grafana.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param grafana.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## @param grafana.containerPorts.grafana Grafana container port
##
containerPorts:
grafana: 3000
## @param grafana.extraPorts Extra ports for Grafana deployment
##
extraPorts: []
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param grafana.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param grafana.nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param grafana.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param grafana.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param grafana.nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param grafana.tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param grafana.topologySpreadConstraints Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
## topologySpreadConstraints:
## - maxSkew: 1
## topologyKey: failure-domain.beta.kubernetes.io/zone
## whenUnsatisfiable: DoNotSchedule
##
topologySpreadConstraints: []
## @param grafana.podSecurityContext.enabled Enable securityContext on for Grafana deployment
## @param grafana.podSecurityContext.fsGroup Group to configure permissions for volumes
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param grafana.containerSecurityContext.enabled Enabled containers' Security Context
## @param grafana.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param grafana.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param grafana.containerSecurityContext.privileged Set container's Security Context privileged
## @param grafana.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param grafana.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param grafana.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param grafana.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Grafana containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param grafana.resources.limits The resources limits for Grafana containers
## @param grafana.resources.requests The requested resources for Grafana containers
##
resources:
## Example:
## limits:
## cpu: 500m
## memory: 1Gi
limits: {}
## Examples:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
## Grafana containers' liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param grafana.livenessProbe.enabled Enable livenessProbe
## @param grafana.livenessProbe.path Path for livenessProbe
## @param grafana.livenessProbe.scheme Scheme for livenessProbe
## @param grafana.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param grafana.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param grafana.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param grafana.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param grafana.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
path: /api/health
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Grafana containers' readinessProbe probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param grafana.readinessProbe.enabled Enable readinessProbe
## @param grafana.readinessProbe.path Path for readinessProbe
## @param grafana.readinessProbe.scheme Scheme for readinessProbe
## @param grafana.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param grafana.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param grafana.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param grafana.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param grafana.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /api/health
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param grafana.startupProbe.enabled Enable startupProbe
## @param grafana.startupProbe.path Path for readinessProbe
## @param grafana.startupProbe.scheme Scheme for readinessProbe
## @param grafana.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param grafana.startupProbe.periodSeconds Period seconds for startupProbe
## @param grafana.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param grafana.startupProbe.failureThreshold Failure threshold for startupProbe
## @param grafana.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /api/health
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param grafana.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param grafana.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param grafana.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param grafana.lifecycleHooks for the Grafana container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param grafana.sidecars Attach additional sidecar containers to the Grafana pod
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param grafana.initContainers Add additional init containers to the Grafana pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## @param grafana.extraVolumes Additional volumes for the Grafana pod
## Example:
## extraVolumes:
## - name: my-volume
## emptyDir: {}
##
extraVolumes: []
## @param grafana.extraVolumeMounts Additional volume mounts for the Grafana container
## Example:
## extraVolumeMounts:
## - name: my-volume
## mountPath: /opt/bitnami/grafana/my-stuff
##
extraVolumeMounts: []
## @param grafana.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Grafana nodes
##
extraEnvVarsCM: ""
## @param grafana.extraEnvVarsSecret Name of existing Secret containing extra env vars for Grafana nodes
##
extraEnvVarsSecret: ""
## @param grafana.extraEnvVars Array containing extra env vars to configure Grafana
## For example:
## extraEnvVars:
## - name: GF_DEFAULT_INSTANCE_NAME
## value: my-instance
##
extraEnvVars: []
## @param grafana.extraConfigmaps Array to mount extra ConfigMaps to configure Grafana
## For example:
## extraConfigmaps:
## - name: myconfigmap
## mountPath: /opt/bitnami/desired-path
## subPath: file-name.extension (optional)
## readOnly: true
##
extraConfigmaps: []
## @param grafana.command Override default container command (useful when using custom images)
##
command: []
## @param grafana.args Override default container args (useful when using custom images)
##
args: []
## @section Persistence parameters
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## @param persistence.enabled Enable persistence
## @param persistence.annotations Persistent Volume Claim annotations
## @param persistence.accessMode Persistent Volume Access Mode
## @param persistence.accessModes Persistent Volume Access Modes
## @param persistence.storageClass Storage class to use with the PVC
## @param persistence.existingClaim If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable
## @param persistence.size Size for the PV
##
persistence:
enabled: true
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
annotations: {}
existingClaim: ""
accessMode: ReadWriteOnce
accessModes: []
size: 10Gi
## @section RBAC parameters
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
## @param serviceAccount.annotations Annotations to add to the ServiceAccount Metadata
## @param serviceAccount.automountServiceAccountToken Automount service account token for the application controller service account
serviceAccount:
create: true
name: ""
annotations: {}
automountServiceAccountToken: false
## @section Traffic exposure parameters
## Service parameters
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.clusterIP Grafana service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.ports.grafana Grafana service port
##
ports:
grafana: 3000
## @param service.nodePorts.grafana Specify the nodePort value for the LoadBalancer and NodePort service types
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
grafana: ""
## @param service.loadBalancerIP loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerClass loadBalancerClass if Grafana service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerClass: ""
## @param service.loadBalancerSourceRanges loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.annotations Provide any additional annotations which may be required.
## This can be used to set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## @param service.externalTrafficPolicy Grafana service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.extraPorts Extra port to expose on Grafana service
##
extraPorts: []
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Configure the ingress resource that allows you to access the
## Grafana installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Set to true to enable ingress record generation
##
enabled: false
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created
##
hostname: grafana.local
## @param ingress.path Default path for the ingress resource
## The Path to Grafana. You may need to set this to '/*' in order to use this with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: grafana.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - grafana.local
## secretName: grafana.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## @param ingress.secrets It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## - name: grafana.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
ingressClassName: ""
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Metrics parameters
## Prometheus metrics
##
metrics:
## @param metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Operator ServiceMonitor configuration
## @param metrics.service.annotations [object] Annotations for Prometheus metrics service
##
service:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3000"
prometheus.io/path: "/metrics"
serviceMonitor:
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## interval: 10s
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
## e.g:
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
##
relabelings: []
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
##
metricRelabelings: []
## @param metrics.serviceMonitor.honorLabels Labels to honor to add to the scrape endpoint
##
honorLabels: false
## DEPRECATED metrics.serviceMonitor.additionalLabels - It will be removed in a future release, please use metrics.serviceMonitor.labels instead
## @param metrics.serviceMonitor.labels Additional custom labels for the ServiceMonitor
##
labels: {}
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## Prometheus Operator PrometheusRule configuration
##
prometheusRule:
## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
##
enabled: false
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
##
namespace: ""
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
##
additionalLabels: {}
## @param metrics.prometheusRule.rules PrometheusRule rules to configure
## e.g:
## - alert: Grafana-Down
## annotations:
## message: 'Grafana instance is down'
## summary: Grafana instance is down
## expr: absent(up{job="grafana"} == 1)
## labels:
## severity: warning
## service: grafana
## for: 5m
##
rules: []
## @section Volume permissions init Container Parameters
## 'volumePermissions' init container parameters
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
## based on the `grafana:podSecurityContext`/`grafana:containerSecurityContext`` parameters
## May require setting `grafana:podSecurityContext:runAsNonRoot` to false
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
##
enabled: false
## OS Shell + Utility image
## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r92
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container
##
resources:
limits: {}
requests: {}
## Init container Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
##
containerSecurityContext:
runAsUser: 0
## @section Diagnostic Mode Parameters
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity