add helm charts
This commit is contained in:
Ybehrooz
245
backing-services/grafana/templates/_helpers.tpl
Normal file
245
backing-services/grafana/templates/_helpers.tpl
Normal file
@@ -0,0 +1,245 @@
|
||||
{{/*
|
||||
Copyright VMware, Inc.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return the proper Grafana image name
|
||||
*/}}
|
||||
{{- define "grafana.image" -}}
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the init container volume-permissions image)
|
||||
*/}}
|
||||
{{- define "volumePermissions.image" -}}
|
||||
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "grafana.imagePullSecrets" -}}
|
||||
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return the proper Storage Class
|
||||
*/}}
|
||||
{{- define "grafana.storageClass" -}}
|
||||
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the Grafana admin credentials secret
|
||||
*/}}
|
||||
{{- define "grafana.adminSecretName" -}}
|
||||
{{- if .Values.admin.existingSecret -}}
|
||||
{{- printf "%s" (tpl .Values.admin.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-admin" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the Grafana admin password key
|
||||
*/}}
|
||||
{{- define "grafana.adminSecretPasswordKey" -}}
|
||||
{{- if and .Values.admin.existingSecret .Values.admin.existingSecretPasswordKey -}}
|
||||
{{- printf "%s" (tpl .Values.admin.existingSecretPasswordKey $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "GF_SECURITY_ADMIN_PASSWORD" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a secret object should be created
|
||||
*/}}
|
||||
{{- define "grafana.createAdminSecret" -}}
|
||||
{{- if not .Values.admin.existingSecret }}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the Grafana SMTP credentials secret
|
||||
*/}}
|
||||
{{- define "grafana.smtpSecretName" -}}
|
||||
{{- if .Values.smtp.existingSecret }}
|
||||
{{- printf "%s" (tpl .Values.smtp.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the Grafana SMTP user key
|
||||
*/}}
|
||||
{{- define "grafana.smtpSecretUserKey" -}}
|
||||
{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretUserKey -}}
|
||||
{{- printf "%s" (tpl .Values.smtp.existingSecretUserKey $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "GF_SMTP_USER" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the Grafana SMTP password key
|
||||
*/}}
|
||||
{{- define "grafana.smtpSecretPasswordKey" -}}
|
||||
{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretPasswordKey -}}
|
||||
{{- printf "%s" (tpl .Values.smtp.existingSecretPasswordKey $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "GF_SMTP_PASSWORD" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a secret object should be created
|
||||
*/}}
|
||||
{{- define "grafana.createSMTPSecret" -}}
|
||||
{{- if and .Values.smtp.enabled (not .Values.smtp.existingSecret) }}
|
||||
{{- true -}}
|
||||
{{- else -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns the proper service account name depending if an explicit service account name is set
|
||||
in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create
|
||||
is true or default otherwise.
|
||||
*/}}
|
||||
{{- define "grafana.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return LDAP configuration generated from ldap properties.
|
||||
*/}}
|
||||
{{- define "grafana.ldap.config" -}}
|
||||
{{- $hostPort := get (urlParse (required "You must set ldap.uri" .Values.ldap.uri)) "host" -}}
|
||||
[[servers]]
|
||||
# Ldap server host (specify multiple hosts space separated)
|
||||
host = {{ index (splitList ":" $hostPort) 0 | quote }}
|
||||
# Default port is 389 or 636 if use_ssl = true
|
||||
port = {{ index (splitList ":" $hostPort) 1 | default 389 }}
|
||||
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
|
||||
{{- if .Values.ldap.tls.enabled }}
|
||||
use_ssl = {{ .Values.ldap.tls.enabled }}
|
||||
ssl_skip_verify = {{ .Values.ldap.tls.skipVerify }}
|
||||
# If set to true, use LDAP with STARTTLS instead of LDAPS
|
||||
start_tls = {{ .Values.ldap.tls.startTls }}
|
||||
{{- if .Values.ldap.tls.CAFilename }}
|
||||
# set to the path to your root CA certificate or leave unset to use system defaults
|
||||
root_ca_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.CAFilename | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.tls.certFilename }}
|
||||
# Authentication against LDAP servers requiring client certificates
|
||||
client_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.certFilename | quote }}
|
||||
client_key = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath (required "ldap.tls.certKeyFilename is required when ldap.tls.certFilename is defined" .Values.ldap.tls.certKeyFilename) | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.binddn }}
|
||||
# Search user bind dn
|
||||
bind_dn = {{ .Values.ldap.binddn | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.bindpw }}
|
||||
# Search user bind password
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
bind_password = {{ .Values.ldap.bindpw | quote }}
|
||||
{{- end }}
|
||||
|
||||
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
|
||||
{{- if .Values.ldap.searchFilter }}
|
||||
search_filter = {{ .Values.ldap.searchFilter | quote }}
|
||||
{{- else if .Values.ldap.searchAttribute }}
|
||||
search_filter = "({{ .Values.ldap.searchAttribute }}=%s)"
|
||||
{{- end }}
|
||||
# An array of base dns to search through
|
||||
search_base_dns = [{{ (required "You must set ldap.basedn" .Values.ldap.basedn) | quote }}]
|
||||
|
||||
{{ .Values.ldap.extraConfiguration }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Validate values for Grafana.
|
||||
*/}}
|
||||
{{- define "grafana.validateValues" -}}
|
||||
# Note: Do not include grafana.validateValues.database here. See https://github.com/bitnami/charts/issues/20629
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "grafana.validateValues.configmapsOrSecrets" .) -}}
|
||||
{{- $messages := append $messages (include "grafana.validateValues.ldap.configuration" .) -}}
|
||||
{{- $messages := append $messages (include "grafana.validateValues.ldap.configmapsecret" .) -}}
|
||||
{{- $messages := append $messages (include "grafana.validateValues.ldap.tls" .) -}}
|
||||
{{- $messages := append $messages (include "grafana.validateValues.imageRenderer" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
{{- if $message -}}
|
||||
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Grafana - A ConfigMap or Secret name must be provided when loading a custom grafana.ini file */}}
|
||||
{{- define "grafana.validateValues.configmapsOrSecrets" -}}
|
||||
{{- if and .Values.config.useGrafanaIniFile (not .Values.config.grafanaIniSecret) (not .Values.config.grafanaIniConfigMap) -}}
|
||||
grafana: config.useGrafanaIniFile config.grafanaIniSecret and config.grafanaIniConfigMap
|
||||
You enabled config.useGrafanaIniFile but did not specify config.grafanaIniSecret nor config.grafanaIniConfigMap
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Grafana - A custom ldap.toml file must be provided when enabling LDAP */}}
|
||||
{{- define "grafana.validateValues.ldap.configuration" -}}
|
||||
{{- if and .Values.ldap.enabled (empty .Values.ldap.uri) (empty .Values.ldap.basedn) (empty .Values.ldap.configuration) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) -}}
|
||||
grafana: ldap.enabled ldap.uri ldap.basedn ldap.configuration ldap.configMapName and ldap.secretName
|
||||
You must provide the uri and basedn of your LDAP Sever (--set ldap.uri="aaa" --set ldap.basedn="bbb")
|
||||
or the content of your custom ldap.toml file when enabling LDAP (--set ldap.configuration="xxx")
|
||||
As an alternative, you can set the name of an existing ConfigMap (--set ldap.configMapName="yyy") or
|
||||
an an existing Secret (--set ldap.secretName="zzz") containging the custom ldap.toml file.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Grafana - Only a ConfigMap or Secret name must be provided when loading a custom ldap.toml file */}}
|
||||
{{- define "grafana.validateValues.ldap.configmapsecret" -}}
|
||||
{{- if and .Values.ldap.enabled (not (empty .Values.ldap.configMapName)) (not (empty .Values.ldap.secretName)) -}}
|
||||
grafana: ldap.enabled ldap.configMapName and ldap.secretName
|
||||
You cannot load a custom ldap.toml file both from a ConfigMap and a Secret simultaneously
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Grafana - LDAP TLS validation */}}
|
||||
{{- define "grafana.validateValues.ldap.tls" -}}
|
||||
{{- if and .Values.ldap.enabled .Values.ldap.tls.enabled (empty .Values.ldap.tls.certificatesSecret) (or (not (empty .Values.ldap.tls.CAFilename)) (not (empty .Values.ldap.tls.certFilename)) (not (empty .Values.ldap.tls.certKeyFilename))) -}}
|
||||
grafana: ldap.enabled ldap.tls.enabled ldap.tls.certificatesSecret ldap.tls.CAFilename ldap.tls.certFilename and ldap.tls.certKeyFilename
|
||||
You must set ldap.tls.certificatesSecret if you want to specify any certificate for LDAP TLS connection
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Grafana - Requirements to use an external database */}}
|
||||
{{- define "grafana.validateValues.database" -}}
|
||||
{{- $replicaCount := int .Values.grafana.replicaCount }}
|
||||
{{- if gt $replicaCount 1 -}}
|
||||
grafana: replicaCount
|
||||
Using more than one replica requires using an external database to share data between Grafana instances.
|
||||
By default Grafana uses an internal sqlite3 per instance but you can configure an external MySQL or PostgreSQL.
|
||||
Please, ensure you provide a configuration file configuring the external database to share data between replicas.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Grafana - Requirements to use Grafana Image Renderer */}}
|
||||
{{- define "grafana.validateValues.imageRenderer" -}}
|
||||
{{- if and .Values.imageRenderer.enabled (or (empty .Values.imageRenderer.serverURL) (empty .Values.imageRenderer.callbackURL)) -}}
|
||||
grafana: imageRenderer.enabled imageRenderer.serverURL and imageRenderer.callbackURL
|
||||
You must provide the serverURL and callbackURL for Grafana Image Renderer when enabling it.
|
||||
(--set imageRenderer.serverURL="http://image-renderer-url/render" --set imageRenderer.callbackURL="http://grafana-url:3000/")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
Reference in New Issue
Block a user