From b8b31a230fad73862316689c280cc61893089b48 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Tue, 16 Jul 2024 11:51:49 +0200 Subject: [PATCH] chore: charts directory should be ignored `helm dependency build` is doing it right. `cr package` is packaging after build. --- charts/devlake/.gitignore | 2 + charts/devlake/charts/grafana/.helmignore | 23 - charts/devlake/charts/grafana/Chart.yaml | 29 - charts/devlake/charts/grafana/README.md | 685 --------- .../charts/grafana/ci/default-values.yaml | 1 - .../grafana/ci/with-affinity-values.yaml | 16 - .../ci/with-dashboard-json-values.yaml | 53 - .../grafana/ci/with-dashboard-values.yaml | 19 - .../ci/with-extraconfigmapmounts-values.yaml | 7 - .../ci/with-image-renderer-values.yaml | 19 - .../charts/grafana/ci/with-persistence.yaml | 3 - .../grafana/dashboards/custom-dashboard.json | 1 - .../charts/grafana/templates/NOTES.txt | 55 - .../charts/grafana/templates/_helpers.tpl | 201 --- .../devlake/charts/grafana/templates/_pod.tpl | 1159 --------------- .../charts/grafana/templates/clusterrole.yaml | 25 - .../grafana/templates/clusterrolebinding.yaml | 24 - .../configmap-dashboard-provider.yaml | 29 - .../charts/grafana/templates/configmap.yaml | 138 -- .../templates/dashboards-json-configmap.yaml | 35 - .../charts/grafana/templates/deployment.yaml | 51 - .../grafana/templates/extra-manifests.yaml | 4 - .../grafana/templates/headless-service.yaml | 22 - .../devlake/charts/grafana/templates/hpa.yaml | 52 - .../templates/image-renderer-deployment.yaml | 130 -- .../grafana/templates/image-renderer-hpa.yaml | 47 - .../image-renderer-network-policy.yaml | 79 -- .../templates/image-renderer-service.yaml | 31 - .../image-renderer-servicemonitor.yaml | 48 - .../charts/grafana/templates/ingress.yaml | 78 -- .../grafana/templates/networkpolicy.yaml | 52 - .../templates/poddisruptionbudget.yaml | 22 - .../grafana/templates/podsecuritypolicy.yaml | 49 - .../devlake/charts/grafana/templates/pvc.yaml | 36 - .../charts/grafana/templates/role.yaml | 32 - .../charts/grafana/templates/rolebinding.yaml | 25 - .../charts/grafana/templates/secret-env.yaml | 14 - .../charts/grafana/templates/secret.yaml | 26 - .../charts/grafana/templates/service.yaml | 55 - .../grafana/templates/serviceaccount.yaml | 17 - .../grafana/templates/servicemonitor.yaml | 48 - .../charts/grafana/templates/statefulset.yaml | 56 - .../templates/tests/test-configmap.yaml | 20 - .../tests/test-podsecuritypolicy.yaml | 32 - .../grafana/templates/tests/test-role.yaml | 17 - .../templates/tests/test-rolebinding.yaml | 20 - .../templates/tests/test-serviceaccount.yaml | 12 - .../charts/grafana/templates/tests/test.yaml | 49 - charts/devlake/charts/grafana/values.yaml | 1240 ----------------- 49 files changed, 2 insertions(+), 4886 deletions(-) create mode 100644 charts/devlake/.gitignore delete mode 100644 charts/devlake/charts/grafana/.helmignore delete mode 100644 charts/devlake/charts/grafana/Chart.yaml delete mode 100644 charts/devlake/charts/grafana/README.md delete mode 100644 charts/devlake/charts/grafana/ci/default-values.yaml delete mode 100644 charts/devlake/charts/grafana/ci/with-affinity-values.yaml delete mode 100644 charts/devlake/charts/grafana/ci/with-dashboard-json-values.yaml delete mode 100644 charts/devlake/charts/grafana/ci/with-dashboard-values.yaml delete mode 100644 charts/devlake/charts/grafana/ci/with-extraconfigmapmounts-values.yaml delete mode 100644 charts/devlake/charts/grafana/ci/with-image-renderer-values.yaml delete mode 100644 charts/devlake/charts/grafana/ci/with-persistence.yaml delete mode 100644 charts/devlake/charts/grafana/dashboards/custom-dashboard.json delete mode 100644 charts/devlake/charts/grafana/templates/NOTES.txt delete mode 100644 charts/devlake/charts/grafana/templates/_helpers.tpl delete mode 100644 charts/devlake/charts/grafana/templates/_pod.tpl delete mode 100644 charts/devlake/charts/grafana/templates/clusterrole.yaml delete mode 100644 charts/devlake/charts/grafana/templates/clusterrolebinding.yaml delete mode 100644 charts/devlake/charts/grafana/templates/configmap-dashboard-provider.yaml delete mode 100644 charts/devlake/charts/grafana/templates/configmap.yaml delete mode 100644 charts/devlake/charts/grafana/templates/dashboards-json-configmap.yaml delete mode 100644 charts/devlake/charts/grafana/templates/deployment.yaml delete mode 100644 charts/devlake/charts/grafana/templates/extra-manifests.yaml delete mode 100644 charts/devlake/charts/grafana/templates/headless-service.yaml delete mode 100644 charts/devlake/charts/grafana/templates/hpa.yaml delete mode 100644 charts/devlake/charts/grafana/templates/image-renderer-deployment.yaml delete mode 100644 charts/devlake/charts/grafana/templates/image-renderer-hpa.yaml delete mode 100644 charts/devlake/charts/grafana/templates/image-renderer-network-policy.yaml delete mode 100644 charts/devlake/charts/grafana/templates/image-renderer-service.yaml delete mode 100644 charts/devlake/charts/grafana/templates/image-renderer-servicemonitor.yaml delete mode 100644 charts/devlake/charts/grafana/templates/ingress.yaml delete mode 100644 charts/devlake/charts/grafana/templates/networkpolicy.yaml delete mode 100644 charts/devlake/charts/grafana/templates/poddisruptionbudget.yaml delete mode 100644 charts/devlake/charts/grafana/templates/podsecuritypolicy.yaml delete mode 100644 charts/devlake/charts/grafana/templates/pvc.yaml delete mode 100644 charts/devlake/charts/grafana/templates/role.yaml delete mode 100644 charts/devlake/charts/grafana/templates/rolebinding.yaml delete mode 100644 charts/devlake/charts/grafana/templates/secret-env.yaml delete mode 100644 charts/devlake/charts/grafana/templates/secret.yaml delete mode 100644 charts/devlake/charts/grafana/templates/service.yaml delete mode 100644 charts/devlake/charts/grafana/templates/serviceaccount.yaml delete mode 100644 charts/devlake/charts/grafana/templates/servicemonitor.yaml delete mode 100644 charts/devlake/charts/grafana/templates/statefulset.yaml delete mode 100644 charts/devlake/charts/grafana/templates/tests/test-configmap.yaml delete mode 100644 charts/devlake/charts/grafana/templates/tests/test-podsecuritypolicy.yaml delete mode 100644 charts/devlake/charts/grafana/templates/tests/test-role.yaml delete mode 100644 charts/devlake/charts/grafana/templates/tests/test-rolebinding.yaml delete mode 100644 charts/devlake/charts/grafana/templates/tests/test-serviceaccount.yaml delete mode 100644 charts/devlake/charts/grafana/templates/tests/test.yaml delete mode 100644 charts/devlake/charts/grafana/values.yaml diff --git a/charts/devlake/.gitignore b/charts/devlake/.gitignore new file mode 100644 index 0000000..7bd6776 --- /dev/null +++ b/charts/devlake/.gitignore @@ -0,0 +1,2 @@ +*.tgz +/charts/*/charts diff --git a/charts/devlake/charts/grafana/.helmignore b/charts/devlake/charts/grafana/.helmignore deleted file mode 100644 index 8cade13..0000000 --- a/charts/devlake/charts/grafana/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.vscode -.project -.idea/ -*.tmproj -OWNERS diff --git a/charts/devlake/charts/grafana/Chart.yaml b/charts/devlake/charts/grafana/Chart.yaml deleted file mode 100644 index 6360b4c..0000000 --- a/charts/devlake/charts/grafana/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/grafana/helm-charts - - name: Upstream Project - url: https://github.com/grafana/grafana -apiVersion: v2 -appVersion: 9.5.2 -description: The leading tool for querying and visualizing time series and metrics. -home: https://grafana.net -icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png -kubeVersion: ^1.8.0-0 -maintainers: -- email: zanhsieh@gmail.com - name: zanhsieh -- email: rluckie@cisco.com - name: rtluckie -- email: maor.friedman@redhat.com - name: maorfr -- email: miroslav.hadzhiev@gmail.com - name: Xtigyro -- email: mail@torstenwalter.de - name: torstenwalter -name: grafana -sources: -- https://github.com/grafana/grafana -- https://github.com/grafana/helm-charts -type: application -version: 6.56.6 diff --git a/charts/devlake/charts/grafana/README.md b/charts/devlake/charts/grafana/README.md deleted file mode 100644 index 644b43f..0000000 --- a/charts/devlake/charts/grafana/README.md +++ /dev/null @@ -1,685 +0,0 @@ -# Grafana Helm Chart - -* Installs the web dashboarding system [Grafana](http://grafana.org/) - -## Get Repo Info - -```console -helm repo add grafana https://grafana.github.io/helm-charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release grafana/grafana -``` - -## Uninstalling the Chart - -To uninstall/delete the my-release deployment: - -```console -helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Upgrading an existing Release to a new major version - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an -incompatible breaking change needing manual actions. - -### To 4.0.0 (And 3.12.1) - -This version requires Helm >= 2.12.0. - -### To 5.0.0 - -You have to add --force to your helm upgrade command as the labels of the chart have changed. - -### To 6.0.0 - -This version requires Helm >= 3.1.0. - -## Configuration - -| Parameter | Description | Default | -|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| -| `replicas` | Number of nodes | `1` | -| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | -| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | -| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | -| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | -| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| -| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` | -| `image.sha` | Image sha (optional) | `` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` | -| `service.enabled` | Enable grafana service | `true` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Kubernetes port where service is exposed | `80` | -| `service.portName` | Name of the port on the service | `service` | -| `service.appProtocol` | Adds the appProtocol field to the service | `` | -| `service.targetPort` | Internal service is port | `3000` | -| `service.nodePort` | Kubernetes service nodePort | `nil` | -| `service.annotations` | Service annotations (can be templated) | `{}` | -| `service.labels` | Custom labels | `{}` | -| `service.clusterIP` | internal cluster service IP | `nil` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | -| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | -| `service.externalIPs` | service external IP addresses | `[]` | -| `headlessService` | Create a headless service | `false` | -| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | -| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.path` | Ingress accepted path | `/` | -| `ingress.pathType` | Ingress type of path | `Prefix` | -| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | -| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | -| `extraContainers` | Sidecar containers to add to the grafana pod | `""` | -| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | -| `extraLabels` | Custom labels for all manifests | `{}` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | -| `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` | -| `persistence.storageClassName` | Type of persistent volume claim | `nil` | -| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | -| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | -| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | -| `persistence.extraPvcLabels` | Extra labels to apply to a PVC. | `{}` | -| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` | -| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | -| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | -| `initChownData.enabled` | If false, don't reset data ownership at startup | true | -| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | -| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | -| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | -| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | -| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `env` | Extra environment variables passed to pods | `{}` | -| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | -| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | -| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | -| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | -| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | -| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | -| `createConfigmap` | Enable creating the grafana configmap | `true` | -| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | -| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | -| `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | -| `alerting` | Configure grafana alerting (passed through tpl) | `{}` | -| `notifiers` | Configure grafana notifiers | `{}` | -| `dashboardProviders` | Configure grafana dashboard providers | `{}` | -| `dashboards` | Dashboards to import | `{}` | -| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | -| `grafana.ini` | Grafana's primary configuration | `{}` | -| `global.imagePullSecrets` | Global image pull secrets (can be templated). Allows either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). | `[]` | -| `ldap.enabled` | Enable LDAP authentication | `false` | -| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config` | Grafana's LDAP configuration | `""` | -| `annotations` | Deployment annotations | `{}` | -| `labels` | Deployment labels | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod labels | `{}` | -| `podPortName` | Name of the grafana port on the pod | `grafana` | -| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | -| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.24.3` | -| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | -| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | -| `sidecar.resources` | Sidecar resources | `{}` | -| `sidecar.securityContext` | Sidecar securityContext | `{}` | -| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` | -| `sidecar.alerts.enabled` | Enables the cluster wide search for alerts and adds/updates/deletes them in grafana |`false` | -| `sidecar.alerts.label` | Label that config maps with alerts should have to be added | `grafana_alert` | -| `sidecar.alerts.labelValue` | Label value that config maps with alerts should have to be added | `""` | -| `sidecar.alerts.searchNamespace` | Namespaces list. If specified, the sidecar will search for alerts config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.alerts.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | -| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.alerts.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | -| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | -| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | -| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | -| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | -| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | -| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | -| `sidecar.dashboards.provider.type` | Provider type | `file` | -| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | -| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | -| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `""` | -| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | -| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | -| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | -| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` | -| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` | -| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | -| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | -| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` | -| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.datasources.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | -| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.datasources.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any datasources defined at startup time. | `false` | -| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | -| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | -| `sidecar.notifiers.labelValue` | Label value that config maps with notifiers should have to be added | `""` | -| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.notifiers.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.notifiers.reloadURL` | Full url of notifier configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` | -| `sidecar.notifiers.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.notifiers.initNotifiers` | Set to true to deploy the notifier sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any notifiers defined at startup time. | `false` | -| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | -| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | -| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | -| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | -| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | -| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | -| `serviceAccount.annotations` | ServiceAccount annotations | | -| `serviceAccount.create` | Create service account | `true` | -| `serviceAccount.labels` | ServiceAccount labels | `{}` | -| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | -| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | -| `rbac.create` | Create and use RBAC resources | `true` | -| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | -| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | -| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` | -| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` | -| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | -| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | -| `command` | Define command to be executed by grafana container at startup | `nil` | -| `args` | Define additional args if command is used | `nil` | -| `testFramework.enabled` | Whether to create test-related resources | `true` | -| `testFramework.image` | `test-framework` image repository. | `bats/bats` | -| `testFramework.tag` | `test-framework` image tag. | `v1.4.1` | -| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | -| `testFramework.securityContext` | `test-framework` securityContext | `{}` | -| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | -| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | -| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | -| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | -| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | -| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | -| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | -| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | -| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | -| `serviceMonitor.path` | Path to scrape | `/metrics` | -| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | -| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | -| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | -| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | -| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | -| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | -| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | -| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | -| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | -| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | -| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | -| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | -| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | -| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | -| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | -| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | -| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | -| `imageRenderer.service.portName` | image-renderer service port name | `http` | -| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` | -| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` | -| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` | -| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | -| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | -| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | -| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | -| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | -| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | -| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | -| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` | -| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | -| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` | -| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` | -| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` | -| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` | - -### Example ingress with path - -With grafana 6.3 and above - -```yaml -grafana.ini: - server: - domain: monitoring.example.com - root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true -ingress: - enabled: true - hosts: - - "monitoring.example.com" - path: "/grafana" -``` - -### Example of extraVolumeMounts - -Volume can be type persistentVolumeClaim or hostPath but not both at same time. -If neither existingClaim or hostPath argument is given then type is emptyDir. - -```yaml -- extraVolumeMounts: - - name: plugins - mountPath: /var/lib/grafana/plugins - subPath: configs/grafana/plugins - existingClaim: existing-grafana-claim - readOnly: false - - name: dashboards - mountPath: /var/lib/grafana/dashboards - hostPath: /usr/shared/grafana/dashboards - readOnly: false -``` - -## Import dashboards - -There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: - -```yaml -dashboards: - default: - some-dashboard: - json: | - { - "annotations": - - ... - # Complete json file here - ... - - "title": "Some Dashboard", - "uid": "abcd1234", - "version": 1 - } - custom-dashboard: - # This is a path to a file inside the dashboards directory inside the chart directory - file: dashboards/custom-dashboard.json - prometheus-stats: - # Ref: https://grafana.com/dashboards/2 - gnetId: 2 - revision: 2 - datasource: Prometheus - loki-dashboard-quick-search: - gnetId: 12019 - revision: 2 - datasource: - - name: DS_PROMETHEUS - value: Prometheus - - name: DS_LOKI - value: Loki - local-dashboard: - url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json -``` - -## BASE64 dashboards - -Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) -A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. -If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. - -### Gerrit use case - -Gerrit API for download files has the following schema: where {project-name} and -{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard -the url value is - -## Sidecar for dashboards - -If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana -pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with -a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written -to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported -dashboards are deleted/updated. - -A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside -one configmap is currently not properly mirrored in grafana. - -Example dashboard config: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-dashboard - labels: - grafana_dashboard: "1" -data: - k8s-dashboard.json: |- - [...] -``` - -## Sidecar for datasources - -If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana -pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and -filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, -the data sources in grafana can be imported. - -Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://..svc.cluster.local/api/admin/provisioning/datasources/reload`. - -Secrets are recommended over configmaps for this usecase because datasources usually contain private -data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. - -Example values to add a postgres datasource as a kubernetes secret: -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: grafana-datasources - labels: - grafana_datasource: 'true' # default value for: sidecar.datasources.label -stringData: - pg-db.yaml: |- - apiVersion: 1 - datasources: - - name: My pg db datasource - type: postgres - url: my-postgresql-db:5432 - user: db-readonly-user - secureJsonData: - password: 'SUperSEcretPa$$word' - jsonData: - database: my_datase - sslmode: 'disable' # disable/require/verify-ca/verify-full - maxOpenConns: 0 # Grafana v5.4+ - maxIdleConns: 2 # Grafana v5.4+ - connMaxLifetime: 14400 # Grafana v5.4+ - postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10 - timescaledb: false - # allow users to edit datasources from the UI. - editable: false -``` - -Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): - -```yaml -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - # name of the datasource. Required - - name: Graphite - # datasource type. Required - type: graphite - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:8080 - # database password, if used - password: - # database user, if used - user: - # database name, if used - database: - # enable/disable basic auth - basicAuth: - # basic auth username - basicAuthUser: - # basic auth password - basicAuthPassword: - # enable/disable with credentials headers - withCredentials: - # mark as default datasource. Max one per org - isDefault: - # fields that will be converted to json and stored in json_data - jsonData: - graphiteVersion: "1.1" - tlsAuth: true - tlsAuthWithCACert: true - # json object of data that will be encrypted. - secureJsonData: - tlsCACert: "..." - tlsClientCert: "..." - tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: false -``` - -## Sidecar for notifiers - -If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana -pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and -filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, -the notification channels in grafana can be imported. The secrets must be created before -`helm install` so that the notifiers init container can list the secrets. - -Secrets are recommended over configmaps for this usecase because alert notification channels usually contain -private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. - -Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): - -```yaml -notifiers: - - name: notification-channel-1 - type: slack - uid: notifier1 - # either - org_id: 2 - # or - org_name: Main Org. - is_default: true - send_reminder: true - frequency: 1h - disable_resolve_message: false - # See `Supported Settings` section for settings supporter for each - # alert notification type. - settings: - recipient: 'XXX' - token: 'xoxb' - uploadImage: true - url: https://slack.com - -delete_notifiers: - - name: notification-channel-1 - uid: notifier1 - org_id: 2 - - name: notification-channel-2 - # default org_id: 1 -``` - -## Provision alert rules, contact points, notification policies and notification templates - -There are two methods to provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: - -```yaml -alerting: - team1-alert-rules.yaml: - file: alerting/team1/rules.yaml - team2-alert-rules.yaml: - file: alerting/team2/rules.yaml - team3-alert-rules.yaml: - file: alerting/team3/rules.yaml - notification-policies.yaml: - file: alerting/shared/notification-policies.yaml - notification-templates.yaml: - file: alerting/shared/notification-templates.yaml - contactpoints.yaml: - apiVersion: 1 - contactPoints: - - orgId: 1 - name: Slack channel - receivers: - - uid: default-receiver - type: slack - settings: - # Webhook URL to be filled in - url: "" - # We need to escape double curly braces for the tpl function. - text: '{{ `{{ template "default.message" . }}` }}' - title: '{{ `{{ template "default.title" . }}` }}' -``` - -There are two possibilities: - -* Inlining the file contents as described in the example `values.yaml` and the official [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). -* Importing a file using a relative path starting from the chart root directory. - -### Important notes on file provisioning - -* The chart supports importing YAML and JSON files. -* The filename must be unique, otherwise one volume mount will overwrite the other. -* In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped. -* The number of total files under `alerting:` is not limited. Each file will end up as a volume mount in the corresponding provisioning folder of the deployed Grafana instance. -* The file size for each import is limited by what the function `.Files.Get` can handle, which suffices for most cases. - -## How to serve Grafana with a path prefix (/grafana) - -In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. - -```yaml -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/use-regex: "true" - - path: /grafana/?(.*) - hosts: - - k8s.example.dev - -grafana.ini: - server: - root_url: http://localhost:3000/grafana # this host can be localhost -``` - -## How to securely reference secrets in grafana.ini - -This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. - -In grafana.ini: - -```yaml -grafana.ini: - [auth.generic_oauth] - enabled = true - client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} - client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} -``` - -Existing secret, or created along with helm: - -```yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: auth-generic-oauth-secret -type: Opaque -stringData: - client_id: - client_secret: -``` - -Include in the `extraSecretMounts` configuration flag: - -```yaml -- extraSecretMounts: - - name: auth-generic-oauth-secret-mount - secretName: auth-generic-oauth-secret - defaultMode: 0440 - mountPath: /etc/secrets/auth_generic_oauth - readOnly: true -``` - -### extraSecretMounts using a Container Storage Interface (CSI) provider - -This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) - -```yaml -- extraSecretMounts: - - name: secrets-store-inline - mountPath: /run/secrets - readOnly: true - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: "my-provider" - nodePublishSecretRef: - name: akv-creds -``` - -## Image Renderer Plug-In - -This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker) - -```yaml -imageRenderer: - enabled: true -``` - -### Image Renderer NetworkPolicy - -By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance - -### High Availability for unified alerting - -If you want to run Grafana in a high availability cluster you need to enable -the headless service by setting `headlessService: true` in your `values.yaml` -file. - -As next step you have to setup the `grafana.ini` in your `values.yaml` in a way -that it will make use of the headless service to obtain all the IPs of the -cluster. You should replace ``{{ Name }}`` with the name of your helm deployment. - -```yaml -grafana.ini: - ... - unified_alerting: - enabled: true - ha_peers: {{ Name }}-headless:9094 - ha_listen_address: ${POD_IP}:9094 - ha_advertise_address: ${POD_IP}:9094 - - alerting: - enabled: false -``` diff --git a/charts/devlake/charts/grafana/ci/default-values.yaml b/charts/devlake/charts/grafana/ci/default-values.yaml deleted file mode 100644 index fc2ba60..0000000 --- a/charts/devlake/charts/grafana/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/devlake/charts/grafana/ci/with-affinity-values.yaml b/charts/devlake/charts/grafana/ci/with-affinity-values.yaml deleted file mode 100644 index f5b9b53..0000000 --- a/charts/devlake/charts/grafana/ci/with-affinity-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: grafana-test - app.kubernetes.io/name: grafana - topologyKey: failure-domain.beta.kubernetes.io/zone - weight: 100 - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/instance: grafana-test - app.kubernetes.io/name: grafana - topologyKey: kubernetes.io/hostname diff --git a/charts/devlake/charts/grafana/ci/with-dashboard-json-values.yaml b/charts/devlake/charts/grafana/ci/with-dashboard-json-values.yaml deleted file mode 100644 index e0c4e41..0000000 --- a/charts/devlake/charts/grafana/ci/with-dashboard-json-values.yaml +++ /dev/null @@ -1,53 +0,0 @@ -dashboards: - my-provider: - my-awesome-dashboard: - # An empty but valid dashboard - json: | - { - "__inputs": [], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "6.3.5" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [], - "schemaVersion": 19, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": ["5s"] - }, - "timezone": "", - "title": "Dummy Dashboard", - "uid": "IdcYQooWk", - "version": 1 - } - datasource: Prometheus diff --git a/charts/devlake/charts/grafana/ci/with-dashboard-values.yaml b/charts/devlake/charts/grafana/ci/with-dashboard-values.yaml deleted file mode 100644 index 7b662c5..0000000 --- a/charts/devlake/charts/grafana/ci/with-dashboard-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -dashboards: - my-provider: - my-awesome-dashboard: - gnetId: 10000 - revision: 1 - datasource: Prometheus -dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'my-provider' - orgId: 1 - folder: '' - type: file - updateIntervalSeconds: 10 - disableDeletion: true - editable: true - options: - path: /var/lib/grafana/dashboards/my-provider diff --git a/charts/devlake/charts/grafana/ci/with-extraconfigmapmounts-values.yaml b/charts/devlake/charts/grafana/ci/with-extraconfigmapmounts-values.yaml deleted file mode 100644 index 5cc44a0..0000000 --- a/charts/devlake/charts/grafana/ci/with-extraconfigmapmounts-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -extraConfigmapMounts: - - name: '{{ include "grafana.fullname" . }}' - configMap: '{{ include "grafana.fullname" . }}' - mountPath: /var/lib/grafana/dashboards/test-dashboard.json - # This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap - subPath: grafana.ini - readOnly: true diff --git a/charts/devlake/charts/grafana/ci/with-image-renderer-values.yaml b/charts/devlake/charts/grafana/ci/with-image-renderer-values.yaml deleted file mode 100644 index 32f3074..0000000 --- a/charts/devlake/charts/grafana/ci/with-image-renderer-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -podLabels: - customLableA: Aaaaa -imageRenderer: - enabled: true - env: - RENDERING_ARGS: --disable-gpu,--window-size=1280x758 - RENDERING_MODE: clustered - podLabels: - customLableB: Bbbbb - networkPolicy: - limitIngress: true - limitEgress: true - resources: - limits: - cpu: 1000m - memory: 1000Mi - requests: - cpu: 500m - memory: 50Mi diff --git a/charts/devlake/charts/grafana/ci/with-persistence.yaml b/charts/devlake/charts/grafana/ci/with-persistence.yaml deleted file mode 100644 index b92ca02..0000000 --- a/charts/devlake/charts/grafana/ci/with-persistence.yaml +++ /dev/null @@ -1,3 +0,0 @@ -persistence: - type: pvc - enabled: true diff --git a/charts/devlake/charts/grafana/dashboards/custom-dashboard.json b/charts/devlake/charts/grafana/dashboards/custom-dashboard.json deleted file mode 100644 index 9e26dfe..0000000 --- a/charts/devlake/charts/grafana/dashboards/custom-dashboard.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/charts/devlake/charts/grafana/templates/NOTES.txt b/charts/devlake/charts/grafana/templates/NOTES.txt deleted file mode 100644 index d86419f..0000000 --- a/charts/devlake/charts/grafana/templates/NOTES.txt +++ /dev/null @@ -1,55 +0,0 @@ -1. Get your '{{ .Values.adminUser }}' user password by running: - - kubectl get secret --namespace {{ include "grafana.namespace" . }} {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} -o jsonpath="{.data.{{ .Values.admin.passwordKey | default "admin-password" }}}" | base64 --decode ; echo - - -2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ include "grafana.fullname" . }}.{{ include "grafana.namespace" . }}.svc.cluster.local -{{ if .Values.ingress.enabled }} - If you bind grafana to 80, please update values in values.yaml and reinstall: - ``` - securityContext: - runAsUser: 0 - runAsGroup: 0 - fsGroup: 0 - - command: - - "setcap" - - "'cap_net_bind_service=+ep'" - - "/usr/sbin/grafana-server &&" - - "sh" - - "/run.sh" - ``` - Details refer to https://grafana.com/docs/installation/configuration/#http-port. - Or grafana would always crash. - - From outside the cluster, the server URL(s) are: - {{- range .Values.ingress.hosts }} - http://{{ . }} - {{- end }} -{{- else }} - Get the Grafana URL to visit by running these commands in the same shell: - {{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "grafana.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT - {{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ include "grafana.namespace" . }} -w {{ include "grafana.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "grafana.namespace" . }} {{ include "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - http://$SERVICE_IP:{{ .Values.service.port -}} - {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "grafana.namespace" . }} -l "app.kubernetes.io/name={{ include "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ include "grafana.namespace" . }} port-forward $POD_NAME 3000 - {{- end }} -{{- end }} - -3. Login with the password from step 1 and the username: {{ .Values.adminUser }} - -{{- if not .Values.persistence.enabled }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Grafana pod is terminated. ##### -################################################################################# -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/_helpers.tpl b/charts/devlake/charts/grafana/templates/_helpers.tpl deleted file mode 100644 index 8307e10..0000000 --- a/charts/devlake/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,201 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create the name of the service account -*/}} -{{- define "grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "grafana.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{- define "grafana.serviceAccountNameTest" -}} -{{- if .Values.serviceAccount.create }} -{{- default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} -{{- else }} -{{- default "default" .Values.serviceAccount.nameTest }} -{{- end }} -{{- end }} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "grafana.namespace" -}} -{{- if .Values.namespaceOverride }} -{{- .Values.namespaceOverride }} -{{- else }} -{{- .Release.Namespace }} -{{- end }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "grafana.labels" -}} -helm.sh/chart: {{ include "grafana.chart" . }} -{{ include "grafana.selectorLabels" . }} -{{- if or .Chart.AppVersion .Values.image.tag }} -app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.extraLabels }} -{{ toYaml . }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "grafana.selectorLabels" -}} -app.kubernetes.io/name: {{ include "grafana.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "grafana.imageRenderer.labels" -}} -helm.sh/chart: {{ include "grafana.chart" . }} -{{ include "grafana.imageRenderer.selectorLabels" . }} -{{- if or .Chart.AppVersion .Values.image.tag }} -app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels ImageRenderer -*/}} -{{- define "grafana.imageRenderer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Looks if there's an existing secret and reuse its password. If not it generates -new password and use it. -*/}} -{{- define "grafana.password" -}} -{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) }} -{{- if $secret }} -{{- index $secret "data" "admin-password" }} -{{- else }} -{{- (randAlphaNum 40) | b64enc | quote }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for rbac. -*/}} -{{- define "grafana.rbac.apiVersion" -}} -{{- if $.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} -{{- print "rbac.authorization.k8s.io/v1" }} -{{- else }} -{{- print "rbac.authorization.k8s.io/v1beta1" }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "grafana.ingress.apiVersion" -}} -{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }} -{{- print "networking.k8s.io/v1" }} -{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -{{- print "networking.k8s.io/v1beta1" }} -{{- else }} -{{- print "extensions/v1beta1" }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "grafana.hpa.apiVersion" -}} -{{- if $.Capabilities.APIVersions.Has "autoscaling/v2/HorizontalPodAutoscaler" }} -{{- print "autoscaling/v2" }} -{{- else if $.Capabilities.APIVersions.Has "autoscaling/v2beta2/HorizontalPodAutoscaler" }} -{{- print "autoscaling/v2beta2" }} -{{- else }} -{{- print "autoscaling/v2beta1" }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for podDisruptionBudget. -*/}} -{{- define "grafana.podDisruptionBudget.apiVersion" -}} -{{- if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -{{- print "policy/v1" }} -{{- else }} -{{- print "policy/v1beta1" }} -{{- end }} -{{- end }} - -{{/* -Return if ingress is stable. -*/}} -{{- define "grafana.ingress.isStable" -}} -{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" }} -{{- end }} - -{{/* -Return if ingress supports ingressClassName. -*/}} -{{- define "grafana.ingress.supportsIngressClassName" -}} -{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} -{{- end }} - -{{/* -Return if ingress supports pathType. -*/}} -{{- define "grafana.ingress.supportsPathType" -}} -{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} -{{- end }} - -{{/* -Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific imagePullSecrets}) -*/}} -{{- define "grafana.imagePullSecrets" -}} -{{- $root := .root }} -{{- range (concat .root.Values.global.imagePullSecrets .imagePullSecrets) }} -{{- if eq (typeOf .) "map[string]interface {}" }} -- {{ toYaml (dict "name" (tpl .name $root)) | trim }} -{{- else }} -- name: {{ tpl . $root }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/_pod.tpl b/charts/devlake/charts/grafana/templates/_pod.tpl deleted file mode 100644 index 762603d..0000000 --- a/charts/devlake/charts/grafana/templates/_pod.tpl +++ /dev/null @@ -1,1159 +0,0 @@ -{{- define "grafana.pod" -}} -{{- $sts := list "sts" "StatefulSet" "statefulset" -}} -{{- $root := . -}} -{{- with .Values.schedulerName }} -schedulerName: "{{ . }}" -{{- end }} -serviceAccountName: {{ include "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} -{{- with .Values.securityContext }} -securityContext: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- with .Values.hostAliases }} -hostAliases: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- with .Values.priorityClassName }} -priorityClassName: {{ . }} -{{- end }} -{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources) (and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers)) }} -initContainers: -{{- end }} -{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} - - name: init-chown-data - {{- if .Values.initChownData.image.sha }} - image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" - {{- else }} - image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} - {{- with .Values.initChownData.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - command: - - chown - - -R - - {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} - - /var/lib/grafana - {{- with .Values.initChownData.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: storage - mountPath: "/var/lib/grafana" - {{- with .Values.persistence.subPath }} - subPath: {{ tpl . $root }} - {{- end }} -{{- end }} -{{- if .Values.dashboards }} - - name: download-dashboards - {{- if .Values.downloadDashboardsImage.sha }} - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" - {{- else }} - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} - command: ["/bin/sh"] - args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ] - {{- with .Values.downloadDashboards.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - env: - {{- range $key, $value := .Values.downloadDashboards.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- range $key, $value := .Values.downloadDashboards.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 10 }} - {{- end }} - {{- with .Values.downloadDashboards.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.downloadDashboards.envFromSecret }} - envFrom: - - secretRef: - name: {{ tpl . $root }} - {{- end }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/download_dashboards.sh" - subPath: download_dashboards.sh - - name: storage - mountPath: "/var/lib/grafana" - {{- with .Values.persistence.subPath }} - subPath: {{ tpl . $root }} - {{- end }} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} -{{- end }} -{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - - name: {{ include "grafana.name" . }}-init-sc-datasources - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.datasources.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: "LIST" - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - {{- with .Values.sidecar.datasources.labelValue }} - - name: LABEL_VALUE - value: {{ quote . }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - - name: RESOURCE - value: {{ quote .Values.sidecar.datasources.resource }} - {{- with .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ . }}" - {{- end }} - {{- if .Values.sidecar.datasources.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}" - {{- end }} - {{- with .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end }} -{{- if and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers }} - - name: {{ include "grafana.name" . }}-init-sc-notifiers - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.notifiers.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: LIST - - name: LABEL - value: "{{ .Values.sidecar.notifiers.label }}" - {{- with .Values.sidecar.notifiers.labelValue }} - - name: LABEL_VALUE - value: {{ quote . }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/notifiers" - - name: RESOURCE - value: {{ quote .Values.sidecar.notifiers.resource }} - {{- with .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.notifiers.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (. | join ",") $root }}" - {{- end }} - {{- with .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-notifiers-volume - mountPath: "/etc/grafana/provisioning/notifiers" -{{- end}} -{{- with .Values.extraInitContainers }} - {{- tpl (toYaml .) $root | nindent 2 }} -{{- end }} -{{- if or .Values.image.pullSecrets .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.image.pullSecrets) | nindent 2 }} -{{- end }} -{{- if not .Values.enableKubeBackwardCompatibility }} -enableServiceLinks: {{ .Values.enableServiceLinks }} -{{- end }} -containers: -{{- if .Values.sidecar.alerts.enabled }} - - name: {{ include "grafana.name" . }}-sc-alerts - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.alerts.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.alerts.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.alerts.label }}" - {{- with .Values.sidecar.alerts.labelValue }} - - name: LABEL_VALUE - value: {{ quote . }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/alerting" - - name: RESOURCE - value: {{ quote .Values.sidecar.alerts.resource }} - {{- with .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.alerts.searchNamespace }} - - name: NAMESPACE - value: {{ . | join "," | quote }} - {{- end }} - {{- with .Values.sidecar.alerts.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: {{ quote . }} - {{- end }} - {{- with .Values.sidecar.alerts.script }} - - name: SCRIPT - value: {{ quote . }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.alerts.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.alerts.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.alerts.watchServerTimeout }} - {{- if ne .Values.sidecar.alerts.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.alerts.watchServerTimeout with .Values.sidecar.alerts.watchMethod %s" .Values.sidecar.alerts.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.alerts.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.alerts.watchClientTimeout }} - {{- if ne .Values.sidecar.alerts.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.alerts.watchClientTimeout with .Values.sidecar.alerts.watchMethod %s" .Values.sidecar.alerts.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.alerts.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-alerts-volume - mountPath: "/etc/grafana/provisioning/alerting" -{{- end}} -{{- if .Values.sidecar.dashboards.enabled }} - - name: {{ include "grafana.name" . }}-sc-dashboard - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.dashboards.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.dashboards.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.dashboards.label }}" - {{- with .Values.sidecar.dashboards.labelValue }} - - name: LABEL_VALUE - value: {{ quote . }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} - {{- end }} - - name: FOLDER - value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - - name: RESOURCE - value: {{ quote .Values.sidecar.dashboards.resource }} - {{- with .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.dashboards.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (. | join ",") $root }}" - {{- end }} - {{- with .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.dashboards.folderAnnotation }} - - name: FOLDER_ANNOTATION - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.dashboards.script }} - - name: SCRIPT - value: "{{ . }}" - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.dashboards.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.dashboards.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.dashboards.watchServerTimeout }} - {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.dashboards.watchClientTimeout }} - {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchClientTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: {{ .Values.sidecar.dashboards.watchClientTimeout | quote }} - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} - {{- with .Values.sidecar.dashboards.extraMounts }} - {{- toYaml . | trim | nindent 6 }} - {{- end }} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: {{ include "grafana.name" . }}-sc-datasources - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.datasources.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.datasources.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - {{- with .Values.sidecar.datasources.labelValue }} - - name: LABEL_VALUE - value: {{ quote . }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - - name: RESOURCE - value: {{ quote .Values.sidecar.datasources.resource }} - {{- with .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.datasources.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (. | join ",") $root }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - {{- if .Values.sidecar.datasources.script }} - - name: SCRIPT - value: "{{ .Values.sidecar.datasources.script }}" - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.datasources.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.datasources.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.datasources.watchServerTimeout }} - {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.datasources.watchServerTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.datasources.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.datasources.watchClientTimeout }} - {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.datasources.watchClientTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.datasources.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} -{{- if .Values.sidecar.notifiers.enabled }} - - name: {{ include "grafana.name" . }}-sc-notifiers - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.notifiers.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.notifiers.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.notifiers.label }}" - {{- with .Values.sidecar.notifiers.labelValue }} - - name: LABEL_VALUE - value: {{ quote . }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/notifiers" - - name: RESOURCE - value: {{ quote .Values.sidecar.notifiers.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" - {{- end }} - {{- with .Values.sidecar.notifiers.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (. | join ",") $root }}" - {{- end }} - {{- with .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ . }}" - {{- end }} - {{- if .Values.sidecar.notifiers.script }} - - name: SCRIPT - value: "{{ .Values.sidecar.notifiers.script }}" - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.notifiers.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.notifiers.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.notifiers.watchServerTimeout }} - {{- if ne .Values.sidecar.notifiers.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.notifiers.watchServerTimeout with .Values.sidecar.notifiers.watchMethod %s" .Values.sidecar.notifiers.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.notifiers.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.notifiers.watchClientTimeout }} - {{- if ne .Values.sidecar.notifiers.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.notifiers.watchClientTimeout with .Values.sidecar.notifiers.watchMethod %s" .Values.sidecar.notifiers.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.notifiers.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-notifiers-volume - mountPath: "/etc/grafana/provisioning/notifiers" -{{- end}} -{{- if .Values.sidecar.plugins.enabled }} - - name: {{ include "grafana.name" . }}-sc-plugins - {{- if .Values.sidecar.image.sha }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.plugins.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.plugins.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.plugins.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.plugins.label }}" - {{- if .Values.sidecar.plugins.labelValue }} - - name: LABEL_VALUE - value: {{ quote .Values.sidecar.plugins.labelValue }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/plugins" - - name: RESOURCE - value: {{ quote .Values.sidecar.plugins.resource }} - {{- with .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.plugins.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (. | join ",") $root }}" - {{- end }} - {{- with .Values.sidecar.plugins.script }} - - name: SCRIPT - value: "{{ . }}" - {{- end }} - {{- with .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ . }}" - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.plugins.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.plugins.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.plugins.watchServerTimeout }} - {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.plugins.watchServerTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.plugins.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.plugins.watchClientTimeout }} - {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.plugins.watchClientTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.plugins.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-plugins-volume - mountPath: "/etc/grafana/provisioning/plugins" -{{- end}} - - name: {{ .Chart.Name }} - {{- if .Values.image.sha }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}" - {{- else }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.command }} - command: - {{- range .Values.command }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.args }} - args: - {{- range .Values.args }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - {{- if .Values.ldap.enabled }} - - name: ldap - mountPath: "/etc/grafana/ldap.toml" - subPath: ldap.toml - {{- end }} - {{- range .Values.extraConfigmapMounts }} - - name: {{ tpl .name $root }} - mountPath: {{ tpl .mountPath $root }} - subPath: {{ tpl (.subPath | default "") $root }} - readOnly: {{ .readOnly }} - {{- end }} - - name: storage - mountPath: "/var/lib/grafana" - {{- with .Values.persistence.subPath }} - subPath: {{ tpl . $root }} - {{- end }} - {{- with .Values.dashboards }} - {{- range $provider, $dashboards := . }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "json") (hasKey $value "file")) }} - - name: dashboards-{{ $provider }} - mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" - subPath: "{{ $key }}.json" - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.dashboardsConfigMaps }} - {{- range (keys . | sortAlpha) }} - - name: dashboards-{{ . }} - mountPath: "/var/lib/grafana/dashboards/{{ . }}" - {{- end }} - {{- end }} - {{- with .Values.datasources }} - {{- range (keys . | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" - subPath: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.notifiers }} - {{- range (keys . | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" - subPath: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.alerting }} - {{- range (keys . | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" - subPath: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.dashboardProviders }} - {{- range (keys . | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}" - subPath: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.sidecar.alerts.enabled }} - - name: sc-alerts-volume - mountPath: "/etc/grafana/provisioning/alerting" - {{- end}} - {{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} - {{- if .Values.sidecar.dashboards.SCProvider }} - - name: sc-dashboard-provider - mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" - subPath: provider.yaml - {{- end}} - {{- end}} - {{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" - {{- end}} - {{- if .Values.sidecar.plugins.enabled }} - - name: sc-plugins-volume - mountPath: "/etc/grafana/provisioning/plugins" - {{- end}} - {{- if .Values.sidecar.notifiers.enabled }} - - name: sc-notifiers-volume - mountPath: "/etc/grafana/provisioning/notifiers" - {{- end}} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - subPath: {{ .subPath | default "" }} - {{- end }} - {{- range .Values.extraVolumeMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath | default "" }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.extraEmptyDirMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - {{- end }} - ports: - - name: {{ .Values.podPortName }} - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - - name: {{ .Values.gossipPortName }}-tcp - containerPort: 9094 - protocol: TCP - - name: {{ .Values.gossipPortName }}-udp - containerPort: 9094 - protocol: UDP - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if .Values.plugins }} - - name: GF_INSTALL_PLUGINS - valueFrom: - configMapKeyRef: - name: {{ include "grafana.fullname" . }} - key: plugins - {{- end }} - {{- if .Values.smtp.existingSecret }} - - name: GF_SMTP_USER - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: {{ .Values.smtp.userKey | default "user" }} - - name: GF_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: {{ .Values.smtp.passwordKey | default "password" }} - {{- end }} - {{- if .Values.imageRenderer.enabled }} - - name: GF_RENDERING_SERVER_URL - value: http://{{ include "grafana.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render - - name: GF_RENDERING_CALLBACK_URL - value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ include "grafana.fullname" . }}.{{ include "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} - {{- end }} - - name: GF_PATHS_DATA - value: {{ (get .Values "grafana.ini").paths.data }} - - name: GF_PATHS_LOGS - value: {{ (get .Values "grafana.ini").paths.logs }} - - name: GF_PATHS_PLUGINS - value: {{ (get .Values "grafana.ini").paths.plugins }} - - name: GF_PATHS_PROVISIONING - value: {{ (get .Values "grafana.ini").paths.provisioning }} - {{- range $key, $value := .Values.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 10 }} - {{- end }} - {{- range $key, $value := .Values.env }} - - name: "{{ tpl $key $ }}" - value: "{{ tpl (print $value) $ }}" - {{- end }} - {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }} - envFrom: - {{- if .Values.envFromSecret }} - - secretRef: - name: {{ tpl .Values.envFromSecret . }} - {{- end }} - {{- if .Values.envRenderSecret }} - - secretRef: - name: {{ include "grafana.fullname" . }}-env - {{- end }} - {{- range .Values.envFromSecrets }} - - secretRef: - name: {{ tpl .name $ }} - optional: {{ .optional | default false }} - {{- end }} - {{- range .Values.envFromConfigMaps }} - - configMapRef: - name: {{ tpl .name $ }} - optional: {{ .optional | default false }} - {{- end }} - {{- end }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.lifecycleHooks }} - lifecycle: - {{- tpl (toYaml .) $root | nindent 6 }} - {{- end }} - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} -{{- with .Values.extraContainers }} - {{- tpl . $ | nindent 2 }} -{{- end }} -{{- with .Values.nodeSelector }} -nodeSelector: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- with .Values.affinity }} -affinity: - {{- tpl (toYaml .) $root | nindent 2 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} -topologySpreadConstraints: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- with .Values.tolerations }} -tolerations: - {{- toYaml . | nindent 2 }} -{{- end }} -volumes: - - name: config - configMap: - name: {{ include "grafana.fullname" . }} - {{- range .Values.extraConfigmapMounts }} - - name: {{ tpl .name $root }} - configMap: - name: {{ tpl .configMap $root }} - {{- with .items }} - items: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.dashboards }} - {{- range (keys .Values.dashboards | sortAlpha) }} - - name: dashboards-{{ . }} - configMap: - name: {{ include "grafana.fullname" $ }}-dashboards-{{ . }} - {{- end }} - {{- end }} - {{- if .Values.dashboardsConfigMaps }} - {{- range $provider, $name := .Values.dashboardsConfigMaps }} - - name: dashboards-{{ $provider }} - configMap: - name: {{ tpl $name $root }} - {{- end }} - {{- end }} - {{- if .Values.ldap.enabled }} - - name: ldap - secret: - {{- if .Values.ldap.existingSecret }} - secretName: {{ .Values.ldap.existingSecret }} - {{- else }} - secretName: {{ include "grafana.fullname" . }} - {{- end }} - items: - - key: ldap-toml - path: ldap.toml - {{- end }} - {{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} - - name: storage - persistentVolumeClaim: - claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }} - {{- else if and .Values.persistence.enabled (has .Values.persistence.type $sts) }} - {{/* nothing */}} - {{- else }} - - name: storage - {{- if .Values.persistence.inMemory.enabled }} - emptyDir: - medium: Memory - {{- with .Values.persistence.inMemory.sizeLimit }} - sizeLimit: {{ . }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - {{- if .Values.sidecar.alerts.enabled }} - - name: sc-alerts-volume - emptyDir: - {{- with .Values.sidecar.alerts.sizeLimit }} - sizeLimit: {{ . }} - {{- else }} - {} - {{- end }} - {{- end }} - {{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - emptyDir: - {{- with .Values.sidecar.dashboards.sizeLimit }} - sizeLimit: {{ . }} - {{- else }} - {} - {{- end }} - {{- if .Values.sidecar.dashboards.SCProvider }} - - name: sc-dashboard-provider - configMap: - name: {{ include "grafana.fullname" . }}-config-dashboards - {{- end }} - {{- end }} - {{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - emptyDir: - {{- with .Values.sidecar.datasources.sizeLimit }} - sizeLimit: {{ . }} - {{- else }} - {} - {{- end }} - {{- end }} - {{- if .Values.sidecar.plugins.enabled }} - - name: sc-plugins-volume - emptyDir: - {{- with .Values.sidecar.plugins.sizeLimit }} - sizeLimit: {{ . }} - {{- else }} - {} - {{- end }} - {{- end }} - {{- if .Values.sidecar.notifiers.enabled }} - - name: sc-notifiers-volume - emptyDir: - {{- with .Values.sidecar.notifiers.sizeLimit }} - sizeLimit: {{ . }} - {{- else }} - {} - {{- end }} - {{- end }} - {{- range .Values.extraSecretMounts }} - {{- if .secretName }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - defaultMode: {{ .defaultMode }} - {{- with .items }} - items: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- else if .projected }} - - name: {{ .name }} - projected: - {{- toYaml .projected | nindent 6 }} - {{- else if .csi }} - - name: {{ .name }} - csi: - {{- toYaml .csi | nindent 6 }} - {{- end }} - {{- end }} - {{- range .Values.extraVolumeMounts }} - - name: {{ .name }} - {{- if .existingClaim }} - persistentVolumeClaim: - claimName: {{ .existingClaim }} - {{- else if .hostPath }} - hostPath: - path: {{ .hostPath }} - {{- else if .csi }} - csi: - {{- toYaml .data | nindent 6 }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - {{- range .Values.extraEmptyDirMounts }} - - name: {{ .name }} - emptyDir: {} - {{- end }} - {{- with .Values.extraContainerVolumes }} - {{- tpl (toYaml .) $root | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/clusterrole.yaml b/charts/devlake/charts/grafana/templates/clusterrole.yaml deleted file mode 100644 index 2c9a180..0000000 --- a/charts/devlake/charts/grafana/templates/clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingRole) }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - name: {{ include "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled .Values.rbac.extraClusterRoleRules .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }} -rules: - {{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }} - - apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] - {{- end}} - {{- with .Values.rbac.extraClusterRoleRules }} - {{- toYaml . | nindent 2 }} - {{- end}} -{{- else }} -rules: [] -{{- end}} -{{- end}} diff --git a/charts/devlake/charts/grafana/templates/clusterrolebinding.yaml b/charts/devlake/charts/grafana/templates/clusterrolebinding.yaml deleted file mode 100644 index b848e8c..0000000 --- a/charts/devlake/charts/grafana/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "grafana.fullname" . }}-clusterrolebinding - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ include "grafana.serviceAccountName" . }} - namespace: {{ include "grafana.namespace" . }} -roleRef: - kind: ClusterRole - {{- if .Values.rbac.useExistingRole }} - name: {{ .Values.rbac.useExistingRole }} - {{- else }} - name: {{ include "grafana.fullname" . }}-clusterrole - {{- end }} - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/devlake/charts/grafana/templates/configmap-dashboard-provider.yaml deleted file mode 100644 index 1f706a8..0000000 --- a/charts/devlake/charts/grafana/templates/configmap-dashboard-provider.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.SCProvider }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - name: {{ include "grafana.fullname" . }}-config-dashboards - namespace: {{ include "grafana.namespace" . }} -data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: '{{ .Values.sidecar.dashboards.provider.name }}' - orgId: {{ .Values.sidecar.dashboards.provider.orgid }} - {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - folder: '{{ .Values.sidecar.dashboards.provider.folder }}' - {{- end }} - type: {{ .Values.sidecar.dashboards.provider.type }} - disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} - allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} - updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} - options: - foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/configmap.yaml b/charts/devlake/charts/grafana/templates/configmap.yaml deleted file mode 100644 index b5f21e8..0000000 --- a/charts/devlake/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- if .Values.createConfigmap }} -{{- $files := .Files }} -{{- $root := . -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -data: - {{- with .Values.plugins }} - plugins: {{ join "," . }} - {{- end }} - grafana.ini: | - {{- range $elem, $elemVal := index .Values "grafana.ini" }} - {{- if not (kindIs "map" $elemVal) }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} - {{- range $key, $value := index .Values "grafana.ini" }} - {{- if kindIs "map" $value }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.datasources }} - {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} - {{- end }} - - {{- range $key, $value := .Values.notifiers }} - {{- $key | nindent 2 }}: | - {{- toYaml $value | nindent 4 }} - {{- end }} - - {{- range $key, $value := .Values.alerting }} - {{- if (hasKey $value "file") }} - {{- $key | nindent 2 }}: - {{- toYaml ( $files.Get $value.file ) | nindent 4}} - {{- else }} - {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.dashboardProviders }} - {{- $key | nindent 2 }}: | - {{- toYaml $value | nindent 4 }} - {{- end }} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - {{ $dashboardProviders := .Values.dashboardProviders }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - {{- if not $value.b64content }} - {{- if not $value.acceptHeader }} - -H "Accept: application/json" \ - {{- else }} - -H "Accept: {{ $value.acceptHeader }}" \ - {{- end }} - {{- if $value.token }} - -H "Authorization: token {{ $value.token }}" \ - {{- end }} - {{- if $value.bearerToken }} - -H "Authorization: Bearer {{ $value.bearerToken }}" \ - {{- end }} - {{- if $value.basic }} - -H "Authorization: Basic {{ $value.basic }}" \ - {{- end }} - {{- if $value.gitlabToken }} - -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ - {{- end }} - -H "Content-Type: application/json;charset=UTF-8" \ - {{- end }} - {{- $dpPath := "" -}} - {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }} - {{- if eq $kd.name $provider }} - {{- $dpPath = $kd.options.path }} - {{- end }} - {{- end }} - {{- if $value.url }} - "{{ $value.url }}" \ - {{- else }} - "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \ - {{- end }} - {{- if $value.datasource }} - {{- if kindIs "string" $value.datasource }} - | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \ - {{- end }} - {{- if kindIs "slice" $value.datasource }} - {{- range $value.datasource }} - | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ - {{- end }} - {{- end }} - {{- end }} - {{- if $value.b64content }} - | base64 -d \ - {{- end }} - > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/devlake/charts/grafana/templates/dashboards-json-configmap.yaml deleted file mode 100644 index df0ed0d..0000000 --- a/charts/devlake/charts/grafana/templates/dashboards-json-configmap.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.dashboards }} -{{ $files := .Files }} -{{- range $provider, $dashboards := .Values.dashboards }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "grafana.fullname" $ }}-dashboards-{{ $provider }} - namespace: {{ include "grafana.namespace" $ }} - labels: - {{- include "grafana.labels" $ | nindent 4 }} - dashboard-provider: {{ $provider }} -{{- if $dashboards }} -data: -{{- $dashboardFound := false }} -{{- range $key, $value := $dashboards }} -{{- if (or (hasKey $value "json") (hasKey $value "file")) }} -{{- $dashboardFound = true }} - {{- print $key | nindent 2 }}.json: - {{- if hasKey $value "json" }} - |- - {{- $value.json | nindent 6 }} - {{- end }} - {{- if hasKey $value "file" }} - {{- toYaml ( $files.Get $value.file ) | nindent 4}} - {{- end }} -{{- end }} -{{- end }} -{{- if not $dashboardFound }} - {} -{{- end }} -{{- end }} ---- -{{- end }} - -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/deployment.yaml b/charts/devlake/charts/grafana/templates/deployment.yaml deleted file mode 100644 index bfa26bb..0000000 --- a/charts/devlake/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if (and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc"))) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }} - replicas: {{ .Values.replicas }} - {{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} - {{- with .Values.deploymentStrategy }} - strategy: - {{- toYaml . | trim | nindent 4 }} - {{- end }} - template: - metadata: - labels: - {{- include "grafana.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} - checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} - {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.envRenderSecret }} - checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} - {{- end }} - kubectl.kubernetes.io/default-container: {{ .Chart.Name }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- include "grafana.pod" . | nindent 6 }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/extra-manifests.yaml b/charts/devlake/charts/grafana/templates/extra-manifests.yaml deleted file mode 100644 index a9bb3b6..0000000 --- a/charts/devlake/charts/grafana/templates/extra-manifests.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{ range .Values.extraObjects }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/charts/devlake/charts/grafana/templates/headless-service.yaml b/charts/devlake/charts/grafana/templates/headless-service.yaml deleted file mode 100644 index 3028589..0000000 --- a/charts/devlake/charts/grafana/templates/headless-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- $sts := list "sts" "StatefulSet" "statefulset" -}} -{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "grafana.fullname" . }}-headless - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - clusterIP: None - selector: - {{- include "grafana.selectorLabels" . | nindent 4 }} - type: ClusterIP - ports: - - name: {{ .Values.gossipPortName }}-tcp - port: 9094 -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/hpa.yaml b/charts/devlake/charts/grafana/templates/hpa.yaml deleted file mode 100644 index 46bbcb4..0000000 --- a/charts/devlake/charts/grafana/templates/hpa.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- $sts := list "sts" "StatefulSet" "statefulset" -}} -{{- if .Values.autoscaling.enabled }} -apiVersion: {{ include "grafana.hpa.apiVersion" . }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "grafana.name" . }} - helm.sh/chart: {{ include "grafana.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - {{- if has .Values.persistence.type $sts }} - kind: StatefulSet - {{- else }} - kind: Deployment - {{- end }} - name: {{ include "grafana.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.autoscaling.behavior }} - behavior: {{ toYaml .Values.autoscaling.behavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/image-renderer-deployment.yaml b/charts/devlake/charts/grafana/templates/image-renderer-deployment.yaml deleted file mode 100644 index 93d20e8..0000000 --- a/charts/devlake/charts/grafana/templates/image-renderer-deployment.yaml +++ /dev/null @@ -1,130 +0,0 @@ -{{ if .Values.imageRenderer.enabled }} -{{- $root := . -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "grafana.fullname" . }}-image-renderer - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.imageRenderer.labels" . | nindent 4 }} - {{- with .Values.imageRenderer.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.imageRenderer.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and (not .Values.imageRenderer.autoscaling.enabled) (.Values.imageRenderer.replicas) }} - replicas: {{ .Values.imageRenderer.replicas }} - {{- end }} - revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - - {{- with .Values.imageRenderer.deploymentStrategy }} - strategy: - {{- toYaml . | trim | nindent 4 }} - {{- end }} - template: - metadata: - labels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} - {{- with .Values.imageRenderer.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.imageRenderer.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imageRenderer.schedulerName }} - schedulerName: "{{ . }}" - {{- end }} - {{- with .Values.imageRenderer.serviceAccountName }} - serviceAccountName: "{{ . }}" - {{- end }} - {{- with .Values.imageRenderer.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageRenderer.hostAliases }} - hostAliases: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageRenderer.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} - {{- with .Values.imageRenderer.image.pullSecrets }} - imagePullSecrets: - {{- range . }} - - name: {{ tpl . $root }} - {{- end}} - {{- end }} - containers: - - name: {{ .Chart.Name }}-image-renderer - {{- if .Values.imageRenderer.image.sha }} - image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" - {{- else }} - image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} - {{- if .Values.imageRenderer.command }} - command: - {{- range .Values.imageRenderer.command }} - - {{ . }} - {{- end }} - {{- end}} - ports: - - name: {{ .Values.imageRenderer.service.portName }} - containerPort: {{ .Values.imageRenderer.service.targetPort }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: {{ .Values.imageRenderer.service.portName }} - env: - - name: HTTP_PORT - value: {{ .Values.imageRenderer.service.targetPort | quote }} - {{- if .Values.imageRenderer.serviceMonitor.enabled }} - - name: ENABLE_METRICS - value: "true" - {{- end }} - {{- range $key, $value := .Values.imageRenderer.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.imageRenderer.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- with .Values.imageRenderer.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /tmp - name: image-renderer-tmpfs - {{- with .Values.imageRenderer.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.imageRenderer.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageRenderer.affinity }} - affinity: - {{- tpl (toYaml .) $root | nindent 8 }} - {{- end }} - {{- with .Values.imageRenderer.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: image-renderer-tmpfs - emptyDir: {} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/image-renderer-hpa.yaml b/charts/devlake/charts/grafana/templates/image-renderer-hpa.yaml deleted file mode 100644 index b0f0059..0000000 --- a/charts/devlake/charts/grafana/templates/image-renderer-hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.autoscaling.enabled }} -apiVersion: {{ include "grafana.hpa.apiVersion" . }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "grafana.fullname" . }}-image-renderer - namespace: {{ include "grafana.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer - helm.sh/chart: {{ include "grafana.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "grafana.fullname" . }}-image-renderer - minReplicas: {{ .Values.imageRenderer.autoscaling.minReplicas }} - maxReplicas: {{ .Values.imageRenderer.autoscaling.maxReplicas }} - metrics: - {{- if .Values.imageRenderer.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ .Values.imageRenderer.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.imageRenderer.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.imageRenderer.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ .Values.imageRenderer.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.imageRenderer.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.imageRenderer.autoscaling.behavior }} - behavior: {{ toYaml .Values.imageRenderer.autoscaling.behavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/devlake/charts/grafana/templates/image-renderer-network-policy.yaml deleted file mode 100644 index d1a0eb3..0000000 --- a/charts/devlake/charts/grafana/templates/image-renderer-network-policy.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.networkPolicy.limitIngress }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "grafana.fullname" . }}-image-renderer-ingress - namespace: {{ include "grafana.namespace" . }} - annotations: - comment: Limit image-renderer ingress traffic from grafana -spec: - podSelector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - {{- with .Values.imageRenderer.podLabels }} - {{- toYaml . | nindent 6 }} - {{- end }} - - policyTypes: - - Ingress - ingress: - - ports: - - port: {{ .Values.imageRenderer.service.targetPort }} - protocol: TCP - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ include "grafana.namespace" . }} - podSelector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 14 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with .Values.imageRenderer.networkPolicy.extraIngressSelectors -}} - {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} - -{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.networkPolicy.limitEgress }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "grafana.fullname" . }}-image-renderer-egress - namespace: {{ include "grafana.namespace" . }} - annotations: - comment: Limit image-renderer egress traffic to grafana -spec: - podSelector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - {{- with .Values.imageRenderer.podLabels }} - {{- toYaml . | nindent 6 }} - {{- end }} - - policyTypes: - - Egress - egress: - # allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # talk only to grafana - - ports: - - port: {{ .Values.service.targetPort }} - protocol: TCP - to: - - namespaceSelector: - matchLabels: - name: {{ include "grafana.namespace" . }} - podSelector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 14 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 14 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/image-renderer-service.yaml b/charts/devlake/charts/grafana/templates/image-renderer-service.yaml deleted file mode 100644 index f8da127..0000000 --- a/charts/devlake/charts/grafana/templates/image-renderer-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "grafana.fullname" . }}-image-renderer - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.imageRenderer.labels" . | nindent 4 }} - {{- with .Values.imageRenderer.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.imageRenderer.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - {{- with .Values.imageRenderer.service.clusterIP }} - clusterIP: {{ . }} - {{- end }} - ports: - - name: {{ .Values.imageRenderer.service.portName }} - port: {{ .Values.imageRenderer.service.port }} - protocol: TCP - targetPort: {{ .Values.imageRenderer.service.targetPort }} - {{- with .Values.imageRenderer.appProtocol }} - appProtocol: {{ . }} - {{- end }} - selector: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/image-renderer-servicemonitor.yaml b/charts/devlake/charts/grafana/templates/image-renderer-servicemonitor.yaml deleted file mode 100644 index 5d9f09d..0000000 --- a/charts/devlake/charts/grafana/templates/image-renderer-servicemonitor.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.imageRenderer.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "grafana.fullname" . }}-image-renderer - {{- if .Values.imageRenderer.serviceMonitor.namespace }} - namespace: {{ tpl .Values.imageRenderer.serviceMonitor.namespace . }} - {{- else }} - namespace: {{ include "grafana.namespace" . }} - {{- end }} - labels: - {{- include "grafana.imageRenderer.labels" . | nindent 4 }} - {{- with .Values.imageRenderer.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ .Values.imageRenderer.service.portName }} - {{- with .Values.imageRenderer.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.imageRenderer.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - honorLabels: true - path: {{ .Values.imageRenderer.serviceMonitor.path }} - scheme: {{ .Values.imageRenderer.serviceMonitor.scheme }} - {{- with .Values.imageRenderer.serviceMonitor.tlsConfig }} - tlsConfig: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.imageRenderer.serviceMonitor.relabelings }} - relabelings: - {{- toYaml . | nindent 6 }} - {{- end }} - jobLabel: "{{ .Release.Name }}-image-renderer" - selector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ include "grafana.namespace" . }} - {{- with .Values.imageRenderer.serviceMonitor.targetLabels }} - targetLabels: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/ingress.yaml b/charts/devlake/charts/grafana/templates/ingress.yaml deleted file mode 100644 index 063cdfa..0000000 --- a/charts/devlake/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}} -{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}} -{{- $fullName := include "grafana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- $ingressPathType := .Values.ingress.pathType -}} -{{- $extraPaths := .Values.ingress.extraPaths -}} -apiVersion: {{ include "grafana.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.ingress.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ tpl $value $ | quote }} - {{- end }} - {{- end }} -spec: - {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} - {{- end -}} - {{- with .Values.ingress.tls }} - tls: - {{- tpl (toYaml .) $ | nindent 4 }} - {{- end }} - rules: - {{- if .Values.ingress.hosts }} - {{- range .Values.ingress.hosts }} - - host: {{ tpl . $ }} - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - - path: {{ $ingressPath }} - {{- if $ingressSupportsPathType }} - pathType: {{ $ingressPathType }} - {{- end }} - backend: - {{- if $ingressApiIsStable }} - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - {{- else }} - - http: - paths: - - backend: - {{- if $ingressApiIsStable }} - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- with $ingressPath }} - path: {{ . }} - {{- end }} - {{- if $ingressSupportsPathType }} - pathType: {{ $ingressPathType }} - {{- end }} - {{- end -}} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/networkpolicy.yaml b/charts/devlake/charts/grafana/templates/networkpolicy.yaml deleted file mode 100644 index ea4578b..0000000 --- a/charts/devlake/charts/grafana/templates/networkpolicy.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - policyTypes: - {{- if .Values.networkPolicy.ingress }} - - Ingress - {{- end }} - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - podSelector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} - - {{- if .Values.networkPolicy.egress.enabled }} - egress: - - ports: - {{ .Values.networkPolicy.egress.ports | toJson }} - {{- end }} - {{- if .Values.networkPolicy.ingress }} - ingress: - - ports: - - port: {{ .Values.service.targetPort }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ include "grafana.fullname" . }}-client: "true" - {{- with .Values.networkPolicy.explicitNamespacesSelector }} - - namespaceSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "grafana.labels" . | nindent 14 }} - role: read - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/poddisruptionbudget.yaml b/charts/devlake/charts/grafana/templates/poddisruptionbudget.yaml deleted file mode 100644 index 0525121..0000000 --- a/charts/devlake/charts/grafana/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} - {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/podsecuritypolicy.yaml b/charts/devlake/charts/grafana/templates/podsecuritypolicy.yaml deleted file mode 100644 index eed7af9..0000000 --- a/charts/devlake/charts/grafana/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "grafana.fullname" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - {{- if .Values.rbac.pspUseAppArmor }} - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - {{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - # Default set from Docker, with DAC_OVERRIDE and CHOWN - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'csi' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/pvc.yaml b/charts/devlake/charts/grafana/templates/pvc.yaml deleted file mode 100644 index eb8f87f..0000000 --- a/charts/devlake/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.persistence.extraPvcLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.persistence.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.persistence.finalizers }} - finalizers: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- with .Values.persistence.storageClassName }} - storageClassName: {{ . }} - {{- end }} - {{- with .Values.persistence.selectorLabels }} - selector: - matchLabels: - {{- toYaml . | nindent 6 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/role.yaml b/charts/devlake/charts/grafana/templates/role.yaml deleted file mode 100644 index df8ac9a..0000000 --- a/charts/devlake/charts/grafana/templates/role.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} -apiVersion: {{ include "grafana.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }} -rules: - {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ include "grafana.fullname" . }}] - {{- end }} - {{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }} - - apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] - {{- end }} - {{- with .Values.rbac.extraRoleRules }} - {{- toYaml . | nindent 2 }} - {{- end}} -{{- else }} -rules: [] -{{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/rolebinding.yaml b/charts/devlake/charts/grafana/templates/rolebinding.yaml deleted file mode 100644 index cc07bd9..0000000 --- a/charts/devlake/charts/grafana/templates/rolebinding.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "grafana.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - {{- if .Values.rbac.useExistingRole }} - name: {{ .Values.rbac.useExistingRole }} - {{- else }} - name: {{ include "grafana.fullname" . }} - {{- end }} -subjects: -- kind: ServiceAccount - name: {{ include "grafana.serviceAccountName" . }} - namespace: {{ include "grafana.namespace" . }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/secret-env.yaml b/charts/devlake/charts/grafana/templates/secret-env.yaml deleted file mode 100644 index c765567..0000000 --- a/charts/devlake/charts/grafana/templates/secret-env.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.envRenderSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "grafana.fullname" . }}-env - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -type: Opaque -data: -{{- range $key, $val := .Values.envRenderSecret }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/secret.yaml b/charts/devlake/charts/grafana/templates/secret.yaml deleted file mode 100644 index 5cbd527..0000000 --- a/charts/devlake/charts/grafana/templates/secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} - {{- else }} - admin-password: {{ include "grafana.password" . }} - {{- end }} - {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/service.yaml b/charts/devlake/charts/grafana/templates/service.yaml deleted file mode 100644 index 43d360b..0000000 --- a/charts/devlake/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.service.enabled }} -{{- $root := . }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.service.annotations }} - annotations: - {{- tpl (toYaml . | nindent 4) $root }} - {{- end }} -spec: - {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} - type: ClusterIP - {{- with .Values.service.clusterIP }} - clusterIP: {{ . }} - {{- end }} - {{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- with .Values.service.loadBalancerIP }} - loadBalancerIP: {{ . }} - {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- else }} - type: {{ .Values.service.type }} - {{- end }} - {{- with .Values.service.externalIPs }} - externalIPs: - {{- toYaml . | nindent 4 }} - {{- end }} - ports: - - name: {{ .Values.service.portName }} - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.service.targetPort }} - {{- with .Values.service.appProtocol }} - appProtocol: {{ . }} - {{- end }} - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- with .Values.extraExposePorts }} - {{- tpl (toYaml . | nindent 4) $root }} - {{- end }} - selector: - {{- include "grafana.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/serviceaccount.yaml b/charts/devlake/charts/grafana/templates/serviceaccount.yaml deleted file mode 100644 index 784e71b..0000000 --- a/charts/devlake/charts/grafana/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.serviceAccount.create }} -{{- $root := . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- tpl (toYaml . | nindent 4) $root }} - {{- end }} - name: {{ include "grafana.serviceAccountName" . }} - namespace: {{ include "grafana.namespace" . }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/servicemonitor.yaml b/charts/devlake/charts/grafana/templates/servicemonitor.yaml deleted file mode 100644 index a4e9f00..0000000 --- a/charts/devlake/charts/grafana/templates/servicemonitor.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "grafana.fullname" . }} - {{- if .Values.serviceMonitor.namespace }} - namespace: {{ tpl .Values.serviceMonitor.namespace . }} - {{- else }} - namespace: {{ include "grafana.namespace" . }} - {{- end }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ .Values.service.portName }} - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - honorLabels: true - path: {{ .Values.serviceMonitor.path }} - scheme: {{ .Values.serviceMonitor.scheme }} - {{- with .Values.serviceMonitor.tlsConfig }} - tlsConfig: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.serviceMonitor.relabelings }} - relabelings: - {{- toYaml . | nindent 6 }} - {{- end }} - jobLabel: "{{ .Release.Name }}" - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ include "grafana.namespace" . }} - {{- with .Values.serviceMonitor.targetLabels }} - targetLabels: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/statefulset.yaml b/charts/devlake/charts/grafana/templates/statefulset.yaml deleted file mode 100644 index e6c944a..0000000 --- a/charts/devlake/charts/grafana/templates/statefulset.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- $sts := list "sts" "StatefulSet" "statefulset" -}} -{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)))}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "grafana.fullname" . }} - namespace: {{ include "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} - serviceName: {{ include "grafana.fullname" . }}-headless - template: - metadata: - labels: - {{- include "grafana.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} - checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} - {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - kubectl.kubernetes.io/default-container: {{ .Chart.Name }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- include "grafana.pod" . | nindent 6 }} - {{- if .Values.persistence.enabled}} - volumeClaimTemplates: - - metadata: - name: storage - spec: - accessModes: {{ .Values.persistence.accessModes }} - storageClassName: {{ .Values.persistence.storageClassName }} - resources: - requests: - storage: {{ .Values.persistence.size }} - {{- with .Values.persistence.selectorLabels }} - selector: - matchLabels: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/tests/test-configmap.yaml b/charts/devlake/charts/grafana/templates/tests/test-configmap.yaml deleted file mode 100644 index 01c96c9..0000000 --- a/charts/devlake/charts/grafana/templates/tests/test-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.testFramework.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "grafana.fullname" . }}-test - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -data: - run.sh: |- - @test "Test Health" { - url="http://{{ include "grafana.fullname" . }}/api/health" - - code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') - [ "$code" == "200" ] - } -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/devlake/charts/grafana/templates/tests/test-podsecuritypolicy.yaml deleted file mode 100644 index 1821772..0000000 --- a/charts/devlake/charts/grafana/templates/tests/test-podsecuritypolicy.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "grafana.fullname" . }}-test - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -spec: - allowPrivilegeEscalation: true - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - fsGroup: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - projected - - csi - - secret -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/tests/test-role.yaml b/charts/devlake/charts/grafana/templates/tests/test-role.yaml deleted file mode 100644 index cb4c782..0000000 --- a/charts/devlake/charts/grafana/templates/tests/test-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "grafana.fullname" . }}-test - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ include "grafana.fullname" . }}-test] -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/devlake/charts/grafana/templates/tests/test-rolebinding.yaml deleted file mode 100644 index f40d791..0000000 --- a/charts/devlake/charts/grafana/templates/tests/test-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "grafana.fullname" . }}-test - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - labels: - {{- include "grafana.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "grafana.fullname" . }}-test -subjects: - - kind: ServiceAccount - name: {{ include "grafana.serviceAccountNameTest" . }} - namespace: {{ include "grafana.namespace" . }} -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/devlake/charts/grafana/templates/tests/test-serviceaccount.yaml deleted file mode 100644 index 38fba35..0000000 --- a/charts/devlake/charts/grafana/templates/tests/test-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} - name: {{ include "grafana.serviceAccountNameTest" . }} - namespace: {{ include "grafana.namespace" . }} - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" -{{- end }} diff --git a/charts/devlake/charts/grafana/templates/tests/test.yaml b/charts/devlake/charts/grafana/templates/tests/test.yaml deleted file mode 100644 index 9fb8842..0000000 --- a/charts/devlake/charts/grafana/templates/tests/test.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.testFramework.enabled }} -{{- $root := . }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ include "grafana.fullname" . }}-test - labels: - {{- include "grafana.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - namespace: {{ include "grafana.namespace" . }} -spec: - serviceAccountName: {{ include "grafana.serviceAccountNameTest" . }} - {{- with .Values.testFramework.securityContext }} - securityContext: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if or .Values.image.pullSecrets .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.image.pullSecrets) | nindent 4 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- tpl (toYaml .) $root | nindent 4 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 4 }} - {{- end }} - containers: - - name: {{ .Release.Name }}-test - image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" - imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" - command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] - volumeMounts: - - mountPath: /tests - name: tests - readOnly: true - volumes: - - name: tests - configMap: - name: {{ include "grafana.fullname" . }}-test - restartPolicy: Never -{{- end }} diff --git a/charts/devlake/charts/grafana/values.yaml b/charts/devlake/charts/grafana/values.yaml deleted file mode 100644 index a6d8aec..0000000 --- a/charts/devlake/charts/grafana/values.yaml +++ /dev/null @@ -1,1240 +0,0 @@ -global: - # To help compatibility with other charts which use global.imagePullSecrets. - # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). - # Can be tempalted. - # global: - # imagePullSecrets: - # - name: pullSecret1 - # - name: pullSecret2 - # or - # global: - # imagePullSecrets: - # - pullSecret1 - # - pullSecret2 - imagePullSecrets: [] - -rbac: - create: true - ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) - # useExistingRole: name-of-some-(cluster)role - pspEnabled: false - pspUseAppArmor: false - namespaced: false - extraRoleRules: [] - # - apiGroups: [] - # resources: [] - # verbs: [] - extraClusterRoleRules: [] - # - apiGroups: [] - # resources: [] - # verbs: [] -serviceAccount: - create: true - name: - nameTest: - ## ServiceAccount labels. - labels: {} -## Service account annotations. Can be templated. -# annotations: -# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: true - -replicas: 1 - -## Create a headless service for the deployment -headlessService: false - -## Create HorizontalPodAutoscaler object for deployment type -# -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPU: "60" - targetMemory: "" - behavior: {} - -## See `kubectl explain poddisruptionbudget.spec` for more -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} -# minAvailable: 1 -# maxUnavailable: 1 - -## See `kubectl explain deployment.spec.strategy` for more -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -deploymentStrategy: - type: RollingUpdate - -readinessProbe: - httpGet: - path: /api/health - port: 3000 - -livenessProbe: - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: "default-scheduler" - -image: - repository: docker.io/grafana/grafana - # Overrides the Grafana image tag whose default is the chart appVersion - tag: "" - sha: "" - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Can be templated. - ## - pullSecrets: [] - # - myRegistrKeySecretName - -testFramework: - enabled: true - image: docker.io/bats/bats - tag: "v1.4.1" - imagePullPolicy: IfNotPresent - securityContext: {} - -securityContext: - runAsNonRoot: true - runAsUser: 472 - runAsGroup: 472 - fsGroup: 472 - -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - -# Enable creating the grafana configmap -createConfigmap: true - -# Extra configmaps to mount in grafana pods -# Values are templated. -extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /etc/grafana/ssl/ - # subPath: certificates.crt # (optional) - # configMap: certs-configmap - # readOnly: true - - -extraEmptyDirMounts: [] - # - name: provisioning-notifiers - # mountPath: /etc/grafana/provisioning/notifiers - - -# Apply extra labels to common labels. -extraLabels: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: - -downloadDashboardsImage: - repository: docker.io/curlimages/curl - tag: 7.85.0 - sha: "" - pullPolicy: IfNotPresent - -downloadDashboards: - env: {} - envFromSecret: "" - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - -## Pod Annotations -# podAnnotations: {} - -## Pod Labels -# podLabels: {} - -podPortName: grafana -gossipPortName: gossip -## Deployment annotations -# annotations: {} - -## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - enabled: true - type: ClusterIP - port: 80 - targetPort: 3000 - # targetPort: 4181 To be used with a proxy extraContainer - ## Service annotations. Can be templated. - annotations: {} - labels: {} - portName: service - # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" - appProtocol: "" - -serviceMonitor: - ## If true, a ServiceMonitor CRD is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator - ## - enabled: false - path: /metrics - # namespace: monitoring (defaults to use the namespace this chart is deployed to) - labels: {} - interval: 1m - scheme: http - tlsConfig: {} - scrapeTimeout: 30s - relabelings: [] - targetLabels: [] - -extraExposePorts: [] - # - name: keycloak - # port: 8080 - # targetPort: 8080 - # type: ClusterIP - -# overrides pod.spec.hostAliases in the grafana deployment's pods -hostAliases: [] - # - ip: "1.2.3.4" - # hostnames: - # - "my.host.com" - -ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - - # pathType is only for k8s >= 1.1= - pathType: Prefix - - hosts: - - chart-example.local - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## Or for k8s > 1.19 - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -## Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -# -nodeSelector: {} - -## Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Affinity for pod assignment (evaluated as template) -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Topology Spread Constraints -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -topologySpreadConstraints: [] - -## Additional init containers (evaluated as template) -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## -extraInitContainers: [] - -## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod -extraContainers: "" -# extraContainers: | -# - name: proxy -# image: quay.io/gambol99/keycloak-proxy:latest -# args: -# - -provider=github -# - -client-id= -# - -client-secret= -# - -github-org= -# - -email-domain=* -# - -cookie-secret= -# - -http-address=http://0.0.0.0:4181 -# - -upstream-url=http://127.0.0.1:3000 -# ports: -# - name: proxy-web -# containerPort: 4181 - -## Volumes that can be used in init containers that will not be mounted to deployment pods -extraContainerVolumes: [] -# - name: volume-from-secret -# secret: -# secretName: secret-to-mount -# - name: empty-dir-volume -# emptyDir: {} - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - type: pvc - enabled: false - # storageClassName: default - accessModes: - - ReadWriteOnce - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # selectorLabels: {} - ## Sub-directory of the PV to mount. Can be templated. - # subPath: "" - ## Name of an existing PVC. Can be templated. - # existingClaim: - ## Extra labels to apply to a PVC. - extraPvcLabels: {} - - ## If persistence is not enabled, this allows to mount the - ## local storage in-memory to improve performance - ## - inMemory: - enabled: false - ## The maximum usage on memory medium EmptyDir would be - ## the minimum value between the SizeLimit specified - ## here and the sum of memory limits of all containers in a pod - ## - # sizeLimit: 300Mi - -initChownData: - ## If false, data ownership will not be reset at startup - ## This allows the grafana-server to be run with an arbitrary user - ## - enabled: true - - ## initChownData container image - ## - image: - repository: docker.io/library/busybox - tag: "1.31.1" - sha: "" - pullPolicy: IfNotPresent - - ## initChownData resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - securityContext: - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - capabilities: - add: - - CHOWN - -# Administrator credentials when not using an existing secret (see below) -adminUser: admin -# adminPassword: strongpassword - -# Use an existing secret for the admin user. -admin: - ## Name of the secret. Can be templated. - existingSecret: "" - userKey: admin-user - passwordKey: admin-password - -## Define command to be executed at startup by grafana container -## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) -## Default is "run.sh" as defined in grafana's Dockerfile -# command: -# - "sh" -# - "/run.sh" - -## Optionally define args if command is used -## Needed if using `hashicorp/envconsul` to manage secrets -## By default no arguments are set -# args: -# - "-secret" -# - "secret/grafana" -# - "./grafana" - -## Extra environment variables that will be pass onto deployment pods -## -## to provide grafana with access to CloudWatch on AWS EKS: -## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) -## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the -## same oidc eks provider as noted before (same as the existing line) -## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name -## -## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", -## -## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess -## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) -## -## env: -## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here -## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token -## AWS_REGION: us-east-1 -## -## 5. uncomment the EKS section in extraSecretMounts: below -## 6. uncomment the annotation section in the serviceAccount: above -## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn - -env: {} - -## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core -## Renders in container spec as: -## env: -## ... -## - name: -## valueFrom: -## -envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - -## The name of a secret in the same kubernetes namespace which contain values to be added to the environment -## This can be useful for auth tokens, etc. Value is templated. -envFromSecret: "" - -## Sensible environment variables that will be rendered as new secret object -## This can be useful for auth tokens, etc -envRenderSecret: {} - -## The names of secrets in the same kubernetes namespace which contain values to be added to the environment -## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. -## Name is templated. -envFromSecrets: [] -## - name: secret-name -## optional: true - -## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment -## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. -## Name is templated. -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core -envFromConfigMaps: [] -## - name: configmap-name -## optional: true - -# Inject Kubernetes services as environment variables. -# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables -enableServiceLinks: true - -## Additional grafana server secret mounts -# Defines additional mounts with secrets. Secrets must be manually created in the namespace. -extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # secretName: grafana-secret-files - # readOnly: true - # subPath: "" - # - # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) - # - name: aws-iam-token - # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount - # readOnly: true - # projected: - # defaultMode: 420 - # sources: - # - serviceAccountToken: - # audience: sts.amazonaws.com - # expirationSeconds: 86400 - # path: token - # - # for CSI e.g. Azure Key Vault use the following - # - name: secrets-store-inline - # mountPath: /run/secrets - # readOnly: true - # csi: - # driver: secrets-store.csi.k8s.io - # readOnly: true - # volumeAttributes: - # secretProviderClass: "akv-grafana-spc" - # nodePublishSecretRef: # Only required when using service principal mode - # name: grafana-akv-creds # Only required when using service principal mode - -## Additional grafana server volume mounts -# Defines additional volume mounts. -extraVolumeMounts: [] - # - name: extra-volume-0 - # mountPath: /mnt/volume0 - # readOnly: true - # existingClaim: volume-claim - # - name: extra-volume-1 - # mountPath: /mnt/volume1 - # readOnly: true - # hostPath: /usr/shared/ - # - name: grafana-secrets - # csi: true - # data: - # driver: secrets-store.csi.k8s.io - # readOnly: true - # volumeAttributes: - # secretProviderClass: "grafana-env-spc" - -## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request -lifecycleHooks: {} - # postStart: - # exec: - # command: [] - -## Pass the plugins you want installed as a list. -## -plugins: [] - # - digrich-bubblechart-panel - # - grafana-clock-panel - ## You can also use other plugin download URL, as long as they are valid zip files, - ## and specify the name of the plugin after the semicolon. Like this: - # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource - -## Configure grafana datasources -## ref: http://docs.grafana.org/administration/provisioning/#datasources -## -datasources: {} -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Prometheus -# type: prometheus -# url: http://prometheus-prometheus-server -# access: proxy -# isDefault: true -# - name: CloudWatch -# type: cloudwatch -# access: proxy -# uid: cloudwatch -# editable: false -# jsonData: -# authType: default -# defaultRegion: us-east-1 - -## Configure grafana alerting (can be templated) -## ref: http://docs.grafana.org/administration/provisioning/#alerting -## -alerting: {} - # rules.yaml: - # apiVersion: 1 - # groups: - # - orgId: 1 - # name: '{{ .Chart.Name }}_my_rule_group' - # folder: my_first_folder - # interval: 60s - # rules: - # - uid: my_id_1 - # title: my_first_rule - # condition: A - # data: - # - refId: A - # datasourceUid: '-100' - # model: - # conditions: - # - evaluator: - # params: - # - 3 - # type: gt - # operator: - # type: and - # query: - # params: - # - A - # reducer: - # type: last - # type: query - # datasource: - # type: __expr__ - # uid: '-100' - # expression: 1==0 - # intervalMs: 1000 - # maxDataPoints: 43200 - # refId: A - # type: math - # dashboardUid: my_dashboard - # panelId: 123 - # noDataState: Alerting - # for: 60s - # annotations: - # some_key: some_value - # labels: - # team: sre_team_1 - # contactpoints.yaml: - # apiVersion: 1 - # contactPoints: - # - orgId: 1 - # name: cp_1 - # receivers: - # - uid: first_uid - # type: pagerduty - # settings: - # integrationKey: XXX - # severity: critical - # class: ping failure - # component: Grafana - # group: app-stack - # summary: | - # {{ `{{ include "default.message" . }}` }} - -## Configure notifiers -## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels -## -notifiers: {} -# notifiers.yaml: -# notifiers: -# - name: email-notifier -# type: email -# uid: email1 -# # either: -# org_id: 1 -# # or -# org_name: Main Org. -# is_default: true -# settings: -# addresses: an_email_address@example.com -# delete_notifiers: - -## Configure grafana dashboard providers -## ref: http://docs.grafana.org/administration/provisioning/#dashboards -## -## `path` must be /var/lib/grafana/dashboards/ -## -dashboardProviders: {} -# dashboardproviders.yaml: -# apiVersion: 1 -# providers: -# - name: 'default' -# orgId: 1 -# folder: '' -# type: file -# disableDeletion: false -# editable: true -# options: -# path: /var/lib/grafana/dashboards/default - -## Configure grafana dashboard to import -## NOTE: To use dashboards you must also enable/configure dashboardProviders -## ref: https://grafana.com/dashboards -## -## dashboards per provider, use provider name as key. -## -dashboards: {} - # default: - # some-dashboard: - # json: | - # $RAW_JSON - # custom-dashboard: - # file: dashboards/custom-dashboard.json - # prometheus-stats: - # gnetId: 2 - # revision: 2 - # datasource: Prometheus - # local-dashboard: - # url: https://example.com/repository/test.json - # token: '' - # local-dashboard-base64: - # url: https://example.com/repository/test-b64.json - # token: '' - # b64content: true - # local-dashboard-gitlab: - # url: https://example.com/repository/test-gitlab.json - # gitlabToken: '' - # local-dashboard-bitbucket: - # url: https://example.com/repository/test-bitbucket.json - # bearerToken: '' - # local-dashboard-azure: - # url: https://example.com/repository/test-azure.json - # basic: '' - # acceptHeader: '*/*' - -## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. -## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. -## ConfigMap data example: -## -## data: -## example-dashboard.json: | -## RAW_JSON -## -dashboardsConfigMaps: {} -# default: "" - -## Grafana's primary configuration -## NOTE: values in map will be converted to ini format -## ref: http://docs.grafana.org/installation/configuration/ -## -grafana.ini: - paths: - data: /var/lib/grafana/ - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning - analytics: - check_for_updates: true - log: - mode: console - grafana_net: - url: https://grafana.net - server: - domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ .Values.ingress.hosts | first }}{{ else }}''{{ end }}" -## grafana Authentication can be enabled with the following values on grafana.ini - # server: - # The full public facing url you use in browser, used for redirects and emails - # root_url: - # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana - # auth.github: - # enabled: false - # allow_sign_up: false - # scopes: user:email,read:org - # auth_url: https://github.com/login/oauth/authorize - # token_url: https://github.com/login/oauth/access_token - # api_url: https://api.github.com/user - # team_ids: - # allowed_organizations: - # client_id: - # client_secret: -## LDAP Authentication can be enabled with the following values on grafana.ini -## NOTE: Grafana will fail to start if the value for ldap.toml is invalid - # auth.ldap: - # enabled: true - # allow_sign_up: true - # config_file: /etc/grafana/ldap.toml - -## Grafana's LDAP configuration -## Templated by the template in _helpers.tpl -## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled -## ref: http://docs.grafana.org/installation/configuration/#auth-ldap -## ref: http://docs.grafana.org/installation/ldap/#configuration -ldap: - enabled: false - # `existingSecret` is a reference to an existing secret containing the ldap configuration - # for Grafana in a key `ldap-toml`. - existingSecret: "" - # `config` is the content of `ldap.toml` that will be stored in the created secret - config: "" - # config: |- - # verbose_logging = true - - # [[servers]] - # host = "my-ldap-server" - # port = 636 - # use_ssl = true - # start_tls = false - # ssl_skip_verify = false - # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" - -## Grafana's SMTP configuration -## NOTE: To enable, grafana.ini must be configured with smtp.enabled -## ref: http://docs.grafana.org/installation/configuration/#smtp -smtp: - # `existingSecret` is a reference to an existing secret containing the smtp configuration - # for Grafana. - existingSecret: "" - userKey: "user" - passwordKey: "password" - -## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders -## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards -sidecar: - image: - repository: quay.io/kiwigrid/k8s-sidecar - tag: 1.24.3 - sha: "" - imagePullPolicy: IfNotPresent - resources: {} -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - # skipTlsVerify Set to true to skip tls verification for kube api calls - # skipTlsVerify: true - enableUniqueFilenames: false - readinessProbe: {} - livenessProbe: {} - # Log level default for all sidecars. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. Defaults to INFO - # logLevel: INFO - alerts: - enabled: false - # Additional environment variables for the alerts sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with alert are marked with - label: grafana_alert - # value of label that the configmaps with alert are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for alert config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload alerts - reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload" - # Absolute path to shell script to execute after a alert got reloaded - script: null - skipReload: false - # Deploy the alert sidecar as an initContainer in addition to a container. - # Sets the size limit of the alert sidecar emptyDir volume - sizeLimit: {} - dashboards: - enabled: false - # Additional environment variables for the dashboards sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - SCProvider: true - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - # value of label that the configmaps with dashboards are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) - folder: /tmp/dashboards - # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead - defaultFolderName: null - # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces. - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # If specified, the sidecar will look for annotation with this name to create folder and put graph here. - # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. - folderAnnotation: null - # Endpoint to send request to reload alerts - reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" - # Absolute path to shell script to execute after a configmap got reloaded - script: null - skipReload: false - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # provider configuration that lets grafana manage the dashboards - provider: - # name of the provider, should be unique - name: sidecarProvider - # orgid as configured in grafana - orgid: 1 - # folder in which the dashboards should be imported in grafana - folder: '' - # type of the provider - type: file - # disableDelete to activate a import-only behaviour - disableDelete: false - # allow updating provisioned dashboards from the UI - allowUiUpdates: false - # allow Grafana to replicate dashboard structure from filesystem - foldersFromFilesStructure: false - # Additional dashboard sidecar volume mounts - extraMounts: [] - # Sets the size limit of the dashboard sidecar emptyDir volume - sizeLimit: {} - datasources: - enabled: false - # Additional environment variables for the datasourcessidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with datasources are marked with - label: grafana_datasource - # value of label that the configmaps with datasources are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for datasource config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload datasources - reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" - # Absolute path to shell script to execute after a datasource got reloaded - script: null - skipReload: false - # Deploy the datasource sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any datasources defined at startup time. - initDatasources: false - # Sets the size limit of the datasource sidecar emptyDir volume - sizeLimit: {} - plugins: - enabled: false - # Additional environment variables for the plugins sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with plugins are marked with - label: grafana_plugin - # value of label that the configmaps with plugins are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for plugin config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload plugins - reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" - # Absolute path to shell script to execute after a plugin got reloaded - script: null - skipReload: false - # Deploy the datasource sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any plugins defined at startup time. - initPlugins: false - # Sets the size limit of the plugin sidecar emptyDir volume - sizeLimit: {} - notifiers: - enabled: false - # Additional environment variables for the notifierssidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with notifiers are marked with - label: grafana_notifier - # value of label that the configmaps with notifiers are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for notifier config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload notifiers - reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload" - # Absolute path to shell script to execute after a notifier got reloaded - script: null - skipReload: false - # Deploy the notifier sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any notifiers defined at startup time. - initNotifiers: false - # Sets the size limit of the notifier sidecar emptyDir volume - sizeLimit: {} - -## Override the deployment namespace -## -namespaceOverride: "" - -## Number of old ReplicaSets to retain -## -revisionHistoryLimit: 10 - -## Add a seperate remote image renderer deployment/service -imageRenderer: - deploymentStrategy: {} - # Enable the image-renderer deployment & service - enabled: false - replicas: 1 - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPU: "60" - targetMemory: "" - behavior: {} - image: - # image-renderer Image repository - repository: docker.io/grafana/grafana-image-renderer - # image-renderer Image tag - tag: latest - # image-renderer Image sha (optional) - sha: "" - # image-renderer ImagePullPolicy - pullPolicy: Always - # extra environment variables - env: - HTTP_HOST: "0.0.0.0" - # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 - # RENDERING_MODE: clustered - # IGNORE_HTTPS_ERRORS: true - - ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - ## Renders in container spec as: - ## env: - ## ... - ## - name: - ## valueFrom: - ## - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - - # image-renderer deployment serviceAccount - serviceAccountName: "" - # image-renderer deployment securityContext - securityContext: {} - # image-renderer deployment container securityContext - containerSecurityContext: - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ['ALL'] - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - # image-renderer deployment Host Aliases - hostAliases: [] - # image-renderer deployment priority class - priorityClassName: '' - service: - # Enable the image-renderer service - enabled: true - # image-renderer service port name - portName: 'http' - # image-renderer service port used by both service and deployment - port: 8081 - targetPort: 8081 - # Adds the appProtocol field to the image-renderer service. This allows to work with istio protocol selection. Ex: "http" or "tcp" - appProtocol: "" - serviceMonitor: - ## If true, a ServiceMonitor CRD is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator - ## - enabled: false - path: /metrics - # namespace: monitoring (defaults to use the namespace this chart is deployed to) - labels: {} - interval: 1m - scheme: http - tlsConfig: {} - scrapeTimeout: 30s - relabelings: [] - # See: https://doc.crds.dev/github.com/prometheus-operator/kube-prometheus/monitoring.coreos.com/ServiceMonitor/v1@v0.11.0#spec-targetLabels - targetLabels: [] - # - targetLabel1 - # - targetLabel2 - # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana - grafanaProtocol: http - # In case a sub_path is used this needs to be added to the image renderer callback - grafanaSubPath: "" - # name of the image-renderer port on the pod - podPortName: http - # number of image-renderer replica sets to keep - revisionHistoryLimit: 10 - networkPolicy: - # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods - limitIngress: true - # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods - limitEgress: false - # Allow additional services to access image-renderer (eg. Prometheus operator when ServiceMonitor is enabled) - extraIngressSelectors: [] - resources: {} -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## Affinity for pod assignment (evaluated as template) - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: "default-scheduler" - -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to grafana port defined. - ## When true, grafana will accept connections from any source - ## (with the correct destination port). - ## - ingress: true - ## @param networkPolicy.ingress When true enables the creation - ## an ingress network policy - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the grafana. - ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - ## - ## - ## - ## - ## - ## - egress: - ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be - ## created allowing grafana to connect to external data sources from kubernetes cluster. - enabled: false - ## - ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress - ports: [] - ## Add ports to the egress by specifying - port: - ## E.X. - ## ports: - ## - port: 80 - ## - port: 443 - ## - ## - ## - ## - ## - ## - -# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option -enableKubeBackwardCompatibility: false -useStatefulSet: false -# Create a dynamic manifests via values: -extraObjects: [] - # - apiVersion: "kubernetes-client.io/v1" - # kind: ExternalSecret - # metadata: - # name: grafana-secrets - # spec: - # backendType: gcpSecretsManager - # data: - # - key: grafana-admin-password - # name: adminPassword