gitea_admin/application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add helm charts

Browse Source
This commit is contained in:
Ybehrooz
2025-11-09 13:22:40 +03:30
parent 282c3e52d0
commit 38e4d749ad
1352 changed files with 190457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
backing-services/grafana/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,33 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{ ternary "https" "http" .Values.ingress.tls }}://{{ .Values.ingress.hostname }}{{ .Values.ingress.path }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.ports.grafana }}
{{- else if contains "ClusterIP" .Values.service.type }}
echo "Browse to http://127.0.0.1:8080"
kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.ports.grafana }} &
{{- end }}
2. Get the admin credentials:
echo "User: {{ .Values.admin.user }}"
echo "Password: $(kubectl get secret {{ include "grafana.adminSecretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.{{ include "grafana.adminSecretPasswordKey" . }}}" | base64 -d)"
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{ include "grafana.validateValues" . }}
{{ include "grafana.validateValues.database" . }}

245
backing-services/grafana/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,245 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Grafana image name
*/}}
{{- define "grafana.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "grafana.imagePullSecrets" -}}
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) -}}
{{- end }}
{{/*
Return the proper Storage Class
*/}}
{{- define "grafana.storageClass" -}}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
{{- end -}}
{{/*
Return the Grafana admin credentials secret
*/}}
{{- define "grafana.adminSecretName" -}}
{{- if .Values.admin.existingSecret -}}
{{- printf "%s" (tpl .Values.admin.existingSecret $) -}}
{{- else -}}
{{- printf "%s-admin" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana admin password key
*/}}
{{- define "grafana.adminSecretPasswordKey" -}}
{{- if and .Values.admin.existingSecret .Values.admin.existingSecretPasswordKey -}}
{{- printf "%s" (tpl .Values.admin.existingSecretPasswordKey $) -}}
{{- else -}}
{{- printf "GF_SECURITY_ADMIN_PASSWORD" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "grafana.createAdminSecret" -}}
{{- if not .Values.admin.existingSecret }}
{{- true -}}
{{- else -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana SMTP credentials secret
*/}}
{{- define "grafana.smtpSecretName" -}}
{{- if .Values.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana SMTP user key
*/}}
{{- define "grafana.smtpSecretUserKey" -}}
{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretUserKey -}}
{{- printf "%s" (tpl .Values.smtp.existingSecretUserKey $) -}}
{{- else -}}
{{- printf "GF_SMTP_USER" -}}
{{- end -}}
{{- end -}}
{{/*
Return the Grafana SMTP password key
*/}}
{{- define "grafana.smtpSecretPasswordKey" -}}
{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretPasswordKey -}}
{{- printf "%s" (tpl .Values.smtp.existingSecretPasswordKey $) -}}
{{- else -}}
{{- printf "GF_SMTP_PASSWORD" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "grafana.createSMTPSecret" -}}
{{- if and .Values.smtp.enabled (not .Values.smtp.existingSecret) }}
{{- true -}}
{{- else -}}
{{- end -}}
{{- end -}}
{{/*
Returns the proper service account name depending if an explicit service account name is set
in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create
is true or default otherwise.
*/}}
{{- define "grafana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return LDAP configuration generated from ldap properties.
*/}}
{{- define "grafana.ldap.config" -}}
{{- $hostPort := get (urlParse (required "You must set ldap.uri" .Values.ldap.uri)) "host" -}}
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = {{ index (splitList ":" $hostPort) 0 | quote }}
# Default port is 389 or 636 if use_ssl = true
port = {{ index (splitList ":" $hostPort) 1 | default 389 }}
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
{{- if .Values.ldap.tls.enabled }}
use_ssl = {{ .Values.ldap.tls.enabled }}
ssl_skip_verify = {{ .Values.ldap.tls.skipVerify }}
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = {{ .Values.ldap.tls.startTls }}
{{- if .Values.ldap.tls.CAFilename }}
# set to the path to your root CA certificate or leave unset to use system defaults
root_ca_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.CAFilename | quote }}
{{- end }}
{{- if .Values.ldap.tls.certFilename }}
# Authentication against LDAP servers requiring client certificates
client_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.certFilename | quote }}
client_key = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath (required "ldap.tls.certKeyFilename is required when ldap.tls.certFilename is defined" .Values.ldap.tls.certKeyFilename) | quote }}
{{- end }}
{{- end }}
{{- if .Values.ldap.binddn }}
# Search user bind dn
bind_dn = {{ .Values.ldap.binddn | quote }}
{{- end }}
{{- if .Values.ldap.bindpw }}
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = {{ .Values.ldap.bindpw | quote }}
{{- end }}
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
{{- if .Values.ldap.searchFilter }}
search_filter = {{ .Values.ldap.searchFilter | quote }}
{{- else if .Values.ldap.searchAttribute }}
search_filter = "({{ .Values.ldap.searchAttribute }}=%s)"
{{- end }}
# An array of base dns to search through
search_base_dns = [{{ (required "You must set ldap.basedn" .Values.ldap.basedn) | quote }}]
{{ .Values.ldap.extraConfiguration }}
{{- end -}}
{{/*
Validate values for Grafana.
*/}}
{{- define "grafana.validateValues" -}}
# Note: Do not include grafana.validateValues.database here. See https://github.com/bitnami/charts/issues/20629
{{- $messages := list -}}
{{- $messages := append $messages (include "grafana.validateValues.configmapsOrSecrets" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.ldap.configuration" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.ldap.configmapsecret" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.ldap.tls" .) -}}
{{- $messages := append $messages (include "grafana.validateValues.imageRenderer" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - A ConfigMap or Secret name must be provided when loading a custom grafana.ini file */}}
{{- define "grafana.validateValues.configmapsOrSecrets" -}}
{{- if and .Values.config.useGrafanaIniFile (not .Values.config.grafanaIniSecret) (not .Values.config.grafanaIniConfigMap) -}}
grafana: config.useGrafanaIniFile config.grafanaIniSecret and config.grafanaIniConfigMap
You enabled config.useGrafanaIniFile but did not specify config.grafanaIniSecret nor config.grafanaIniConfigMap
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - A custom ldap.toml file must be provided when enabling LDAP */}}
{{- define "grafana.validateValues.ldap.configuration" -}}
{{- if and .Values.ldap.enabled (empty .Values.ldap.uri) (empty .Values.ldap.basedn) (empty .Values.ldap.configuration) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) -}}
grafana: ldap.enabled ldap.uri ldap.basedn ldap.configuration ldap.configMapName and ldap.secretName
You must provide the uri and basedn of your LDAP Sever (--set ldap.uri="aaa" --set ldap.basedn="bbb")
or the content of your custom ldap.toml file when enabling LDAP (--set ldap.configuration="xxx")
As an alternative, you can set the name of an existing ConfigMap (--set ldap.configMapName="yyy") or
an an existing Secret (--set ldap.secretName="zzz") containging the custom ldap.toml file.
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - Only a ConfigMap or Secret name must be provided when loading a custom ldap.toml file */}}
{{- define "grafana.validateValues.ldap.configmapsecret" -}}
{{- if and .Values.ldap.enabled (not (empty .Values.ldap.configMapName)) (not (empty .Values.ldap.secretName)) -}}
grafana: ldap.enabled ldap.configMapName and ldap.secretName
You cannot load a custom ldap.toml file both from a ConfigMap and a Secret simultaneously
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - LDAP TLS validation */}}
{{- define "grafana.validateValues.ldap.tls" -}}
{{- if and .Values.ldap.enabled .Values.ldap.tls.enabled (empty .Values.ldap.tls.certificatesSecret) (or (not (empty .Values.ldap.tls.CAFilename)) (not (empty .Values.ldap.tls.certFilename)) (not (empty .Values.ldap.tls.certKeyFilename))) -}}
grafana: ldap.enabled ldap.tls.enabled ldap.tls.certificatesSecret ldap.tls.CAFilename ldap.tls.certFilename and ldap.tls.certKeyFilename
You must set ldap.tls.certificatesSecret if you want to specify any certificate for LDAP TLS connection
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - Requirements to use an external database */}}
{{- define "grafana.validateValues.database" -}}
{{- $replicaCount := int .Values.grafana.replicaCount }}
{{- if gt $replicaCount 1 -}}
grafana: replicaCount
Using more than one replica requires using an external database to share data between Grafana instances.
By default Grafana uses an internal sqlite3 per instance but you can configure an external MySQL or PostgreSQL.
Please, ensure you provide a configuration file configuring the external database to share data between replicas.
{{- end -}}
{{- end -}}
{{/* Validate values of Grafana - Requirements to use Grafana Image Renderer */}}
{{- define "grafana.validateValues.imageRenderer" -}}
{{- if and .Values.imageRenderer.enabled (or (empty .Values.imageRenderer.serverURL) (empty .Values.imageRenderer.callbackURL)) -}}
grafana: imageRenderer.enabled imageRenderer.serverURL and imageRenderer.callbackURL
You must provide the serverURL and callbackURL for Grafana Image Renderer when enabling it.
(--set imageRenderer.serverURL="http://image-renderer-url/render" --set imageRenderer.callbackURL="http://grafana-url:3000/")
{{- end -}}
{{- end -}}

34
backing-services/grafana/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-envvars
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | quote }}
{{- if .Values.imageRenderer.enabled }}
GF_RENDERING_SERVER_URL: {{ .Values.imageRenderer.serverURL | quote }}
GF_RENDERING_CALLBACK_URL: {{ .Values.imageRenderer.callbackURL | quote }}
{{- end }}
{{- if .Values.plugins }}
GF_INSTALL_PLUGINS: {{ .Values.plugins | quote }}
{{- else }}
GF_INSTALL_PLUGINS: ""
{{- end }}
GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins"
GF_AUTH_LDAP_ENABLED: {{ .Values.ldap.enabled | quote }}
GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml"
GF_AUTH_LDAP_ALLOW_SIGN_UP: {{ .Values.ldap.allowSignUp | quote }}
GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning"
GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini"
GF_PATHS_DATA: "/opt/bitnami/grafana/data"
GF_PATHS_LOGS: "/opt/bitnami/grafana/logs"

43
backing-services/grafana/templates/dashboard-provider.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.dashboardsProvider.enabled (not .Values.dashboardsProvider.configMapName) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-provider
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
default-provider.yaml: |-
apiVersion: 1
providers:
# <string> an unique provider name
- name: 'default-provider'
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string, required> name of the dashboard folder. Required
folder: dashboards
# <string> folder UID. will be automatically generated if not specified
folderUid: ''
# <string, required> provider type. Required
type: file
# <bool> disable dashboard deletion
disableDeletion: false
# <bool> enable dashboard editing
editable: true
# <int> how often Grafana will scan for changed dashboards
updateIntervalSeconds: 10
options:
# <string, required> path to dashboard files on disk. Required
path: /opt/bitnami/grafana/dashboards
# <bool> enable folders creation for dashboards
#foldersFromFilesStructure: true
{{- end }}

20
backing-services/grafana/templates/datasources-secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.datasources.secretDefinition }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-datasources
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
datasources.yaml: {{ include "common.tplvalues.render" ( dict "value" .Values.datasources.secretDefinition "context" $ ) | b64enc | nindent 4 }}
{{- end }}

354
backing-services/grafana/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,354 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.grafana.replicaCount }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.grafana.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: grafana
{{- if .Values.grafana.updateStrategy }}
strategy: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.updateStrategy "context" $) | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: grafana
annotations:
{{- if (include "grafana.createAdminSecret" .) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if (include "grafana.createSMTPSecret" .) }}
checksum/smtp-secret: {{ include (print $.Template.BasePath "/smtp-secret.yaml") . | sha256sum }}
{{- end }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/dashboard-provider: {{ include (print $.Template.BasePath "/dashboard-provider.yaml") . | sha256sum }}
{{- if and .Values.ldap.enabled (or (not (empty .Values.ldap.configuration)) (not (empty .Values.ldap.uri))) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) }}
checksum/ldap: {{ include (print $.Template.BasePath "/ldap-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.grafana.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "grafana.imagePullSecrets" . | nindent 6 }}
{{- if .Values.grafana.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.hostAliases "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "grafana.serviceAccountName" . }}
{{- if .Values.grafana.schedulerName }}
schedulerName: {{ .Values.grafana.schedulerName | quote }}
{{- end }}
{{- if .Values.grafana.priorityClassName }}
priorityClassName: {{ .Values.grafana.priorityClassName | quote }}
{{- end }}
{{- if .Values.grafana.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.grafana.podAffinityPreset "component" "grafana" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.grafana.podAntiAffinityPreset "component" "grafana" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.grafana.nodeAffinityPreset.type "key" .Values.grafana.nodeAffinityPreset.key "values" .Values.grafana.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.grafana.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.grafana.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.grafana.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.grafana.podSecurityContext.enabled }}
securityContext: {{- omit .Values.grafana.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.grafana.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.grafana.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if .Values.volumePermissions.enabled }}
- name: volume-permissions
image: {{ include "volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p /bitnami/grafana
find /bitnami/grafana -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.grafana.containerSecurityContext.runAsUser }}:{{ .Values.grafana.podSecurityContext.fsGroup }}
securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
{{- if .Values.volumePermissions.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/grafana
{{- end }}
{{- if .Values.grafana.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: grafana
image: {{ include "grafana.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.grafana.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.grafana.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.grafana.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.grafana.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.args "context" $) | nindent 12 }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "common.names.fullname" . }}-envvars
{{- if .Values.grafana.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.grafana.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVarsSecret "context" $) }}
{{- end }}
env:
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "grafana.adminSecretName" . }}
key: {{ include "grafana.adminSecretPasswordKey" . }}
{{- if .Values.smtp.enabled }}
- name: GF_SMTP_ENABLED
value: "true"
{{- if .Values.smtp.host }}
- name: GF_SMTP_HOST
value: {{ .Values.smtp.host }}
{{- end }}
{{- if .Values.smtp.fromAddress }}
- name: GF_SMTP_FROM_ADDRESS
value: {{ .Values.smtp.fromAddress }}
{{- end }}
{{- if .Values.smtp.fromName }}
- name: GF_SMTP_FROM_NAME
value: {{ .Values.smtp.fromName }}
{{- end }}
{{- if .Values.smtp.skipVerify }}
- name: GF_SMTP_SKIP_VERIFY
value: "{{ .Values.smtp.skipVerify }}"
{{- end }}
- name: GF_SMTP_USER
valueFrom:
secretKeyRef:
name: {{ include "grafana.smtpSecretName" . }}
key: {{ include "grafana.smtpSecretUserKey" . }}
- name: GF_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "grafana.smtpSecretName" . }}
key: {{ include "grafana.smtpSecretPasswordKey" . }}
{{- end }}
{{- if .Values.grafana.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.config.useGrafanaIniFile }}
- name: grafana-ini
mountPath: /opt/bitnami/grafana/conf/grafana.ini
subPath: grafana.ini
{{- end }}
- name: data
mountPath: /opt/bitnami/grafana/data
{{- if .Values.dashboardsProvider.enabled }}
- name: dashboards-provider
mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards
{{- end }}
{{- range .Values.dashboardsConfigMaps }}
- name: {{ include "common.tplvalues.render" ( dict "value" .configMapName "context" $ ) }}
{{- if .folderName }}
mountPath: /opt/bitnami/grafana/dashboards/{{ .folderName }}/{{ .fileName }}
{{- else }}
mountPath: /opt/bitnami/grafana/dashboards/{{ .fileName }}
{{- end }}
subPath: {{ .fileName }}
{{- end }}
{{- if or (.Values.datasources.secretName) (.Values.datasources.secretDefinition) }}
- name: datasources
mountPath: /opt/bitnami/grafana/conf/provisioning/datasources
{{- end }}
{{- if .Values.notifiers.configMapName }}
- name: notifiers
mountPath: /opt/bitnami/grafana/conf/provisioning/notifiers
{{- end }}
{{- if .Values.alerting.configMapName }}
- name: alerting
mountPath: /opt/bitnami/grafana/conf/provisioning/alerting
{{- end }}
{{- if .Values.ldap.enabled }}
- name: ldap
mountPath: /opt/bitnami/grafana/conf/ldap.toml
subPath: ldap.toml
{{- end }}
{{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }}
- name: ldap-tls
mountPath: {{ .Values.ldap.tls.certificatesMountPath }}
{{- end }}
{{- range .Values.grafana.extraConfigmaps }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.grafana.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
ports:
- name: dashboard
containerPort: {{ .Values.grafana.containerPorts.grafana }}
protocol: TCP
{{- if .Values.grafana.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraPorts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.grafana.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.grafana.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.grafana.livenessProbe.path }}
port: dashboard
scheme: {{ .Values.grafana.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.grafana.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.grafana.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.grafana.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.grafana.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.grafana.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.grafana.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.grafana.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.grafana.readinessProbe.path }}
port: dashboard
scheme: {{ .Values.grafana.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.grafana.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.grafana.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.grafana.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.grafana.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.grafana.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.grafana.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.grafana.startupProbe.enabled }}
startupProbe:
httpGet:
path: {{ .Values.grafana.startupProbe.path }}
port: dashboard
scheme: {{ .Values.grafana.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.grafana.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.grafana.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.grafana.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.grafana.startupProbe.successThreshold }}
failureThreshold: {{ .Values.grafana.startupProbe.failureThreshold }}
{{- end }}
{{- if .Values.grafana.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.grafana.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.resources "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.grafana.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.ldap.enabled }}
- name: ldap
{{- if not (empty .Values.ldap.configMapName) }}
configMap:
name: {{ .Values.ldap.configMapName }}
{{- else if not (empty .Values.ldap.secretName) }}
secret:
secretName: {{ .Values.ldap.secretName }}
{{- else }}
secret:
secretName: {{ printf "%s-ldap-conf" (include "common.names.fullname" .) }}
{{- end }}
{{- end }}
{{- if .Values.dashboardsProvider.enabled }}
- name: dashboards-provider
configMap:
{{- if .Values.dashboardsProvider.configMapName }}
name: {{ include "common.tplvalues.render" ( dict "value" .Values.dashboardsProvider.configMapName "context" $) }}
{{- else }}
name: {{ include "common.names.fullname" . }}-provider
{{- end }}
{{- end }}
{{- range .Values.dashboardsConfigMaps }}
- name: {{ include "common.tplvalues.render" ( dict "value" .configMapName "context" $ ) }}
configMap:
name: {{ include "common.tplvalues.render" ( dict "value" .configMapName "context" $ ) }}
{{- end }}
{{- if .Values.datasources.secretName }}
- name: datasources
secret:
secretName: {{ .Values.datasources.secretName }}
{{- else if .Values.datasources.secretDefinition }}
- name: datasources
secret:
secretName: {{ include "common.names.fullname" . }}-datasources
{{- end }}
{{- if .Values.notifiers.configMapName }}
- name: notifiers
configMap:
name: {{ .Values.notifiers.configMapName }}
{{- end }}
{{- if .Values.alerting.configMapName }}
- name: alerting
configMap:
name: {{ .Values.alerting.configMapName }}
{{- end }}
{{- if .Values.config.useGrafanaIniFile }}
- name: grafana-ini
{{- if .Values.config.grafanaIniConfigMap }}
configMap:
name: {{ .Values.config.grafanaIniConfigMap }}
{{- else if .Values.config.grafanaIniSecret }}
secret:
secretName: {{ .Values.config.grafanaIniSecret }}
{{- end }}
{{- end }}
{{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }}
- name: ldap-tls
secret:
secretName: {{ .Values.ldap.tls.certificatesSecret }}
{{- end }}
{{- range .Values.grafana.extraConfigmaps }}
- name: {{ .name }}
configMap:
name: {{ .name }}
{{- end }}
{{- if .Values.grafana.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraVolumes "context" $) | nindent 8 }}
{{- end }}

9
backing-services/grafana/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

66
backing-services/grafana/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.hostname }}
- http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if ne .Values.ingress.hostname "*" }}
host: {{ include "common.tplvalues.render" (dict "value" .Values.ingress.hostname "context" $) }}
{{- end }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

25
backing-services/grafana/templates/ldap-secret.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.ldap.enabled (or (not (empty .Values.ldap.configuration)) (not (empty .Values.ldap.uri))) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-ldap-conf" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{if .Values.ldap.configuration }}
ldap.toml: |-
{{- include "common.tplvalues.render" (dict "value" .Values.ldap.configuration "context" $) | b64enc | nindent 4 }}
{{- else }}
ldap.toml: |-
{{- include "grafana.ldap.config" . | b64enc | nindent 4 }}
{{- end }}
{{- end }}

24
backing-services/grafana/templates/prometheusrules.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "common.names.fullname" . }}
rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }}
{{- end }}

31
backing-services/grafana/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- if not (empty .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
{{- else }}
- {{ .Values.persistence.accessMode | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "grafana.storageClass" . }}
{{- end -}}

20
backing-services/grafana/templates/secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if (include "grafana.createAdminSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-admin
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
GF_SECURITY_ADMIN_PASSWORD: {{ ternary (randAlphaNum 10) .Values.admin.password (empty .Values.admin.password) | b64enc | quote }}
{{- end }}

61
backing-services/grafana/templates/service.yaml Normal file
View File

@@ -0,0 +1,61 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if or (and .Values.metrics.enabled .Values.metrics.service.annotations) .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerClass)) }}
loadBalancerClass: {{ .Values.service.loadBalancerClass }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- port: {{ .Values.service.ports.grafana }}
targetPort: dashboard
protocol: TCP
name: http
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.grafana)) }}
nodePort: {{ .Values.service.nodePorts.grafana }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.grafana.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana

28
backing-services/grafana/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
secrets:
- name: {{ include "common.names.fullname" . }}-admin
{{- if .Values.datasources.secretName }}
- name: {{ .Values.datasources.secretName }}
{{- else if .Values.datasources.secretDefinition }}
- name: {{ include "common.names.fullname" . }}-datasources
{{- end }}
{{- if (include "grafana.createSMTPSecret" .) }}
- name: {{ include "common.names.fullname" . }}-smtp
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

50
backing-services/grafana/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: grafana
endpoints:
- port: http
path: "/metrics"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
{{- end }}

21
backing-services/grafana/templates/smtp-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if (include "grafana.createSMTPSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-smtp
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
GF_SMTP_USER: {{ .Values.smtp.user | b64enc | quote }}
GF_SMTP_PASSWORD: {{ .Values.smtp.password | b64enc | quote }}
{{- end }}

46
backing-services/grafana/templates/tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "grafana-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: grafana
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}