Difference between revisions of "Helm show all grafana/grafana"

From wikieduonline
Jump to navigation Jump to search
Line 64: Line 64:
 
#      name: memory
 
#      name: memory
 
#      targetAverageUtilization: 60
 
#      targetAverageUtilization: 60
 +
 +
## See `kubectl explain poddisruptionbudget.spec` for more
 +
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
 +
podDisruptionBudget: {}
 +
#  minAvailable: 1
 +
#  maxUnavailable: 1
 +
 +
## See `kubectl explain deployment.spec.strategy` for more
 +
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
 +
deploymentStrategy:
 +
  type: RollingUpdate
 +
 +
readinessProbe:
 +
  httpGet:
 +
    path: /api/health
 +
    port: 3000
 +
 +
livenessProbe:
 +
  httpGet:
 +
    path: /api/health
 +
    port: 3000
 +
  initialDelaySeconds: 60
 +
  timeoutSeconds: 30
 +
  failureThreshold: 10
 +
 +
## Use an alternate scheduler, e.g. "stork".
 +
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
 +
##
 +
# schedulerName: "default-scheduler"
 +
 +
image:
 +
  repository: grafana/grafana
 +
  tag: 8.2.5
 +
  sha: ""
 +
  pullPolicy: IfNotPresent
 +
 +
  ## Optionally specify an array of imagePullSecrets.
 +
  ## Secrets must be manually created in the namespace.
 +
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 +
  ##
 +
  # pullSecrets:
 +
  #  - myRegistrKeySecretName
 +
 +
testFramework:
 +
  enabled: true
 +
  image: "bats/bats"
 +
  tag: "v1.4.1"
 +
  imagePullPolicy: IfNotPresent
 +
  securityContext: {}
 +
 +
securityContext:
 +
  runAsUser: 472
 +
  runAsGroup: 472
 +
  fsGroup: 472
 +
 +
containerSecurityContext:
 +
  {}
 +
 +
extraConfigmapMounts: []
 +
  # - name: certs-configmap
 +
  #  mountPath: /etc/grafana/ssl/
 +
  #  subPath: certificates.crt # (optional)
 +
  #  configMap: certs-configmap
 +
  #  readOnly: true
 +
 +
extraEmptyDirMounts: []
 +
  # - name: provisioning-notifiers
 +
  #  mountPath: /etc/grafana/provisioning/notifiers
 +
 +
 +
# Apply extra labels to common labels.
 +
extraLabels: {}
 +
 +
## Assign a PriorityClassName to pods if set
 +
# priorityClassName:
 +
 +
downloadDashboardsImage:
 +
  repository: curlimages/curl
 +
  tag: 7.73.0
 +
  sha: ""
 +
  pullPolicy: IfNotPresent
 +
 +
downloadDashboards:
 +
  env: {}
 +
  envFromSecret: ""
 +
  resources: {}
 +
 +
## Pod Annotations
 +
# podAnnotations: {}
 +
 +
## Pod Labels
 +
# podLabels: {}
 +
 +
podPortName: grafana
 +
 +
## Deployment annotations
 +
# annotations: {}
 +
 +
## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
 +
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
 +
## ref: http://kubernetes.io/docs/user-guide/services/
 +
##
 +
service:
 +
  enabled: true
 +
  type: ClusterIP
 +
  port: 80
 +
  targetPort: 3000
 +
    # targetPort: 4181 To be used with a proxy extraContainer
 +
  annotations: {}
 +
  labels: {}
 +
  portName: service
 +
 +
serviceMonitor:
 +
  ## If true, a ServiceMonitor CRD is created for a prometheus operator
 +
  ## https://github.com/coreos/prometheus-operator
 +
  ##
 +
  enabled: false
 +
  path: /metrics
 +
  #  namespace: monitoring  (defaults to use the namespace this chart is deployed to)
 +
  labels: {}
 +
  interval: 1m
 +
  scheme: http
 +
  tlsConfig: {}
 +
  scrapeTimeout: 30s
 +
  relabelings: []
 +
 +
extraExposePorts: []
 +
# - name: keycloak
 +
#  port: 8080
 +
#  targetPort: 8080
 +
#  type: ClusterIP
 +
 +
# overrides pod.spec.hostAliases in the grafana deployment's pods
 +
hostAliases: []
 +
  # - ip: "1.2.3.4"
 +
  #  hostnames:
 +
  #    - "my.host.com"
 +
 +
ingress:
 +
  enabled: false
 +
  # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
 +
  # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
 +
  # ingressClassName: nginx
 +
  # Values can be templated
 +
  annotations: {}
 +
    # kubernetes.io/ingress.class: nginx
 +
    # kubernetes.io/tls-acme: "true"
 +
  labels: {}
 +
  path: /
 +
 +
  # pathType is only for k8s >= 1.1=
 +
  pathType: Prefix
 +
 +
  hosts:
 +
    - chart-example.local
 +
  ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
 +
  extraPaths: []
 +
  # - path: /*
 +
  #  backend:
 +
  #    serviceName: ssl-redirect
 +
  #    servicePort: use-annotation
 +
  ## Or for k8s > 1.19
 +
  # - path: /*
 +
  #  pathType: Prefix
 +
  #  backend:
 +
  #    service:
 +
  #      name: ssl-redirect
 +
  #      port:
 +
  #        name: use-annotation
 +
 +
 +
  tls: []
 +
  #  - secretName: chart-example-tls
 +
  #    hosts:
 +
  #      - chart-example.local
 +
 +
resources: {}
 +
#  limits:
 +
#    cpu: 100m
 +
#    memory: 128Mi
 +
#  requests:
 +
#    cpu: 100m
 +
#    memory: 128Mi
 +
 +
## Node labels for pod assignment
 +
## ref: https://kubernetes.io/docs/user-guide/node-selection/
 +
#
 +
nodeSelector: {}
 +
 +
## Tolerations for pod assignment
 +
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 +
##
 +
tolerations: []
 +
 +
## Affinity for pod assignment
 +
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 +
##
 +
affinity: {}
 +
 +
extraInitContainers: []
 +
 +
## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
 +
extraContainers: ""
 +
# extraContainers: |
 +
# - name: proxy
 +
#  image: quay.io/gambol99/keycloak-proxy:latest
 +
#  args:
 +
#  - -provider=github
 +
#  - -client-id=
 +
#  - -client-secret=
 +
#  - -github-org=<ORG_NAME>
 +
#  - -email-domain=*
 +
#  - -cookie-secret=
 +
#  - -http-address=http://0.0.0.0:4181
 +
#  - -upstream-url=http://127.0.0.1:3000
 +
#  ports:
 +
#    - name: proxy-web
 +
#      containerPort: 4181
 +
 +
## Volumes that can be used in init containers that will not be mounted to deployment pods
 +
extraContainerVolumes: []
 +
#  - name: volume-from-secret
 +
#    secret:
 +
#      secretName: secret-to-mount
 +
#  - name: empty-dir-volume
 +
#    emptyDir: {}
 +
 +
## Enable persistence using Persistent Volume Claims
 +
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 +
##
 +
persistence:
 +
  type: pvc
 +
  enabled: false
 +
  # storageClassName: default
 +
  accessModes:
 +
    - ReadWriteOnce
 +
  size: 10Gi
 +
  # annotations: {}
 +
  finalizers:
 +
    - kubernetes.io/pvc-protection
 +
  # selectorLabels: {}
 +
  # subPath: ""
 +
  # existingClaim:
 +
  ## If persistence is not enabled, this allows to mount the
 +
  ## local storage in-memory to improve performance
 +
  ##
 +
  inMemory:
 +
    enabled: false
 +
    ## The maximum usage on memory medium EmptyDir would be
 +
    ## the minimum value between the SizeLimit specified
 +
    ## here and the sum of memory limits of all containers in a pod
 +
    ##
 +
    # sizeLimit: 300Mi
 +
 +
initChownData:
 +
  ## If false, data ownership will not be reset at startup
 +
  ## This allows the prometheus-server to be run with an arbitrary user
 +
  ##
 +
  enabled: true
 +
 +
  ## initChownData container image
 +
  ##
 +
  image:
 +
    repository: busybox
 +
    tag: "1.31.1"
 +
    sha: ""
 +
    pullPolicy: IfNotPresent
 +
 +
  ## initChownData resource requests and limits
 +
  ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
 +
  ##
 +
  resources: {}
 +
  #  limits:
 +
  #    cpu: 100m
 +
  #    memory: 128Mi
 +
  #  requests:
 +
  #    cpu: 100m
 +
  #    memory: 128Mi
 +
 +
# Administrator credentials when not using an existing secret (see below)
 +
adminUser: admin
 +
# adminPassword: strongpassword
 +
 +
# Use an existing secret for the admin user.
 +
admin:
 +
  existingSecret: ""
 +
  userKey: admin-user
 +
  passwordKey: admin-password
 +
 +
## Define command to be executed at startup by grafana container
 +
## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)
 +
## Default is "run.sh" as defined in grafana's Dockerfile
 +
# command:
 +
# - "sh"
 +
# - "/run.sh"
 +
 +
## Use an alternate scheduler, e.g. "stork".
 +
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
 +
##
 +
# schedulerName:
 +
 +
## Use an alternate scheduler, e.g. "stork".
 +
##
 +
## Extra environment variables that will be pass onto deployment pods
 +
##
 +
## to provide grafana with access to CloudWatch on AWS EKS:
 +
## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later)
 +
## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the
 +
## same oidc eks provider as noted before (same as the existing line)
 +
## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name
 +
##
 +
##  "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana",
 +
##
 +
## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess
 +
## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name)
 +
##
 +
## env:
 +
##  AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
 +
##  AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
 +
##  AWS_REGION: us-east-1
 +
##
 +
## 5. uncomment the EKS section in extraSecretMounts: below
 +
## 6. uncomment the annotation section in the serviceAccount: above
 +
## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn
 +
 +
env: {}
 +
 +
## "valueFrom" environment variable references that will be added to deployment pods
 +
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core
 +
## Renders in container spec as:
 +
##  env:
 +
##    ...
 +
##    - name: <key>
 +
##      valueFrom:
 +
##        <value rendered as YAML>
 +
envValueFrom: {}
 +
 +
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
 +
## This can be useful for auth tokens, etc. Value is templated.
 +
envFromSecret: ""
 +
 +
## Sensible environment variables that will be rendered as new secret object
 +
## This can be useful for auth tokens, etc
 +
envRenderSecret: {}
 +
 +
## The names of secrets in the same kubernetes namespace which contain values to be added to the environment
 +
## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key.
 +
envFromSecrets: []
 +
## - name: secret-name
 +
##  optional: true
 +
 +
# Inject Kubernetes services as environment variables.
 +
# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables
 +
enableServiceLinks: true
 +
 +
## Additional grafana server secret mounts
 +
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
 +
extraSecretMounts: []
 +
  # - name: secret-files
 +
  #  mountPath: /etc/secrets
 +
  #  secretName: grafana-secret-files
 +
  #  readOnly: true
 +
  #  subPath: ""
 +
  #
 +
  # for AWS EKS (cloudwatch) use the following (see also instruction in env: above)
 +
  # - name: aws-iam-token
 +
  #  mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
 +
  #  readOnly: true
 +
  #  projected:
 +
  #    defaultMode: 420
 +
  #    sources:
 +
  #      - serviceAccountToken:
 +
  #          audience: sts.amazonaws.com
 +
  #          expirationSeconds: 86400
 +
  #          path: token
 +
  #
 +
  # for CSI e.g. Azure Key Vault use the following
 +
  # - name: secrets-store-inline
 +
  #  mountPath: /run/secrets
 +
  #  readOnly: true
 +
  #  csi:
 +
  #    driver: secrets-store.csi.k8s.io
 +
  #    readOnly: true
 +
  #    volumeAttributes:
 +
  #      secretProviderClass: "akv-grafana-spc"
 +
  #    nodePublishSecretRef:                      # Only required when using service principal mode
 +
  #      name: grafana-akv-creds                  # Only required when using service principal mode
 +
 +
## Additional grafana server volume mounts
 +
# Defines additional volume mounts.
 +
extraVolumeMounts: []
 +
  # - name: extra-volume-0
 +
  #  mountPath: /mnt/volume0
 +
  #  readOnly: true
 +
  #  existingClaim: volume-claim
 +
  # - name: extra-volume-1
 +
  #  mountPath: /mnt/volume1
 +
  #  readOnly: true
 +
  #  hostPath: /usr/shared/
 +
 +
## Pass the plugins you want installed as a list.
 +
##
 +
plugins: []
 +
  # - digrich-bubblechart-panel
 +
  # - grafana-clock-panel
 +
 +
## Configure grafana datasources
 +
## ref: http://docs.grafana.org/administration/provisioning/#datasources
 +
##
 +
datasources: {}
 +
#  datasources.yaml:
 +
#    apiVersion: 1
 +
#    datasources:
 +
#    - name: Prometheus
 +
#      type: prometheus
 +
#      url: http://prometheus-prometheus-server
 +
#      access: proxy
 +
#      isDefault: true
 +
#    - name: CloudWatch
 +
#      type: cloudwatch
 +
#      access: proxy
 +
#      uid: cloudwatch
 +
#      editable: false
 +
#      jsonData:
 +
#        authType: default
 +
#        defaultRegion: us-east-1
 +
 +
## Configure notifiers
 +
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels
 +
##
 +
notifiers: {}
 +
#  notifiers.yaml:
 +
#    notifiers:
 +
#    - name: email-notifier
 +
#      type: email
 +
#      uid: email1
 +
#      # either:
 +
#      org_id: 1
 +
#      # or
 +
#      org_name: Main Org.
 +
#      is_default: true
 +
#      settings:
 +
#        addresses: [email protected]
 +
#    delete_notifiers:
 +
 +
## Configure grafana dashboard providers
 +
 +
 +
 
</pre>
 
</pre>

Revision as of 19:50, 5 December 2021

apiVersion: v2
appVersion: 8.2.5
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
kubeVersion: ^1.8.0-0
maintainers:
- email: [email protected]
  name: zanhsieh
- email: [email protected]
  name: rtluckie
- email: [email protected]
  name: maorfr
- email: [email protected]
  name: Xtigyro
- email: [email protected]
  name: torstenwalter
name: grafana
sources:
- https://github.com/grafana/grafana
type: application
version: 6.17.8

---
rbac:
  create: true
  ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
  # useExistingRole: name-of-some-(cluster)role
  pspEnabled: true
  pspUseAppArmor: true
  namespaced: false
  extraRoleRules: []
  # - apiGroups: []
  #   resources: []
  #   verbs: []
  extraClusterRoleRules: []
  # - apiGroups: []
  #   resources: []
  #   verbs: []
serviceAccount:
  create: true
  name:
  nameTest:
#  annotations:
#    eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
  autoMount: true

replicas: 1

## Create HorizontalPodAutoscaler object for deployment type
#
autoscaling:
  enabled: false
#   minReplicas: 1
#   maxReplicas: 10
#   metrics:
#   - type: Resource
#     resource:
#       name: cpu
#       targetAverageUtilization: 60
#   - type: Resource
#     resource:
#       name: memory
#       targetAverageUtilization: 60

## See `kubectl explain poddisruptionbudget.spec` for more
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget: {}
#  minAvailable: 1
#  maxUnavailable: 1

## See `kubectl explain deployment.spec.strategy` for more
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
deploymentStrategy:
  type: RollingUpdate

readinessProbe:
  httpGet:
    path: /api/health
    port: 3000

livenessProbe:
  httpGet:
    path: /api/health
    port: 3000
  initialDelaySeconds: 60
  timeoutSeconds: 30
  failureThreshold: 10

## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName: "default-scheduler"

image:
  repository: grafana/grafana
  tag: 8.2.5
  sha: ""
  pullPolicy: IfNotPresent

  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecrets:
  #   - myRegistrKeySecretName

testFramework:
  enabled: true
  image: "bats/bats"
  tag: "v1.4.1"
  imagePullPolicy: IfNotPresent
  securityContext: {}

securityContext:
  runAsUser: 472
  runAsGroup: 472
  fsGroup: 472

containerSecurityContext:
  {}

extraConfigmapMounts: []
  # - name: certs-configmap
  #   mountPath: /etc/grafana/ssl/
  #   subPath: certificates.crt # (optional)
  #   configMap: certs-configmap
  #   readOnly: true

extraEmptyDirMounts: []
  # - name: provisioning-notifiers
  #   mountPath: /etc/grafana/provisioning/notifiers


# Apply extra labels to common labels.
extraLabels: {}

## Assign a PriorityClassName to pods if set
# priorityClassName:

downloadDashboardsImage:
  repository: curlimages/curl
  tag: 7.73.0
  sha: ""
  pullPolicy: IfNotPresent

downloadDashboards:
  env: {}
  envFromSecret: ""
  resources: {}

## Pod Annotations
# podAnnotations: {}

## Pod Labels
# podLabels: {}

podPortName: grafana

## Deployment annotations
# annotations: {}

## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
  enabled: true
  type: ClusterIP
  port: 80
  targetPort: 3000
    # targetPort: 4181 To be used with a proxy extraContainer
  annotations: {}
  labels: {}
  portName: service

serviceMonitor:
  ## If true, a ServiceMonitor CRD is created for a prometheus operator
  ## https://github.com/coreos/prometheus-operator
  ##
  enabled: false
  path: /metrics
  #  namespace: monitoring  (defaults to use the namespace this chart is deployed to)
  labels: {}
  interval: 1m
  scheme: http
  tlsConfig: {}
  scrapeTimeout: 30s
  relabelings: []

extraExposePorts: []
 # - name: keycloak
 #   port: 8080
 #   targetPort: 8080
 #   type: ClusterIP

# overrides pod.spec.hostAliases in the grafana deployment's pods
hostAliases: []
  # - ip: "1.2.3.4"
  #   hostnames:
  #     - "my.host.com"

ingress:
  enabled: false
  # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
  # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
  # ingressClassName: nginx
  # Values can be templated
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  labels: {}
  path: /

  # pathType is only for k8s >= 1.1=
  pathType: Prefix

  hosts:
    - chart-example.local
  ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
  extraPaths: []
  # - path: /*
  #   backend:
  #     serviceName: ssl-redirect
  #     servicePort: use-annotation
  ## Or for k8s > 1.19
  # - path: /*
  #   pathType: Prefix
  #   backend:
  #     service:
  #       name: ssl-redirect
  #       port:
  #         name: use-annotation


  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

resources: {}
#  limits:
#    cpu: 100m
#    memory: 128Mi
#  requests:
#    cpu: 100m
#    memory: 128Mi

## Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
#
nodeSelector: {}

## Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []

## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

extraInitContainers: []

## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
extraContainers: ""
# extraContainers: |
# - name: proxy
#   image: quay.io/gambol99/keycloak-proxy:latest
#   args:
#   - -provider=github
#   - -client-id=
#   - -client-secret=
#   - -github-org=<ORG_NAME>
#   - -email-domain=*
#   - -cookie-secret=
#   - -http-address=http://0.0.0.0:4181
#   - -upstream-url=http://127.0.0.1:3000
#   ports:
#     - name: proxy-web
#       containerPort: 4181

## Volumes that can be used in init containers that will not be mounted to deployment pods
extraContainerVolumes: []
#  - name: volume-from-secret
#    secret:
#      secretName: secret-to-mount
#  - name: empty-dir-volume
#    emptyDir: {}

## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  type: pvc
  enabled: false
  # storageClassName: default
  accessModes:
    - ReadWriteOnce
  size: 10Gi
  # annotations: {}
  finalizers:
    - kubernetes.io/pvc-protection
  # selectorLabels: {}
  # subPath: ""
  # existingClaim:
  ## If persistence is not enabled, this allows to mount the
  ## local storage in-memory to improve performance
  ##
  inMemory:
    enabled: false
    ## The maximum usage on memory medium EmptyDir would be
    ## the minimum value between the SizeLimit specified
    ## here and the sum of memory limits of all containers in a pod
    ##
    # sizeLimit: 300Mi

initChownData:
  ## If false, data ownership will not be reset at startup
  ## This allows the prometheus-server to be run with an arbitrary user
  ##
  enabled: true

  ## initChownData container image
  ##
  image:
    repository: busybox
    tag: "1.31.1"
    sha: ""
    pullPolicy: IfNotPresent

  ## initChownData resource requests and limits
  ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources: {}
  #  limits:
  #    cpu: 100m
  #    memory: 128Mi
  #  requests:
  #    cpu: 100m
  #    memory: 128Mi

# Administrator credentials when not using an existing secret (see below)
adminUser: admin
# adminPassword: strongpassword

# Use an existing secret for the admin user.
admin:
  existingSecret: ""
  userKey: admin-user
  passwordKey: admin-password

## Define command to be executed at startup by grafana container
## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)
## Default is "run.sh" as defined in grafana's Dockerfile
# command:
# - "sh"
# - "/run.sh"

## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:

## Use an alternate scheduler, e.g. "stork".
##
## Extra environment variables that will be pass onto deployment pods
##
## to provide grafana with access to CloudWatch on AWS EKS:
## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later)
## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the
## same oidc eks provider as noted before (same as the existing line)
## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name
##
##  "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana",
##
## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess
## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name)
##
## env:
##   AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
##   AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
##   AWS_REGION: us-east-1
##
## 5. uncomment the EKS section in extraSecretMounts: below
## 6. uncomment the annotation section in the serviceAccount: above
## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn

env: {}

## "valueFrom" environment variable references that will be added to deployment pods
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core
## Renders in container spec as:
##   env:
##     ...
##     - name: <key>
##       valueFrom:
##         <value rendered as YAML>
envValueFrom: {}

## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
## This can be useful for auth tokens, etc. Value is templated.
envFromSecret: ""

## Sensible environment variables that will be rendered as new secret object
## This can be useful for auth tokens, etc
envRenderSecret: {}

## The names of secrets in the same kubernetes namespace which contain values to be added to the environment
## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key.
envFromSecrets: []
## - name: secret-name
##   optional: true

# Inject Kubernetes services as environment variables.
# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables
enableServiceLinks: true

## Additional grafana server secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts: []
  # - name: secret-files
  #   mountPath: /etc/secrets
  #   secretName: grafana-secret-files
  #   readOnly: true
  #   subPath: ""
  #
  # for AWS EKS (cloudwatch) use the following (see also instruction in env: above)
  # - name: aws-iam-token
  #   mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
  #   readOnly: true
  #   projected:
  #     defaultMode: 420
  #     sources:
  #       - serviceAccountToken:
  #           audience: sts.amazonaws.com
  #           expirationSeconds: 86400
  #           path: token
  #
  # for CSI e.g. Azure Key Vault use the following
  # - name: secrets-store-inline
  #  mountPath: /run/secrets
  #  readOnly: true
  #  csi:
  #    driver: secrets-store.csi.k8s.io
  #    readOnly: true
  #    volumeAttributes:
  #      secretProviderClass: "akv-grafana-spc"
  #    nodePublishSecretRef:                       # Only required when using service principal mode
  #       name: grafana-akv-creds                  # Only required when using service principal mode

## Additional grafana server volume mounts
# Defines additional volume mounts.
extraVolumeMounts: []
  # - name: extra-volume-0
  #   mountPath: /mnt/volume0
  #   readOnly: true
  #   existingClaim: volume-claim
  # - name: extra-volume-1
  #   mountPath: /mnt/volume1
  #   readOnly: true
  #   hostPath: /usr/shared/

## Pass the plugins you want installed as a list.
##
plugins: []
  # - digrich-bubblechart-panel
  # - grafana-clock-panel

## Configure grafana datasources
## ref: http://docs.grafana.org/administration/provisioning/#datasources
##
datasources: {}
#  datasources.yaml:
#    apiVersion: 1
#    datasources:
#    - name: Prometheus
#      type: prometheus
#      url: http://prometheus-prometheus-server
#      access: proxy
#      isDefault: true
#    - name: CloudWatch
#      type: cloudwatch
#      access: proxy
#      uid: cloudwatch
#      editable: false
#      jsonData:
#        authType: default
#        defaultRegion: us-east-1

## Configure notifiers
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels
##
notifiers: {}
#  notifiers.yaml:
#    notifiers:
#    - name: email-notifier
#      type: email
#      uid: email1
#      # either:
#      org_id: 1
#      # or
#      org_name: Main Org.
#      is_default: true
#      settings:
#        addresses: [email protected]
#    delete_notifiers:

## Configure grafana dashboard providers



Advertising: