Difference between revisions of "Helm show all grafana/grafana"
Jump to navigation
Jump to search
Line 64: | Line 64: | ||
# name: memory | # name: memory | ||
# targetAverageUtilization: 60 | # targetAverageUtilization: 60 | ||
+ | |||
+ | ## See `kubectl explain poddisruptionbudget.spec` for more | ||
+ | ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | ||
+ | podDisruptionBudget: {} | ||
+ | # minAvailable: 1 | ||
+ | # maxUnavailable: 1 | ||
+ | |||
+ | ## See `kubectl explain deployment.spec.strategy` for more | ||
+ | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | ||
+ | deploymentStrategy: | ||
+ | type: RollingUpdate | ||
+ | |||
+ | readinessProbe: | ||
+ | httpGet: | ||
+ | path: /api/health | ||
+ | port: 3000 | ||
+ | |||
+ | livenessProbe: | ||
+ | httpGet: | ||
+ | path: /api/health | ||
+ | port: 3000 | ||
+ | initialDelaySeconds: 60 | ||
+ | timeoutSeconds: 30 | ||
+ | failureThreshold: 10 | ||
+ | |||
+ | ## Use an alternate scheduler, e.g. "stork". | ||
+ | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | ||
+ | ## | ||
+ | # schedulerName: "default-scheduler" | ||
+ | |||
+ | image: | ||
+ | repository: grafana/grafana | ||
+ | tag: 8.2.5 | ||
+ | sha: "" | ||
+ | pullPolicy: IfNotPresent | ||
+ | |||
+ | ## Optionally specify an array of imagePullSecrets. | ||
+ | ## Secrets must be manually created in the namespace. | ||
+ | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | ||
+ | ## | ||
+ | # pullSecrets: | ||
+ | # - myRegistrKeySecretName | ||
+ | |||
+ | testFramework: | ||
+ | enabled: true | ||
+ | image: "bats/bats" | ||
+ | tag: "v1.4.1" | ||
+ | imagePullPolicy: IfNotPresent | ||
+ | securityContext: {} | ||
+ | |||
+ | securityContext: | ||
+ | runAsUser: 472 | ||
+ | runAsGroup: 472 | ||
+ | fsGroup: 472 | ||
+ | |||
+ | containerSecurityContext: | ||
+ | {} | ||
+ | |||
+ | extraConfigmapMounts: [] | ||
+ | # - name: certs-configmap | ||
+ | # mountPath: /etc/grafana/ssl/ | ||
+ | # subPath: certificates.crt # (optional) | ||
+ | # configMap: certs-configmap | ||
+ | # readOnly: true | ||
+ | |||
+ | extraEmptyDirMounts: [] | ||
+ | # - name: provisioning-notifiers | ||
+ | # mountPath: /etc/grafana/provisioning/notifiers | ||
+ | |||
+ | |||
+ | # Apply extra labels to common labels. | ||
+ | extraLabels: {} | ||
+ | |||
+ | ## Assign a PriorityClassName to pods if set | ||
+ | # priorityClassName: | ||
+ | |||
+ | downloadDashboardsImage: | ||
+ | repository: curlimages/curl | ||
+ | tag: 7.73.0 | ||
+ | sha: "" | ||
+ | pullPolicy: IfNotPresent | ||
+ | |||
+ | downloadDashboards: | ||
+ | env: {} | ||
+ | envFromSecret: "" | ||
+ | resources: {} | ||
+ | |||
+ | ## Pod Annotations | ||
+ | # podAnnotations: {} | ||
+ | |||
+ | ## Pod Labels | ||
+ | # podLabels: {} | ||
+ | |||
+ | podPortName: grafana | ||
+ | |||
+ | ## Deployment annotations | ||
+ | # annotations: {} | ||
+ | |||
+ | ## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). | ||
+ | ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. | ||
+ | ## ref: http://kubernetes.io/docs/user-guide/services/ | ||
+ | ## | ||
+ | service: | ||
+ | enabled: true | ||
+ | type: ClusterIP | ||
+ | port: 80 | ||
+ | targetPort: 3000 | ||
+ | # targetPort: 4181 To be used with a proxy extraContainer | ||
+ | annotations: {} | ||
+ | labels: {} | ||
+ | portName: service | ||
+ | |||
+ | serviceMonitor: | ||
+ | ## If true, a ServiceMonitor CRD is created for a prometheus operator | ||
+ | ## https://github.com/coreos/prometheus-operator | ||
+ | ## | ||
+ | enabled: false | ||
+ | path: /metrics | ||
+ | # namespace: monitoring (defaults to use the namespace this chart is deployed to) | ||
+ | labels: {} | ||
+ | interval: 1m | ||
+ | scheme: http | ||
+ | tlsConfig: {} | ||
+ | scrapeTimeout: 30s | ||
+ | relabelings: [] | ||
+ | |||
+ | extraExposePorts: [] | ||
+ | # - name: keycloak | ||
+ | # port: 8080 | ||
+ | # targetPort: 8080 | ||
+ | # type: ClusterIP | ||
+ | |||
+ | # overrides pod.spec.hostAliases in the grafana deployment's pods | ||
+ | hostAliases: [] | ||
+ | # - ip: "1.2.3.4" | ||
+ | # hostnames: | ||
+ | # - "my.host.com" | ||
+ | |||
+ | ingress: | ||
+ | enabled: false | ||
+ | # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName | ||
+ | # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress | ||
+ | # ingressClassName: nginx | ||
+ | # Values can be templated | ||
+ | annotations: {} | ||
+ | # kubernetes.io/ingress.class: nginx | ||
+ | # kubernetes.io/tls-acme: "true" | ||
+ | labels: {} | ||
+ | path: / | ||
+ | |||
+ | # pathType is only for k8s >= 1.1= | ||
+ | pathType: Prefix | ||
+ | |||
+ | hosts: | ||
+ | - chart-example.local | ||
+ | ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. | ||
+ | extraPaths: [] | ||
+ | # - path: /* | ||
+ | # backend: | ||
+ | # serviceName: ssl-redirect | ||
+ | # servicePort: use-annotation | ||
+ | ## Or for k8s > 1.19 | ||
+ | # - path: /* | ||
+ | # pathType: Prefix | ||
+ | # backend: | ||
+ | # service: | ||
+ | # name: ssl-redirect | ||
+ | # port: | ||
+ | # name: use-annotation | ||
+ | |||
+ | |||
+ | tls: [] | ||
+ | # - secretName: chart-example-tls | ||
+ | # hosts: | ||
+ | # - chart-example.local | ||
+ | |||
+ | resources: {} | ||
+ | # limits: | ||
+ | # cpu: 100m | ||
+ | # memory: 128Mi | ||
+ | # requests: | ||
+ | # cpu: 100m | ||
+ | # memory: 128Mi | ||
+ | |||
+ | ## Node labels for pod assignment | ||
+ | ## ref: https://kubernetes.io/docs/user-guide/node-selection/ | ||
+ | # | ||
+ | nodeSelector: {} | ||
+ | |||
+ | ## Tolerations for pod assignment | ||
+ | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | ||
+ | ## | ||
+ | tolerations: [] | ||
+ | |||
+ | ## Affinity for pod assignment | ||
+ | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | ||
+ | ## | ||
+ | affinity: {} | ||
+ | |||
+ | extraInitContainers: [] | ||
+ | |||
+ | ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod | ||
+ | extraContainers: "" | ||
+ | # extraContainers: | | ||
+ | # - name: proxy | ||
+ | # image: quay.io/gambol99/keycloak-proxy:latest | ||
+ | # args: | ||
+ | # - -provider=github | ||
+ | # - -client-id= | ||
+ | # - -client-secret= | ||
+ | # - -github-org=<ORG_NAME> | ||
+ | # - -email-domain=* | ||
+ | # - -cookie-secret= | ||
+ | # - -http-address=http://0.0.0.0:4181 | ||
+ | # - -upstream-url=http://127.0.0.1:3000 | ||
+ | # ports: | ||
+ | # - name: proxy-web | ||
+ | # containerPort: 4181 | ||
+ | |||
+ | ## Volumes that can be used in init containers that will not be mounted to deployment pods | ||
+ | extraContainerVolumes: [] | ||
+ | # - name: volume-from-secret | ||
+ | # secret: | ||
+ | # secretName: secret-to-mount | ||
+ | # - name: empty-dir-volume | ||
+ | # emptyDir: {} | ||
+ | |||
+ | ## Enable persistence using Persistent Volume Claims | ||
+ | ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | ||
+ | ## | ||
+ | persistence: | ||
+ | type: pvc | ||
+ | enabled: false | ||
+ | # storageClassName: default | ||
+ | accessModes: | ||
+ | - ReadWriteOnce | ||
+ | size: 10Gi | ||
+ | # annotations: {} | ||
+ | finalizers: | ||
+ | - kubernetes.io/pvc-protection | ||
+ | # selectorLabels: {} | ||
+ | # subPath: "" | ||
+ | # existingClaim: | ||
+ | ## If persistence is not enabled, this allows to mount the | ||
+ | ## local storage in-memory to improve performance | ||
+ | ## | ||
+ | inMemory: | ||
+ | enabled: false | ||
+ | ## The maximum usage on memory medium EmptyDir would be | ||
+ | ## the minimum value between the SizeLimit specified | ||
+ | ## here and the sum of memory limits of all containers in a pod | ||
+ | ## | ||
+ | # sizeLimit: 300Mi | ||
+ | |||
+ | initChownData: | ||
+ | ## If false, data ownership will not be reset at startup | ||
+ | ## This allows the prometheus-server to be run with an arbitrary user | ||
+ | ## | ||
+ | enabled: true | ||
+ | |||
+ | ## initChownData container image | ||
+ | ## | ||
+ | image: | ||
+ | repository: busybox | ||
+ | tag: "1.31.1" | ||
+ | sha: "" | ||
+ | pullPolicy: IfNotPresent | ||
+ | |||
+ | ## initChownData resource requests and limits | ||
+ | ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ | ||
+ | ## | ||
+ | resources: {} | ||
+ | # limits: | ||
+ | # cpu: 100m | ||
+ | # memory: 128Mi | ||
+ | # requests: | ||
+ | # cpu: 100m | ||
+ | # memory: 128Mi | ||
+ | |||
+ | # Administrator credentials when not using an existing secret (see below) | ||
+ | adminUser: admin | ||
+ | # adminPassword: strongpassword | ||
+ | |||
+ | # Use an existing secret for the admin user. | ||
+ | admin: | ||
+ | existingSecret: "" | ||
+ | userKey: admin-user | ||
+ | passwordKey: admin-password | ||
+ | |||
+ | ## Define command to be executed at startup by grafana container | ||
+ | ## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) | ||
+ | ## Default is "run.sh" as defined in grafana's Dockerfile | ||
+ | # command: | ||
+ | # - "sh" | ||
+ | # - "/run.sh" | ||
+ | |||
+ | ## Use an alternate scheduler, e.g. "stork". | ||
+ | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | ||
+ | ## | ||
+ | # schedulerName: | ||
+ | |||
+ | ## Use an alternate scheduler, e.g. "stork". | ||
+ | ## | ||
+ | ## Extra environment variables that will be pass onto deployment pods | ||
+ | ## | ||
+ | ## to provide grafana with access to CloudWatch on AWS EKS: | ||
+ | ## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) | ||
+ | ## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the | ||
+ | ## same oidc eks provider as noted before (same as the existing line) | ||
+ | ## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name | ||
+ | ## | ||
+ | ## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", | ||
+ | ## | ||
+ | ## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess | ||
+ | ## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) | ||
+ | ## | ||
+ | ## env: | ||
+ | ## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here | ||
+ | ## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token | ||
+ | ## AWS_REGION: us-east-1 | ||
+ | ## | ||
+ | ## 5. uncomment the EKS section in extraSecretMounts: below | ||
+ | ## 6. uncomment the annotation section in the serviceAccount: above | ||
+ | ## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn | ||
+ | |||
+ | env: {} | ||
+ | |||
+ | ## "valueFrom" environment variable references that will be added to deployment pods | ||
+ | ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core | ||
+ | ## Renders in container spec as: | ||
+ | ## env: | ||
+ | ## ... | ||
+ | ## - name: <key> | ||
+ | ## valueFrom: | ||
+ | ## <value rendered as YAML> | ||
+ | envValueFrom: {} | ||
+ | |||
+ | ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment | ||
+ | ## This can be useful for auth tokens, etc. Value is templated. | ||
+ | envFromSecret: "" | ||
+ | |||
+ | ## Sensible environment variables that will be rendered as new secret object | ||
+ | ## This can be useful for auth tokens, etc | ||
+ | envRenderSecret: {} | ||
+ | |||
+ | ## The names of secrets in the same kubernetes namespace which contain values to be added to the environment | ||
+ | ## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. | ||
+ | envFromSecrets: [] | ||
+ | ## - name: secret-name | ||
+ | ## optional: true | ||
+ | |||
+ | # Inject Kubernetes services as environment variables. | ||
+ | # See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables | ||
+ | enableServiceLinks: true | ||
+ | |||
+ | ## Additional grafana server secret mounts | ||
+ | # Defines additional mounts with secrets. Secrets must be manually created in the namespace. | ||
+ | extraSecretMounts: [] | ||
+ | # - name: secret-files | ||
+ | # mountPath: /etc/secrets | ||
+ | # secretName: grafana-secret-files | ||
+ | # readOnly: true | ||
+ | # subPath: "" | ||
+ | # | ||
+ | # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) | ||
+ | # - name: aws-iam-token | ||
+ | # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount | ||
+ | # readOnly: true | ||
+ | # projected: | ||
+ | # defaultMode: 420 | ||
+ | # sources: | ||
+ | # - serviceAccountToken: | ||
+ | # audience: sts.amazonaws.com | ||
+ | # expirationSeconds: 86400 | ||
+ | # path: token | ||
+ | # | ||
+ | # for CSI e.g. Azure Key Vault use the following | ||
+ | # - name: secrets-store-inline | ||
+ | # mountPath: /run/secrets | ||
+ | # readOnly: true | ||
+ | # csi: | ||
+ | # driver: secrets-store.csi.k8s.io | ||
+ | # readOnly: true | ||
+ | # volumeAttributes: | ||
+ | # secretProviderClass: "akv-grafana-spc" | ||
+ | # nodePublishSecretRef: # Only required when using service principal mode | ||
+ | # name: grafana-akv-creds # Only required when using service principal mode | ||
+ | |||
+ | ## Additional grafana server volume mounts | ||
+ | # Defines additional volume mounts. | ||
+ | extraVolumeMounts: [] | ||
+ | # - name: extra-volume-0 | ||
+ | # mountPath: /mnt/volume0 | ||
+ | # readOnly: true | ||
+ | # existingClaim: volume-claim | ||
+ | # - name: extra-volume-1 | ||
+ | # mountPath: /mnt/volume1 | ||
+ | # readOnly: true | ||
+ | # hostPath: /usr/shared/ | ||
+ | |||
+ | ## Pass the plugins you want installed as a list. | ||
+ | ## | ||
+ | plugins: [] | ||
+ | # - digrich-bubblechart-panel | ||
+ | # - grafana-clock-panel | ||
+ | |||
+ | ## Configure grafana datasources | ||
+ | ## ref: http://docs.grafana.org/administration/provisioning/#datasources | ||
+ | ## | ||
+ | datasources: {} | ||
+ | # datasources.yaml: | ||
+ | # apiVersion: 1 | ||
+ | # datasources: | ||
+ | # - name: Prometheus | ||
+ | # type: prometheus | ||
+ | # url: http://prometheus-prometheus-server | ||
+ | # access: proxy | ||
+ | # isDefault: true | ||
+ | # - name: CloudWatch | ||
+ | # type: cloudwatch | ||
+ | # access: proxy | ||
+ | # uid: cloudwatch | ||
+ | # editable: false | ||
+ | # jsonData: | ||
+ | # authType: default | ||
+ | # defaultRegion: us-east-1 | ||
+ | |||
+ | ## Configure notifiers | ||
+ | ## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels | ||
+ | ## | ||
+ | notifiers: {} | ||
+ | # notifiers.yaml: | ||
+ | # notifiers: | ||
+ | # - name: email-notifier | ||
+ | # type: email | ||
+ | # uid: email1 | ||
+ | # # either: | ||
+ | # org_id: 1 | ||
+ | # # or | ||
+ | # org_name: Main Org. | ||
+ | # is_default: true | ||
+ | # settings: | ||
+ | # addresses: [email protected] | ||
+ | # delete_notifiers: | ||
+ | |||
+ | ## Configure grafana dashboard providers | ||
+ | |||
+ | |||
+ | |||
</pre> | </pre> |
Revision as of 19:50, 5 December 2021
apiVersion: v2 appVersion: 8.2.5 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png kubeVersion: ^1.8.0-0 maintainers: - email: [email protected] name: zanhsieh - email: [email protected] name: rtluckie - email: [email protected] name: maorfr - email: [email protected] name: Xtigyro - email: [email protected] name: torstenwalter name: grafana sources: - https://github.com/grafana/grafana type: application version: 6.17.8 --- rbac: create: true ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) # useExistingRole: name-of-some-(cluster)role pspEnabled: true pspUseAppArmor: true namespaced: false extraRoleRules: [] # - apiGroups: [] # resources: [] # verbs: [] extraClusterRoleRules: [] # - apiGroups: [] # resources: [] # verbs: [] serviceAccount: create: true name: nameTest: # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here autoMount: true replicas: 1 ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: enabled: false # minReplicas: 1 # maxReplicas: 10 # metrics: # - type: Resource # resource: # name: cpu # targetAverageUtilization: 60 # - type: Resource # resource: # name: memory # targetAverageUtilization: 60 ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # minAvailable: 1 # maxUnavailable: 1 ## See `kubectl explain deployment.spec.strategy` for more ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy deploymentStrategy: type: RollingUpdate readinessProbe: httpGet: path: /api/health port: 3000 livenessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 60 timeoutSeconds: 30 failureThreshold: 10 ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: "default-scheduler" image: repository: grafana/grafana tag: 8.2.5 sha: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistrKeySecretName testFramework: enabled: true image: "bats/bats" tag: "v1.4.1" imagePullPolicy: IfNotPresent securityContext: {} securityContext: runAsUser: 472 runAsGroup: 472 fsGroup: 472 containerSecurityContext: {} extraConfigmapMounts: [] # - name: certs-configmap # mountPath: /etc/grafana/ssl/ # subPath: certificates.crt # (optional) # configMap: certs-configmap # readOnly: true extraEmptyDirMounts: [] # - name: provisioning-notifiers # mountPath: /etc/grafana/provisioning/notifiers # Apply extra labels to common labels. extraLabels: {} ## Assign a PriorityClassName to pods if set # priorityClassName: downloadDashboardsImage: repository: curlimages/curl tag: 7.73.0 sha: "" pullPolicy: IfNotPresent downloadDashboards: env: {} envFromSecret: "" resources: {} ## Pod Annotations # podAnnotations: {} ## Pod Labels # podLabels: {} podPortName: grafana ## Deployment annotations # annotations: {} ## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. ## ref: http://kubernetes.io/docs/user-guide/services/ ## service: enabled: true type: ClusterIP port: 80 targetPort: 3000 # targetPort: 4181 To be used with a proxy extraContainer annotations: {} labels: {} portName: service serviceMonitor: ## If true, a ServiceMonitor CRD is created for a prometheus operator ## https://github.com/coreos/prometheus-operator ## enabled: false path: /metrics # namespace: monitoring (defaults to use the namespace this chart is deployed to) labels: {} interval: 1m scheme: http tlsConfig: {} scrapeTimeout: 30s relabelings: [] extraExposePorts: [] # - name: keycloak # port: 8080 # targetPort: 8080 # type: ClusterIP # overrides pod.spec.hostAliases in the grafana deployment's pods hostAliases: [] # - ip: "1.2.3.4" # hostnames: # - "my.host.com" ingress: enabled: false # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # Values can be templated annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" labels: {} path: / # pathType is only for k8s >= 1.1= pathType: Prefix hosts: - chart-example.local ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation ## Or for k8s > 1.19 # - path: /* # pathType: Prefix # backend: # service: # name: ssl-redirect # port: # name: use-annotation tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi ## Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ # nodeSelector: {} ## Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} extraInitContainers: [] ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod extraContainers: "" # extraContainers: | # - name: proxy # image: quay.io/gambol99/keycloak-proxy:latest # args: # - -provider=github # - -client-id= # - -client-secret= # - -github-org=<ORG_NAME> # - -email-domain=* # - -cookie-secret= # - -http-address=http://0.0.0.0:4181 # - -upstream-url=http://127.0.0.1:3000 # ports: # - name: proxy-web # containerPort: 4181 ## Volumes that can be used in init containers that will not be mounted to deployment pods extraContainerVolumes: [] # - name: volume-from-secret # secret: # secretName: secret-to-mount # - name: empty-dir-volume # emptyDir: {} ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: type: pvc enabled: false # storageClassName: default accessModes: - ReadWriteOnce size: 10Gi # annotations: {} finalizers: - kubernetes.io/pvc-protection # selectorLabels: {} # subPath: "" # existingClaim: ## If persistence is not enabled, this allows to mount the ## local storage in-memory to improve performance ## inMemory: enabled: false ## The maximum usage on memory medium EmptyDir would be ## the minimum value between the SizeLimit specified ## here and the sum of memory limits of all containers in a pod ## # sizeLimit: 300Mi initChownData: ## If false, data ownership will not be reset at startup ## This allows the prometheus-server to be run with an arbitrary user ## enabled: true ## initChownData container image ## image: repository: busybox tag: "1.31.1" sha: "" pullPolicy: IfNotPresent ## initChownData resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # Administrator credentials when not using an existing secret (see below) adminUser: admin # adminPassword: strongpassword # Use an existing secret for the admin user. admin: existingSecret: "" userKey: admin-user passwordKey: admin-password ## Define command to be executed at startup by grafana container ## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) ## Default is "run.sh" as defined in grafana's Dockerfile # command: # - "sh" # - "/run.sh" ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: ## Use an alternate scheduler, e.g. "stork". ## ## Extra environment variables that will be pass onto deployment pods ## ## to provide grafana with access to CloudWatch on AWS EKS: ## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) ## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the ## same oidc eks provider as noted before (same as the existing line) ## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name ## ## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", ## ## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess ## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) ## ## env: ## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here ## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token ## AWS_REGION: us-east-1 ## ## 5. uncomment the EKS section in extraSecretMounts: below ## 6. uncomment the annotation section in the serviceAccount: above ## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn env: {} ## "valueFrom" environment variable references that will be added to deployment pods ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core ## Renders in container spec as: ## env: ## ... ## - name: <key> ## valueFrom: ## <value rendered as YAML> envValueFrom: {} ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment ## This can be useful for auth tokens, etc. Value is templated. envFromSecret: "" ## Sensible environment variables that will be rendered as new secret object ## This can be useful for auth tokens, etc envRenderSecret: {} ## The names of secrets in the same kubernetes namespace which contain values to be added to the environment ## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. envFromSecrets: [] ## - name: secret-name ## optional: true # Inject Kubernetes services as environment variables. # See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables enableServiceLinks: true ## Additional grafana server secret mounts # Defines additional mounts with secrets. Secrets must be manually created in the namespace. extraSecretMounts: [] # - name: secret-files # mountPath: /etc/secrets # secretName: grafana-secret-files # readOnly: true # subPath: "" # # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) # - name: aws-iam-token # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount # readOnly: true # projected: # defaultMode: 420 # sources: # - serviceAccountToken: # audience: sts.amazonaws.com # expirationSeconds: 86400 # path: token # # for CSI e.g. Azure Key Vault use the following # - name: secrets-store-inline # mountPath: /run/secrets # readOnly: true # csi: # driver: secrets-store.csi.k8s.io # readOnly: true # volumeAttributes: # secretProviderClass: "akv-grafana-spc" # nodePublishSecretRef: # Only required when using service principal mode # name: grafana-akv-creds # Only required when using service principal mode ## Additional grafana server volume mounts # Defines additional volume mounts. extraVolumeMounts: [] # - name: extra-volume-0 # mountPath: /mnt/volume0 # readOnly: true # existingClaim: volume-claim # - name: extra-volume-1 # mountPath: /mnt/volume1 # readOnly: true # hostPath: /usr/shared/ ## Pass the plugins you want installed as a list. ## plugins: [] # - digrich-bubblechart-panel # - grafana-clock-panel ## Configure grafana datasources ## ref: http://docs.grafana.org/administration/provisioning/#datasources ## datasources: {} # datasources.yaml: # apiVersion: 1 # datasources: # - name: Prometheus # type: prometheus # url: http://prometheus-prometheus-server # access: proxy # isDefault: true # - name: CloudWatch # type: cloudwatch # access: proxy # uid: cloudwatch # editable: false # jsonData: # authType: default # defaultRegion: us-east-1 ## Configure notifiers ## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels ## notifiers: {} # notifiers.yaml: # notifiers: # - name: email-notifier # type: email # uid: email1 # # either: # org_id: 1 # # or # org_name: Main Org. # is_default: true # settings: # addresses: [email protected] # delete_notifiers: ## Configure grafana dashboard providers
Advertising: