Helm show all grafana/grafana
Jump to navigation
Jump to search
apiVersion: v2 appVersion: 8.2.5 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png kubeVersion: ^1.8.0-0 maintainers: - email: [email protected] name: zanhsieh - email: [email protected] name: rtluckie - email: [email protected] name: maorfr - email: [email protected] name: Xtigyro - email: [email protected] name: torstenwalter name: grafana sources: - https://github.com/grafana/grafana type: application version: 6.17.8 --- rbac: create: true ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) # useExistingRole: name-of-some-(cluster)role pspEnabled: true pspUseAppArmor: true namespaced: false extraRoleRules: [] # - apiGroups: [] # resources: [] # verbs: [] extraClusterRoleRules: [] # - apiGroups: [] # resources: [] # verbs: [] serviceAccount: create: true name: nameTest: # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here autoMount: true replicas: 1 ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: enabled: false # minReplicas: 1 # maxReplicas: 10 # metrics: # - type: Resource # resource: # name: cpu # targetAverageUtilization: 60 # - type: Resource # resource: # name: memory # targetAverageUtilization: 60 ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # minAvailable: 1 # maxUnavailable: 1 ## See `kubectl explain deployment.spec.strategy` for more ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy deploymentStrategy: type: RollingUpdate readinessProbe: httpGet: path: /api/health port: 3000 livenessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 60 timeoutSeconds: 30 failureThreshold: 10 ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: "default-scheduler" image: repository: grafana/grafana tag: 8.2.5 sha: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistrKeySecretName testFramework: enabled: true image: "bats/bats" tag: "v1.4.1" imagePullPolicy: IfNotPresent securityContext: {} securityContext: runAsUser: 472 runAsGroup: 472 fsGroup: 472 containerSecurityContext: {} extraConfigmapMounts: [] # - name: certs-configmap # mountPath: /etc/grafana/ssl/ # subPath: certificates.crt # (optional) # configMap: certs-configmap # readOnly: true extraEmptyDirMounts: [] # - name: provisioning-notifiers # mountPath: /etc/grafana/provisioning/notifiers # Apply extra labels to common labels. extraLabels: {} ## Assign a PriorityClassName to pods if set # priorityClassName: downloadDashboardsImage: repository: curlimages/curl tag: 7.73.0 sha: "" pullPolicy: IfNotPresent downloadDashboards: env: {} envFromSecret: "" resources: {} ## Pod Annotations # podAnnotations: {} ## Pod Labels # podLabels: {} podPortName: grafana ## Deployment annotations # annotations: {} ## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. ## ref: http://kubernetes.io/docs/user-guide/services/ ## service: enabled: true type: ClusterIP port: 80 targetPort: 3000 # targetPort: 4181 To be used with a proxy extraContainer annotations: {} labels: {} portName: service serviceMonitor: ## If true, a ServiceMonitor CRD is created for a prometheus operator ## https://github.com/coreos/prometheus-operator ## enabled: false path: /metrics # namespace: monitoring (defaults to use the namespace this chart is deployed to) labels: {} interval: 1m scheme: http tlsConfig: {} scrapeTimeout: 30s relabelings: [] extraExposePorts: [] # - name: keycloak # port: 8080 # targetPort: 8080 # type: ClusterIP # overrides pod.spec.hostAliases in the grafana deployment's pods hostAliases: [] # - ip: "1.2.3.4" # hostnames: # - "my.host.com" ingress: enabled: false # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # Values can be templated annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" labels: {} path: / # pathType is only for k8s >= 1.1= pathType: Prefix hosts: - chart-example.local ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation ## Or for k8s > 1.19 # - path: /* # pathType: Prefix # backend: # service: # name: ssl-redirect # port: # name: use-annotation tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi ## Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ # nodeSelector: {} ## Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} extraInitContainers: [] ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod extraContainers: "" # extraContainers: | # - name: proxy # image: quay.io/gambol99/keycloak-proxy:latest # args: # - -provider=github # - -client-id= # - -client-secret= # - -github-org=<ORG_NAME> # - -email-domain=* # - -cookie-secret= # - -http-address=http://0.0.0.0:4181 # - -upstream-url=http://127.0.0.1:3000 # ports: # - name: proxy-web # containerPort: 4181 ## Volumes that can be used in init containers that will not be mounted to deployment pods extraContainerVolumes: [] # - name: volume-from-secret # secret: # secretName: secret-to-mount # - name: empty-dir-volume # emptyDir: {} ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: type: pvc enabled: false # storageClassName: default accessModes: - ReadWriteOnce size: 10Gi # annotations: {} finalizers: - kubernetes.io/pvc-protection # selectorLabels: {} # subPath: "" # existingClaim: ## If persistence is not enabled, this allows to mount the ## local storage in-memory to improve performance ## inMemory: enabled: false ## The maximum usage on memory medium EmptyDir would be ## the minimum value between the SizeLimit specified ## here and the sum of memory limits of all containers in a pod ## # sizeLimit: 300Mi initChownData: ## If false, data ownership will not be reset at startup ## This allows the prometheus-server to be run with an arbitrary user ## enabled: true ## initChownData container image ## image: repository: busybox tag: "1.31.1" sha: "" pullPolicy: IfNotPresent ## initChownData resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # Administrator credentials when not using an existing secret (see below) adminUser: admin # adminPassword: strongpassword # Use an existing secret for the admin user. admin: existingSecret: "" userKey: admin-user passwordKey: admin-password ## Define command to be executed at startup by grafana container ## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) ## Default is "run.sh" as defined in grafana's Dockerfile # command: # - "sh" # - "/run.sh" ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: ## Use an alternate scheduler, e.g. "stork". ## ## Extra environment variables that will be pass onto deployment pods ## ## to provide grafana with access to CloudWatch on AWS EKS: ## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) ## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the ## same oidc eks provider as noted before (same as the existing line) ## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name ## ## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", ## ## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess ## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) ## ## env: ## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here ## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token ## AWS_REGION: us-east-1 ## ## 5. uncomment the EKS section in extraSecretMounts: below ## 6. uncomment the annotation section in the serviceAccount: above ## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn env: {} ## "valueFrom" environment variable references that will be added to deployment pods ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core ## Renders in container spec as: ## env: ## ... ## - name: <key> ## valueFrom: ## <value rendered as YAML> envValueFrom: {} ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment ## This can be useful for auth tokens, etc. Value is templated. envFromSecret: "" ## Sensible environment variables that will be rendered as new secret object ## This can be useful for auth tokens, etc envRenderSecret: {} ## The names of secrets in the same kubernetes namespace which contain values to be added to the environment ## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. envFromSecrets: [] ## - name: secret-name ## optional: true # Inject Kubernetes services as environment variables. # See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables enableServiceLinks: true ## Additional grafana server secret mounts # Defines additional mounts with secrets. Secrets must be manually created in the namespace. extraSecretMounts: [] # - name: secret-files # mountPath: /etc/secrets # secretName: grafana-secret-files # readOnly: true # subPath: "" # # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) # - name: aws-iam-token # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount # readOnly: true # projected: # defaultMode: 420 # sources: # - serviceAccountToken: # audience: sts.amazonaws.com # expirationSeconds: 86400 # path: token # # for CSI e.g. Azure Key Vault use the following # - name: secrets-store-inline # mountPath: /run/secrets # readOnly: true # csi: # driver: secrets-store.csi.k8s.io # readOnly: true # volumeAttributes: # secretProviderClass: "akv-grafana-spc" # nodePublishSecretRef: # Only required when using service principal mode # name: grafana-akv-creds # Only required when using service principal mode ## Additional grafana server volume mounts # Defines additional volume mounts. extraVolumeMounts: [] # - name: extra-volume-0 # mountPath: /mnt/volume0 # readOnly: true # existingClaim: volume-claim # - name: extra-volume-1 # mountPath: /mnt/volume1 # readOnly: true # hostPath: /usr/shared/ ## Pass the plugins you want installed as a list. ## plugins: [] # - digrich-bubblechart-panel # - grafana-clock-panel ## Configure grafana datasources ## ref: http://docs.grafana.org/administration/provisioning/#datasources ## datasources: {} # datasources.yaml: # apiVersion: 1 # datasources: # - name: Prometheus # type: prometheus # url: http://prometheus-prometheus-server # access: proxy # isDefault: true # - name: CloudWatch # type: cloudwatch # access: proxy # uid: cloudwatch # editable: false # jsonData: # authType: default # defaultRegion: us-east-1 ## Configure notifiers ## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels ## notifiers: {} # notifiers.yaml: # notifiers: # - name: email-notifier # type: email # uid: email1 # # either: # org_id: 1 # # or # org_name: Main Org. # is_default: true # settings: # addresses: [email protected] # delete_notifiers: ## Configure grafana dashboard providers
Advertising: