grafana: Add Chart

grafana/templates/deployment.yaml

@@ -0,0 +1,118 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana
+  labels: {{- include "common.app.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels: {{- include "common.app.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels: {{- include "common.app.labels" . | nindent 8 }}
+        {{- range $label, $value := default .Values.deployment.podLabels dict }}
+        {{ $label }}: {{ $value | quote }}
+        {{- end }}
+    spec:
+      containers:
+        - name: grafana
+          image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+          env:
+            - name: GF_ANALYTICS_ENABLED
+              value: "false"
+            - name: GF_ANALYTICS_REPORTING_ENABLED
+              value: "false"
+            - name: GF_ANALYTICS_CHECK_FOR_UPDATES
+              value: "false"
+            - name: GF_USERS_ALLOW_SIGN_UP
+              value: "{{ default .Values.config.allowSignup false }}"
+            - name: GF_SECURITY_DISABLE_GRAVATAR
+              value: "true"
+            - name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION
+              value: "true"
+            - name: GF_SERVER_ROOT_URL
+              value: "{{ .Values.config.externalProtocol }}://{{ .Values.config.domain }}"
+            - name: GF_SERVER_PROTOCOL
+              value: {{ .Values.config.protocol }}
+            - name: GF_SERVER_HTTP_ADDR
+              value: 0.0.0.0
+            - name: GF_SERVER_HTTP_PORT
+              value: "3000"
+            - name: GF_SERVER_DOMAIN
+              value: {{ .Values.config.domain }}
+            {{- if .Values.config.database.enabled }}
+            - name: GF_DATABASE_USER
+              value: {{ .Values.config.database.user }}
+            - name: GF_DATABASE_TYPE
+              value: {{ .Values.config.database.type }}
+            - name: GF_DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: {{ .Values.config.database.passwordRef.key }}
+                  name: {{ .Values.config.database.passwordRef.secretName }}
+            - name: GF_DATABASE_NAME
+              value: {{ .Values.config.database.database }}
+            - name: GF_DATABASE_HOST
+              value: {{ .Values.config.database.host }}
+            {{- end }}
+            {{- if default .Values.config.oauth.enabled false }}
+            - name: GF_AUTH_GENERIC_OAUTH_ENABLED
+              value: "true"
+            - name: GF_AUTH_GENERIC_OAUTH_NAME
+              value: {{ .Values.config.oauth.name | quote }}
+            - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
+              value: {{ .Values.config.oauth.clientId }}
+            - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: {{ .Values.config.oauth.clientSecretRef.key }}
+                  name: {{ .Values.config.oauth.clientSecretRef.secretName }}
+            - name: GF_AUTH_GENERIC_OAUTH_SCOPES
+              value: openid email profile
+            - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
+              value: {{ .Values.config.oauth.authUrl }}
+            - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
+              value: {{ .Values.config.oauth.tokenUrl }}
+            - name: GF_AUTH_GENERIC_OAUTH_API_URL
+              value: {{ .Values.config.oauth.apiUrl }}
+            - name: GF_AUTH_SIGNOUT_REDIRECT_URL
+              value: {{ .Values.config.oauth.signoutRedirectUrl }}
+            - name: GF_AUTH_OAUTH_AUTO_LOGIN
+              value: {{ .Values.config.oauth.autoLogin | quote }}
+            - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH
+              value: {{ .Values.config.oauth.roleAttributePath }}
+            - name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN
+              value: {{ .Values.config.oauth.allowAssignAdmin | quote }}
+            {{- end }}
+          volumeMounts:
+            - mountPath: /var/lib/grafana
+              name: data
+          ports:
+            - containerPort: 3000
+              name: http
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              port: 3000
+              path: /api/health
+          livenessProbe:
+            httpGet:
+              port: 3000
+              path: /api/health
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+            failureThreshold: 10
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 10001
+            runAsGroup: 10001
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+      automountServiceAccountToken: false
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: grafana

grafana/templates/extra.yaml

@@ -0,0 +1,8 @@
+{{ range .Values.extraObjects }}
+---
+{{- if typeIs "string" . }}
+{{ tpl . $ }}
+{{ else }}
+{{ tpl (. | toYaml) $ }}
+{{- end }}
+{{ end }}

grafana/templates/pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana
+  labels: {{- include "common.app.labels" . | nindent 4 }}
+spec:
+  storageClassName: {{ .Values.pvc.storageClass }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi

grafana/templates/service.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+  labels: {{- include "common.app.labels" . | nindent 4 }}
+spec:
+  selector: {{- include "common.app.labels" . | nindent 4 }}
+  type: ClusterIP
+  ports:
+    - port: 3000
+      protocol: TCP
+      name: http