118 lines
4.6 KiB
YAML
118 lines
4.6 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: grafana
|
|
labels: {{- include "common.app.labels" . | nindent 4 }}
|
|
spec:
|
|
selector:
|
|
matchLabels: {{- include "common.app.labels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
labels: {{- include "common.app.labels" . | nindent 8 }}
|
|
{{- range $label, $value := default .Values.deployment.podLabels dict }}
|
|
{{ $label }}: {{ $value | quote }}
|
|
{{- end }}
|
|
spec:
|
|
containers:
|
|
- name: grafana
|
|
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
|
|
env:
|
|
- name: GF_ANALYTICS_ENABLED
|
|
value: "false"
|
|
- name: GF_ANALYTICS_REPORTING_ENABLED
|
|
value: "false"
|
|
- name: GF_ANALYTICS_CHECK_FOR_UPDATES
|
|
value: "false"
|
|
- name: GF_USERS_ALLOW_SIGN_UP
|
|
value: "{{ default .Values.config.allowSignup false }}"
|
|
- name: GF_SECURITY_DISABLE_GRAVATAR
|
|
value: "true"
|
|
- name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION
|
|
value: "true"
|
|
- name: GF_SERVER_ROOT_URL
|
|
value: "{{ .Values.config.externalProtocol }}://{{ .Values.config.domain }}"
|
|
- name: GF_SERVER_PROTOCOL
|
|
value: {{ .Values.config.protocol }}
|
|
- name: GF_SERVER_HTTP_ADDR
|
|
value: 0.0.0.0
|
|
- name: GF_SERVER_HTTP_PORT
|
|
value: "3000"
|
|
- name: GF_SERVER_DOMAIN
|
|
value: {{ .Values.config.domain }}
|
|
{{- if .Values.config.database.enabled }}
|
|
- name: GF_DATABASE_USER
|
|
value: {{ .Values.config.database.user }}
|
|
- name: GF_DATABASE_TYPE
|
|
value: {{ .Values.config.database.type }}
|
|
- name: GF_DATABASE_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ .Values.config.database.passwordRef.key }}
|
|
name: {{ .Values.config.database.passwordRef.secretName }}
|
|
- name: GF_DATABASE_NAME
|
|
value: {{ .Values.config.database.database }}
|
|
- name: GF_DATABASE_HOST
|
|
value: {{ .Values.config.database.host }}
|
|
{{- end }}
|
|
{{- if default .Values.config.oauth.enabled false }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
|
|
value: "true"
|
|
- name: GF_AUTH_GENERIC_OAUTH_NAME
|
|
value: {{ .Values.config.oauth.name | quote }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
|
value: {{ .Values.config.oauth.clientId }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ .Values.config.oauth.clientSecretRef.key }}
|
|
name: {{ .Values.config.oauth.clientSecretRef.secretName }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
|
|
value: openid email profile
|
|
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
|
|
value: {{ .Values.config.oauth.authUrl }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
|
|
value: {{ .Values.config.oauth.tokenUrl }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_API_URL
|
|
value: {{ .Values.config.oauth.apiUrl }}
|
|
- name: GF_AUTH_SIGNOUT_REDIRECT_URL
|
|
value: {{ .Values.config.oauth.signoutRedirectUrl }}
|
|
- name: GF_AUTH_OAUTH_AUTO_LOGIN
|
|
value: {{ .Values.config.oauth.autoLogin | quote }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH
|
|
value: {{ .Values.config.oauth.roleAttributePath }}
|
|
- name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN
|
|
value: {{ .Values.config.oauth.allowAssignAdmin | quote }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- mountPath: /var/lib/grafana
|
|
name: data
|
|
ports:
|
|
- containerPort: 3000
|
|
name: http
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
port: 3000
|
|
path: /api/health
|
|
livenessProbe:
|
|
httpGet:
|
|
port: 3000
|
|
path: /api/health
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 30
|
|
failureThreshold: 10
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 10001
|
|
runAsGroup: 10001
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
automountServiceAccountToken: false
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: grafana |