2024-09-27 20:00:51 +00:00
|
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
|
|
kind: HelmRelease
|
|
|
|
metadata:
|
|
|
|
name: grafana
|
|
|
|
namespace: monitoring
|
|
|
|
spec:
|
|
|
|
interval: 5m
|
|
|
|
chart:
|
|
|
|
spec:
|
|
|
|
chart: grafana
|
2024-11-22 03:03:46 +00:00
|
|
|
version: "8.6.1"
|
2024-09-27 20:00:51 +00:00
|
|
|
sourceRef:
|
|
|
|
kind: HelmRepository
|
|
|
|
name: grafana
|
|
|
|
namespace: flux-system
|
|
|
|
values:
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
|
|
|
annotations:
|
|
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
|
|
className: internal
|
|
|
|
hosts:
|
|
|
|
- &grafana-host grafana.internal.${SECRET_NEW_DOMAIN}
|
|
|
|
path: "/"
|
|
|
|
tls:
|
|
|
|
- hosts:
|
|
|
|
- *grafana-host
|
|
|
|
|
|
|
|
grafana.ini:
|
|
|
|
server:
|
|
|
|
root_url: https://grafana.internal.${SECRET_NEW_DOMAIN}
|
|
|
|
|
|
|
|
auth:
|
|
|
|
disable_login_form: true
|
|
|
|
oauth_auto_login: true
|
|
|
|
|
|
|
|
auth.generic_oauth:
|
|
|
|
enabled: true
|
|
|
|
allow_sign_up: true # creates new users after authentik login
|
|
|
|
auto_login: true
|
|
|
|
name: Authentik
|
|
|
|
client_id: $__file{/etc/secrets/auth_generic_oauth/client_id}
|
|
|
|
client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
|
|
|
|
scopes: openid profile email offline_access
|
|
|
|
auth_url: https://auth.${SECRET_BASE_DOMAIN}/application/o/authorize/
|
|
|
|
token_url: https://auth.${SECRET_BASE_DOMAIN}/application/o/token/
|
|
|
|
api_url: https://auth.${SECRET_BASE_DOMAIN}/application/o/userinfo/
|
|
|
|
role_attribute_path: contains(groups[*], 'authentik Admins') && 'GrafanaAdmin' #|| contains(info.groups[*], 'editor') && 'Editor' || 'Viewer'
|
|
|
|
groups_attribute_path: groups
|
|
|
|
name_attribute_path: preferred_username
|
|
|
|
login_attribute_path: email
|
|
|
|
allow_assign_grafana_admin: true
|
|
|
|
use_pkce: true
|
|
|
|
use_refresh_token: true
|
|
|
|
|
|
|
|
# Provide oauth creds
|
|
|
|
extraSecretMounts:
|
|
|
|
- name: grafana-secrets-mount
|
|
|
|
secretName: grafana-oauth
|
|
|
|
defaultMode: 0440
|
|
|
|
mountPath: /etc/secrets/auth_generic_oauth
|
|
|
|
readOnly: true
|
|
|
|
|
|
|
|
# Add Victoria Metrics as the default datasource
|
|
|
|
datasources:
|
|
|
|
victoria.yaml:
|
|
|
|
apiVersion: 1
|
|
|
|
datasources:
|
|
|
|
- name: Victoria
|
|
|
|
type: prometheus
|
|
|
|
jsonData:
|
|
|
|
tlsSkipVerify: true
|
|
|
|
url: http://vmsingle-primary.monitoring.svc:8429
|
|
|
|
editable: false
|
|
|
|
isDefault: true
|
|
|
|
|
|
|
|
# datasources:
|
|
|
|
# - name: Victoria
|
|
|
|
# uid: victoria-metrics-server
|
|
|
|
# type: prometheus
|
|
|
|
# jsonData:
|
|
|
|
# tlsSkipVerify: "true"
|
|
|
|
# editable: false"
|
|
|
|
# url: http://victoria-metrics-server.monitoring.svc:8428
|
|
|
|
# version: "1"
|
|
|
|
# isDefault: "true"
|
|
|
|
|
|
|
|
sidecar:
|
|
|
|
dashboards:
|
|
|
|
enabled: true
|
|
|
|
label: grafana_dashboard
|
|
|
|
labelValue: "1"
|
|
|
|
folderAnnotation: grafana_folder
|
|
|
|
provider:
|
|
|
|
foldersFromFilesStructure: true
|
|
|
|
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
dashboardProviders:
|
|
|
|
dashboardproviders.yaml:
|
|
|
|
apiVersion: 1
|
|
|
|
providers:
|
|
|
|
- name: default
|
|
|
|
orgId: 1
|
|
|
|
folder: ""
|
|
|
|
type: file
|
|
|
|
disableDeletion: false
|
|
|
|
editable: true
|
|
|
|
options:
|
|
|
|
path: /var/lib/grafana/dashboards/default
|
|
|
|
- name: kubernetes
|
|
|
|
orgId: 1
|
|
|
|
folder: Kubernetes
|
|
|
|
type: file
|
|
|
|
disableDeletion: false
|
|
|
|
editable: true
|
|
|
|
options:
|
|
|
|
path: /var/lib/grafana/dashboards/kubernetes
|
|
|
|
|
|
|
|
dashboards:
|
|
|
|
default:
|
|
|
|
node-exporter-full:
|
|
|
|
# renovate: depName="Node Exporter Full"
|
|
|
|
gnetId: 1860
|
|
|
|
revision: 33
|
|
|
|
datasource: Victoria
|
|
|
|
cert-manager:
|
|
|
|
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/cert-manager/dashboards/cert-manager.json
|
|
|
|
datasource: Victoria
|
|
|
|
# minio:
|
|
|
|
# # renovate: depName="MinIO Dashboard"
|
|
|
|
# gnetId: 13502
|
|
|
|
# revision: 24
|
|
|
|
# datasource:
|
|
|
|
# - { name: DS_PROMETHEUS, value: Victoria }
|
|
|
|
kubernetes:
|
|
|
|
kubernetes-api-server:
|
|
|
|
# renovate: depName="Kubernetes / System / API Server"
|
|
|
|
gnetId: 15761
|
|
|
|
revision: 16
|
|
|
|
datasource: Victoria
|
|
|
|
kubernetes-coredns:
|
|
|
|
# renovate: depName="Kubernetes / System / CoreDNS"
|
|
|
|
gnetId: 15762
|
|
|
|
revision: 17
|
|
|
|
datasource: Victoria
|
|
|
|
kubernetes-global:
|
|
|
|
# renovate: depName="Kubernetes / Views / Global"
|
|
|
|
gnetId: 15757
|
|
|
|
revision: 36
|
|
|
|
datasource: Victoria
|
|
|
|
kubernetes-namespaces:
|
|
|
|
# renovate: depName="Kubernetes / Views / Namespaces"
|
|
|
|
gnetId: 15758
|
|
|
|
revision: 32
|
|
|
|
datasource: Victoria
|
|
|
|
kubernetes-nodes:
|
|
|
|
# renovate: depName="Kubernetes / Views / Nodes"
|
|
|
|
gnetId: 15759
|
|
|
|
revision: 28
|
|
|
|
datasource: Victoria
|
|
|
|
kubernetes-pods:
|
|
|
|
# renovate: depName="Kubernetes / Views / Pods"
|
|
|
|
gnetId: 15760
|
|
|
|
revision: 21
|
|
|
|
datasource: Prometheus
|