apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana namespace: monitoring spec: interval: 5m chart: spec: chart: grafana version: "8.6.1" sourceRef: kind: HelmRepository name: grafana-charts namespace: flux-system values: ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - &grafana-host grafana.${SECRET_NEW_DOMAIN} path: "/" tls: - hosts: - *grafana-host grafana.ini: server: root_url: https://grafana.${SECRET_NEW_DOMAIN}/ auth: disable_login_form: true oauth_auto_login: true auth.generic_oauth: enabled: true allow_sign_up: true # creates new users after authentik login auto_login: true name: Authentik client_id: $__file{/etc/secrets/auth_generic_oauth/client_id} client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret} scopes: openid profile email offline_access auth_url: https://auth.${SECRET_NEW_DOMAIN}/application/o/authorize/ token_url: https://auth.${SECRET_NEW_DOMAIN}/application/o/token/ api_url: https://auth.${SECRET_NEW_DOMAIN}/application/o/userinfo/ role_attribute_path: contains(groups[*], 'authentik Admins') && 'GrafanaAdmin' #|| contains(info.groups[*], 'editor') && 'Editor' || 'Viewer' groups_attribute_path: groups name_attribute_path: preferred_username login_attribute_path: email allow_assign_grafana_admin: true use_pkce: true use_refresh_token: true # Provide oauth creds extraSecretMounts: - name: grafana-secrets-mount secretName: grafana-secrets defaultMode: 0440 mountPath: /etc/secrets/auth_generic_oauth readOnly: true # Add Victoria Metrics as the default datasource datasources: victoria.yaml: apiVersion: 1 datasources: - name: Victoria type: prometheus jsonData: tlsSkipVerify: true url: http://victoria-metrics-server.monitoring.svc:8428 editable: false isDefault: true # datasources: # - name: Victoria # uid: victoria-metrics-server # type: prometheus # jsonData: # tlsSkipVerify: "true" # editable: false" # url: http://victoria-metrics-server.monitoring.svc:8428 # version: "1" # isDefault: "true" sidecar: dashboards: enabled: true label: grafana_dashboard labelValue: "1" folderAnnotation: grafana_folder provider: foldersFromFilesStructure: true serviceMonitor: enabled: true dashboardProviders: dashboardproviders.yaml: apiVersion: 1 providers: - name: default orgId: 1 folder: "" type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/default - name: kubernetes orgId: 1 folder: Kubernetes type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/kubernetes dashboards: default: node-exporter-full: # renovate: depName="Node Exporter Full" gnetId: 1860 revision: 33 datasource: Victoria cert-manager: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/cert-manager/dashboards/cert-manager.json datasource: Victoria longhorn: # renovate: depName="Longhorn" gnetId: 16888 revision: 8 datasource: Victoria spegel: # renovate: depName="Spegel" gnetId: 18089 revision: 1 datasource: - name: DS_PROMETHEUS value: Victoria minio: # renovate: depName="MinIO Dashboard" gnetId: 13502 revision: 24 datasource: - { name: DS_PROMETHEUS, value: Victoria } kubernetes: kubernetes-api-server: # renovate: depName="Kubernetes / System / API Server" gnetId: 15761 revision: 16 datasource: Victoria kubernetes-coredns: # renovate: depName="Kubernetes / System / CoreDNS" gnetId: 15762 revision: 17 datasource: Victoria kubernetes-global: # renovate: depName="Kubernetes / Views / Global" gnetId: 15757 revision: 36 datasource: Victoria kubernetes-namespaces: # renovate: depName="Kubernetes / Views / Namespaces" gnetId: 15758 revision: 32 datasource: Victoria kubernetes-nodes: # renovate: depName="Kubernetes / Views / Nodes" gnetId: 15759 revision: 28 datasource: Victoria kubernetes-pods: # renovate: depName="Kubernetes / Views / Pods" gnetId: 15760 revision: 21 datasource: Prometheus