From 1cce36a346f39385d21de5f5508204586a94f9b1 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 20:36:51 +0300 Subject: [PATCH 01/14] Added Grafana as an Observability Stack component. --- k8s/services/grafana/helm-8.5.cue | 110 ++++++++++++++++++++++++++++++ k8s/services/grafana/helm.cue | 29 ++++++++ k8s/stacks/observ.cue | 19 ++++++ 3 files changed, 158 insertions(+) create mode 100644 k8s/services/grafana/helm-8.5.cue create mode 100644 k8s/services/grafana/helm.cue create mode 100644 k8s/stacks/observ.cue diff --git a/k8s/services/grafana/helm-8.5.cue b/k8s/services/grafana/helm-8.5.cue new file mode 100644 index 0000000..10ae113 --- /dev/null +++ b/k8s/services/grafana/helm-8.5.cue @@ -0,0 +1,110 @@ +package grafana + +import ( + "k8s.io/api/core/v1" + "stakpak.dev/devx/k8s" +) + +#KubeVersion: [=~"^8\\.5\\.2"]: minor: >=21 +#Values: [=~"^8\\.5\\.2"]: { + + // Default values for deploying Grafana using Helm + + // Image settings + image: { + repository: string | *"grafana/grafana" + tag: string | *"8.5.1" // Specify the version you want to deploy + pullPolicy: v1.#enumPullPolicy | *"IfNotPresent" + } + + // Admin user configuration + adminUser: string | *"admin" // Default admin username + adminPassword: string | *"admin" // Default admin password + existingSecret: string | *"" + + // Service settings + service: { + type: string | *"ClusterIP" + port: k8s.#Port | *3000 + } + + // Persistence settings + persistence: { + enabled: bool | *true // Enable persistent storage + size: string | *"10Gi" // Size of persistent volume + storageClass: string | *"" + accessMode: string | *"ReadWriteOnce" + existingClaim: string | *"" + } + + livenessProbe: { + enabled: bool | *true + initialDelaySeconds: uint | *300 + periodSeconds: uint | *1 + timeoutSeconds: uint | *5 + failureThreshold: uint | *3 + successThreshold: uint | *1 + } + + readinessProbe: { + enabled: bool | *true + initialDelaySeconds: uint | *30 + periodSeconds: uint | *10 + timeoutSeconds: uint | *1 + failureThreshold: uint | *3 + successThreshold: uint | *1 + } + + // Ingress settings + ingress:{ + enabled: bool | *false // Enable ingress to expose Grafana externally + annotations: k8s.#Annotations + hosts: string | *"grafana.local" // Example hostname for your ingress + tls: bool | *false + } + + resources: v1.#ResourceRequirements | *{} + + // Dashboard provisioning (optional) + dashboards: { + enabled: bool | *true // Enable provisioning of dashboards + defaultFolderName: string | *"grafana-dashboards" // Default folder for imported dashboards + dashboardProviders: [{ + name: string | *"default" // Name of the dashboard provider + orgId: int | *1 // Organization ID + folder: string | *"" // Folder for dashboards + type: string | *"file" // Provider type (e.g., file) + disableDeletion: bool | *false // Disable dashboard deletion + editable: bool | *true // Whether the dashboards are editable + updateIntervalSeconds: int | *10 // Time interval for updates in seconds + options: { + path: string | *"/var/lib/grafana/dashboards" // Path for the dashboards + } + }] + } + + // Datasource provisioning (optional) + datasources: { + enabled: bool | *true // Enable provisioning of datasources + datasources: [{ + name: string | *"Prometheus" // Name of the datasource + type: string | *"prometheus" // Type of the datasource + url: string & =~"^http(s)?://[a-zA-Z0-9.-]+(:[0-9]+)?(/.*)?$" | *"http://prometheus:9090" | "https://prometheus:9090" // URL with validation and two default options + access: string | *"proxy" // Access mode for the datasource + isDefault: bool | *true // Marks the datasource as the default one + }] + } + + + // Node selector, tolerations, and affinity for pod scheduling + affinity: v1.#Affinity + nodeSelector: k8s.#Labels + tolerations: [...v1.#Toleration] + + // Annotations for Grafana pod + podAnnotations: k8s.#Annotations + + // Additional volumes and volume mounts + extraVolumes: [...v1.#Volume] + extraVolumeMounts: [...v1.#VolumeMount] +} \ No newline at end of file diff --git a/k8s/services/grafana/helm.cue b/k8s/services/grafana/helm.cue new file mode 100644 index 0000000..aa14165 --- /dev/null +++ b/k8s/services/grafana/helm.cue @@ -0,0 +1,29 @@ +package grafana + +import ( + "stakpak.dev/devx/v1" + "stakpak.dev/devx/v1/traits" +) + +#GrafanaChart: { + traits.#Helm + k8s: "version": (v1.getMatch & { + match: helm.version + input: #KubeVersion + }).result + helm: { + repoType: "default" + url: "https://grafana.github.io/helm-charts" + chart: "grafana" + + version: string | *"6.22.0" + + namespace: string | *"monitoring" + release: string + + values: (v1.getMatch & { + match: version + input: #Values + }).result + } +} \ No newline at end of file diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue new file mode 100644 index 0000000..023342a --- /dev/null +++ b/k8s/stacks/observ.cue @@ -0,0 +1,19 @@ +package stacks + +import ( + "stakpak.dev/devx/v1" + "stakpak.dev/devx/k8s/services/grafana" +) + +ObservabilityStack: v1.#Stack & { + $metadata: stack: "ObservabilityStack" + components: { + grafana: grafana.#Grafana & { + helm: { + version: "8.5.2" + release: "grafana" + values: {} + } + } + } +} \ No newline at end of file From 07385988c1987d217be63f105633e133be084f11 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 20:40:31 +0300 Subject: [PATCH 02/14] fixed Grafana as an Observability Stack component. --- k8s/stacks/observ.cue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index 023342a..9f996a0 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -8,7 +8,7 @@ import ( ObservabilityStack: v1.#Stack & { $metadata: stack: "ObservabilityStack" components: { - grafana: grafana.#Grafana & { + grafana: grafana.#GrafanaChart & { helm: { version: "8.5.2" release: "grafana" From 18200518e3ab8d957d8fe63f24d899695b0369b7 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 20:58:05 +0300 Subject: [PATCH 03/14] added values Grafana. --- k8s/stacks/observ.cue | 100 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 3 deletions(-) diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index 9f996a0..daaaa1b 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -8,12 +8,106 @@ import ( ObservabilityStack: v1.#Stack & { $metadata: stack: "ObservabilityStack" components: { - grafana: grafana.#GrafanaChart & { + "grafana": grafana.#GrafanaChart & { helm: { version: "8.5.2" release: "grafana" - values: {} + values: { + // Image settings + image: { + repository: "grafana/grafana" + tag: "8.5.1" + pullPolicy: "IfNotPresent" + } + + // Admin user configuration + adminUser: "admin" + adminPassword: "admin" + existingSecret: "" + + // Service settings + service: { + type: "ClusterIP" + port: 3000 + } + + // Persistence settings + persistence: { + enabled: true + size: "10Gi" + storageClass: "" + accessMode: "ReadWriteOnce" + existingClaim: "" + } + + // Probes + livenessProbe: { + enabled: true + initialDelaySeconds: 300 + periodSeconds: 1 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + } + readinessProbe: { + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + } + + // Ingress settings + ingress: { + enabled: false + annotations: {} + hosts: "grafana.local" + tls: false + } + + // Resources + resources: {} + + // Dashboard provisioning + dashboards: { + enabled: true + defaultFolderName: "grafana-dashboards" + dashboardProviders: [{ + name: "default" + orgId: 1 + folder: "" + type: "file" + disableDeletion: false + editable: true + updateIntervalSeconds: 10 + options: { + path: "/var/lib/grafana/dashboards" + } + }] + } + + // Datasource provisioning + datasources: { + enabled: true + datasources: [{ + name: "Prometheus" + type: "prometheus" + url: "http://prometheus:9090" + access: "proxy" + isDefault: true + }] + } + + // Pod scheduling and annotations + affinity: {} + nodeSelector: {} + tolerations: [] + podAnnotations: {} + extraVolumes: [] + extraVolumeMounts: [] + } } } } -} \ No newline at end of file +} From c0e881a69e62a3d00f06267b7ad8945fe8f68aeb Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 20:59:26 +0300 Subject: [PATCH 04/14] deleted values Grafana. --- k8s/stacks/observ.cue | 98 +------------------------------------------ 1 file changed, 2 insertions(+), 96 deletions(-) diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index daaaa1b..d85e5cb 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -12,102 +12,8 @@ ObservabilityStack: v1.#Stack & { helm: { version: "8.5.2" release: "grafana" - values: { - // Image settings - image: { - repository: "grafana/grafana" - tag: "8.5.1" - pullPolicy: "IfNotPresent" - } - - // Admin user configuration - adminUser: "admin" - adminPassword: "admin" - existingSecret: "" - - // Service settings - service: { - type: "ClusterIP" - port: 3000 - } - - // Persistence settings - persistence: { - enabled: true - size: "10Gi" - storageClass: "" - accessMode: "ReadWriteOnce" - existingClaim: "" - } - - // Probes - livenessProbe: { - enabled: true - initialDelaySeconds: 300 - periodSeconds: 1 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - } - readinessProbe: { - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - } - - // Ingress settings - ingress: { - enabled: false - annotations: {} - hosts: "grafana.local" - tls: false - } - - // Resources - resources: {} - - // Dashboard provisioning - dashboards: { - enabled: true - defaultFolderName: "grafana-dashboards" - dashboardProviders: [{ - name: "default" - orgId: 1 - folder: "" - type: "file" - disableDeletion: false - editable: true - updateIntervalSeconds: 10 - options: { - path: "/var/lib/grafana/dashboards" - } - }] - } - - // Datasource provisioning - datasources: { - enabled: true - datasources: [{ - name: "Prometheus" - type: "prometheus" - url: "http://prometheus:9090" - access: "proxy" - isDefault: true - }] - } - - // Pod scheduling and annotations - affinity: {} - nodeSelector: {} - tolerations: [] - podAnnotations: {} - extraVolumes: [] - extraVolumeMounts: [] - } + values: {} } } } -} +} \ No newline at end of file From a83a2f4614a77d19ef3b9b23919973176d9468ed Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 21:06:32 +0300 Subject: [PATCH 05/14] fixed version in grafana helm --- cue.mod/module.cue | 12 ++++++++++-- k8s/services/grafana/helm.cue | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/cue.mod/module.cue b/cue.mod/module.cue index dc7133e..080766b 100644 --- a/cue.mod/module.cue +++ b/cue.mod/module.cue @@ -1,3 +1,11 @@ module: "stakpak.dev/devx" - -cue: lang: "v0.6.0-alpha.1" +language: { + version: "v0.9.0" +} +custom: { + legacy: { + cue: { + lang: "v0.6.0-alpha.1" + } + } +} diff --git a/k8s/services/grafana/helm.cue b/k8s/services/grafana/helm.cue index aa14165..64d89f8 100644 --- a/k8s/services/grafana/helm.cue +++ b/k8s/services/grafana/helm.cue @@ -16,7 +16,7 @@ import ( url: "https://grafana.github.io/helm-charts" chart: "grafana" - version: string | *"6.22.0" + version: string | *"8.5.2" namespace: string | *"monitoring" release: string From 3e64ff6bc43e5cbe1fa2e36898552efee60382f5 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 23:20:45 +0300 Subject: [PATCH 06/14] from grafana to loki-stack --- k8s/services/grafana/helm-8.5.cue | 110 ----------------------- k8s/services/loki/helm-2.10.cue | 70 +++++++++++++++ k8s/services/{grafana => loki}/helm.cue | 12 +-- k8s/stacks/observ.cue | 8 +- observ-values.yaml | 111 ++++++++++++++++++++++++ 5 files changed, 191 insertions(+), 120 deletions(-) delete mode 100644 k8s/services/grafana/helm-8.5.cue create mode 100644 k8s/services/loki/helm-2.10.cue rename k8s/services/{grafana => loki}/helm.cue (74%) create mode 100644 observ-values.yaml diff --git a/k8s/services/grafana/helm-8.5.cue b/k8s/services/grafana/helm-8.5.cue deleted file mode 100644 index 10ae113..0000000 --- a/k8s/services/grafana/helm-8.5.cue +++ /dev/null @@ -1,110 +0,0 @@ -package grafana - -import ( - "k8s.io/api/core/v1" - "stakpak.dev/devx/k8s" -) - -#KubeVersion: [=~"^8\\.5\\.2"]: minor: >=21 -#Values: [=~"^8\\.5\\.2"]: { - - // Default values for deploying Grafana using Helm - - // Image settings - image: { - repository: string | *"grafana/grafana" - tag: string | *"8.5.1" // Specify the version you want to deploy - pullPolicy: v1.#enumPullPolicy | *"IfNotPresent" - } - - // Admin user configuration - adminUser: string | *"admin" // Default admin username - adminPassword: string | *"admin" // Default admin password - existingSecret: string | *"" - - // Service settings - service: { - type: string | *"ClusterIP" - port: k8s.#Port | *3000 - } - - // Persistence settings - persistence: { - enabled: bool | *true // Enable persistent storage - size: string | *"10Gi" // Size of persistent volume - storageClass: string | *"" - accessMode: string | *"ReadWriteOnce" - existingClaim: string | *"" - } - - livenessProbe: { - enabled: bool | *true - initialDelaySeconds: uint | *300 - periodSeconds: uint | *1 - timeoutSeconds: uint | *5 - failureThreshold: uint | *3 - successThreshold: uint | *1 - } - - readinessProbe: { - enabled: bool | *true - initialDelaySeconds: uint | *30 - periodSeconds: uint | *10 - timeoutSeconds: uint | *1 - failureThreshold: uint | *3 - successThreshold: uint | *1 - } - - // Ingress settings - ingress:{ - enabled: bool | *false // Enable ingress to expose Grafana externally - annotations: k8s.#Annotations - hosts: string | *"grafana.local" // Example hostname for your ingress - tls: bool | *false - } - - resources: v1.#ResourceRequirements | *{} - - // Dashboard provisioning (optional) - dashboards: { - enabled: bool | *true // Enable provisioning of dashboards - defaultFolderName: string | *"grafana-dashboards" // Default folder for imported dashboards - dashboardProviders: [{ - name: string | *"default" // Name of the dashboard provider - orgId: int | *1 // Organization ID - folder: string | *"" // Folder for dashboards - type: string | *"file" // Provider type (e.g., file) - disableDeletion: bool | *false // Disable dashboard deletion - editable: bool | *true // Whether the dashboards are editable - updateIntervalSeconds: int | *10 // Time interval for updates in seconds - options: { - path: string | *"/var/lib/grafana/dashboards" // Path for the dashboards - } - }] - } - - // Datasource provisioning (optional) - datasources: { - enabled: bool | *true // Enable provisioning of datasources - datasources: [{ - name: string | *"Prometheus" // Name of the datasource - type: string | *"prometheus" // Type of the datasource - url: string & =~"^http(s)?://[a-zA-Z0-9.-]+(:[0-9]+)?(/.*)?$" | *"http://prometheus:9090" | "https://prometheus:9090" // URL with validation and two default options - access: string | *"proxy" // Access mode for the datasource - isDefault: bool | *true // Marks the datasource as the default one - }] - } - - - // Node selector, tolerations, and affinity for pod scheduling - affinity: v1.#Affinity - nodeSelector: k8s.#Labels - tolerations: [...v1.#Toleration] - - // Annotations for Grafana pod - podAnnotations: k8s.#Annotations - - // Additional volumes and volume mounts - extraVolumes: [...v1.#Volume] - extraVolumeMounts: [...v1.#VolumeMount] -} \ No newline at end of file diff --git a/k8s/services/loki/helm-2.10.cue b/k8s/services/loki/helm-2.10.cue new file mode 100644 index 0000000..1adfd0c --- /dev/null +++ b/k8s/services/loki/helm-2.10.cue @@ -0,0 +1,70 @@ +package loki + +#KubeVersion: [=~"^2\\.10\\.2"]: minor: >=21 +#Values: [=~"^2\\.10\\.2"]: { + + // Loki settings + loki: { + enabled: bool | *true + isDefault: bool | *true + // url: string | *"http://{{(include \"loki.serviceName\" .)}}:{{ .Values.loki.service.port }}" + readinessProbe: { + httpGet: { + path: string | *"/ready" + port: string | *"http-metrics" + } + initialDelaySeconds: int | *45 + } + livenessProbe: { + httpGet: { + path: string | *"/ready" + port: string | *"http-metrics" + } + initialDelaySeconds: int | *45 + } + datasource: { + jsonData: string | *"{}" + uid: string | *"" + } + } + + // Promtail settings + promtail: { + enabled: bool | *true + config: { + logLevel: string | *"info" + serverPort: int | *3101 + // clients: [{ + // url: string | *"http://{{ .Release.Name }}:3100/loki/api/v1/push" + // }] + } + } + + // Grafana settings + grafana: { + enabled: bool | *true + sidecar: { + datasources: { + label: string | *"" + labelValue: string | *"" + enabled: bool | *true + maxLines: int | *1000 + } + } + image: { + tag: string | *"10.3.3" + } + adminUser: string | *"grafana" + adminPassword: string | *"grafana" + } + + // Prometheus settings + prometheus: { + enabled: bool | *true + isDefault: bool | *true + // url: string | *"http://{{ include \"prometheus.fullname\" .}}:{{ .Values.prometheus.server.service.servicePort }}{{ .Values.prometheus.server.prefixURL }}" + datasource: { + jsonData: string | *"{}" + } + } +} \ No newline at end of file diff --git a/k8s/services/grafana/helm.cue b/k8s/services/loki/helm.cue similarity index 74% rename from k8s/services/grafana/helm.cue rename to k8s/services/loki/helm.cue index 64d89f8..6e02cdc 100644 --- a/k8s/services/grafana/helm.cue +++ b/k8s/services/loki/helm.cue @@ -1,11 +1,11 @@ -package grafana +package loki import ( "stakpak.dev/devx/v1" "stakpak.dev/devx/v1/traits" ) -#GrafanaChart: { +#LokiChart: { traits.#Helm k8s: "version": (v1.getMatch & { match: helm.version @@ -14,11 +14,11 @@ import ( helm: { repoType: "default" url: "https://grafana.github.io/helm-charts" - chart: "grafana" + chart: "loki" - version: string | *"8.5.2" + version: string | *"2.10.2" - namespace: string | *"monitoring" + namespace: string | *"monitoring" release: string values: (v1.getMatch & { @@ -26,4 +26,4 @@ import ( input: #Values }).result } -} \ No newline at end of file +} diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index d85e5cb..472a9f1 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -2,16 +2,16 @@ package stacks import ( "stakpak.dev/devx/v1" - "stakpak.dev/devx/k8s/services/grafana" + "stakpak.dev/devx/k8s/services/loki" ) ObservabilityStack: v1.#Stack & { $metadata: stack: "ObservabilityStack" components: { - "grafana": grafana.#GrafanaChart & { + "grafana": loki.#LokiChart & { helm: { - version: "8.5.2" - release: "grafana" + version: "2.10.2" + release: "loki" values: {} } } diff --git a/observ-values.yaml b/observ-values.yaml new file mode 100644 index 0000000..fcc4d03 --- /dev/null +++ b/observ-values.yaml @@ -0,0 +1,111 @@ +test_pod: + enabled: true + image: bats/bats:1.8.2 + pullPolicy: IfNotPresent + +loki: + enabled: true + isDefault: true + url: http://{{(include "loki.serviceName" .)}}:{{ .Values.loki.service.port }} + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + livenessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + datasource: + jsonData: "{}" + uid: "" + + +promtail: + enabled: true + config: + logLevel: info + serverPort: 3101 + clients: + - url: http://{{ .Release.Name }}:3100/loki/api/v1/push + +fluent-bit: + enabled: false + +grafana: + enabled: false + sidecar: + datasources: + label: "" + labelValue: "" + enabled: true + maxLines: 1000 + image: + tag: 10.3.3 + +prometheus: + enabled: false + isDefault: false + url: http://{{ include "prometheus.fullname" .}}:{{ .Values.prometheus.server.service.servicePort }}{{ .Values.prometheus.server.prefixURL }} + datasource: + jsonData: "{}" + +filebeat: + enabled: false + filebeatConfig: + filebeat.yml: | + # logging.level: debug + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + output.logstash: + hosts: ["logstash-loki:5044"] + +logstash: + enabled: false + image: grafana/logstash-output-loki + imageTag: 1.0.1 + filters: + main: |- + filter { + if [kubernetes] { + mutate { + add_field => { + "container_name" => "%{[kubernetes][container][name]}" + "namespace" => "%{[kubernetes][namespace]}" + "pod" => "%{[kubernetes][pod][name]}" + } + replace => { "host" => "%{[kubernetes][node][name]}"} + } + } + mutate { + remove_field => ["tags"] + } + } + outputs: + main: |- + output { + loki { + url => "http://loki:3100/loki/api/v1/push" + #username => "test" + #password => "test" + } + # stdout { codec => rubydebug } + } + +# proxy is currently only used by loki test pod +# Note: If http_proxy/https_proxy are set, then no_proxy should include the +# loki service name, so that tests are able to communicate with the loki +# service. +proxy: + http_proxy: "" + https_proxy: "" + no_proxy: "" \ No newline at end of file From 7c325c199efe57f9da104d741030f2df20268df7 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sat, 5 Oct 2024 23:30:57 +0300 Subject: [PATCH 07/14] rm loki chart values --- observ-values.yaml | 111 --------------------------------------------- 1 file changed, 111 deletions(-) delete mode 100644 observ-values.yaml diff --git a/observ-values.yaml b/observ-values.yaml deleted file mode 100644 index fcc4d03..0000000 --- a/observ-values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -test_pod: - enabled: true - image: bats/bats:1.8.2 - pullPolicy: IfNotPresent - -loki: - enabled: true - isDefault: true - url: http://{{(include "loki.serviceName" .)}}:{{ .Values.loki.service.port }} - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - livenessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 45 - datasource: - jsonData: "{}" - uid: "" - - -promtail: - enabled: true - config: - logLevel: info - serverPort: 3101 - clients: - - url: http://{{ .Release.Name }}:3100/loki/api/v1/push - -fluent-bit: - enabled: false - -grafana: - enabled: false - sidecar: - datasources: - label: "" - labelValue: "" - enabled: true - maxLines: 1000 - image: - tag: 10.3.3 - -prometheus: - enabled: false - isDefault: false - url: http://{{ include "prometheus.fullname" .}}:{{ .Values.prometheus.server.service.servicePort }}{{ .Values.prometheus.server.prefixURL }} - datasource: - jsonData: "{}" - -filebeat: - enabled: false - filebeatConfig: - filebeat.yml: | - # logging.level: debug - filebeat.inputs: - - type: container - paths: - - /var/log/containers/*.log - processors: - - add_kubernetes_metadata: - host: ${NODE_NAME} - matchers: - - logs_path: - logs_path: "/var/log/containers/" - output.logstash: - hosts: ["logstash-loki:5044"] - -logstash: - enabled: false - image: grafana/logstash-output-loki - imageTag: 1.0.1 - filters: - main: |- - filter { - if [kubernetes] { - mutate { - add_field => { - "container_name" => "%{[kubernetes][container][name]}" - "namespace" => "%{[kubernetes][namespace]}" - "pod" => "%{[kubernetes][pod][name]}" - } - replace => { "host" => "%{[kubernetes][node][name]}"} - } - } - mutate { - remove_field => ["tags"] - } - } - outputs: - main: |- - output { - loki { - url => "http://loki:3100/loki/api/v1/push" - #username => "test" - #password => "test" - } - # stdout { codec => rubydebug } - } - -# proxy is currently only used by loki test pod -# Note: If http_proxy/https_proxy are set, then no_proxy should include the -# loki service name, so that tests are able to communicate with the loki -# service. -proxy: - http_proxy: "" - https_proxy: "" - no_proxy: "" \ No newline at end of file From 45883112b60efc8260559dd9d2b7e59e9196f583 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sun, 6 Oct 2024 13:53:39 +0300 Subject: [PATCH 08/14] added grafana service --- k8s/services/grafana/helm-8.5.cue | 110 ++++++++++++++++++++++++++++++ k8s/services/grafana/helm.cue | 29 ++++++++ k8s/stacks/observ.cue | 10 ++- 3 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 k8s/services/grafana/helm-8.5.cue create mode 100644 k8s/services/grafana/helm.cue diff --git a/k8s/services/grafana/helm-8.5.cue b/k8s/services/grafana/helm-8.5.cue new file mode 100644 index 0000000..10ae113 --- /dev/null +++ b/k8s/services/grafana/helm-8.5.cue @@ -0,0 +1,110 @@ +package grafana + +import ( + "k8s.io/api/core/v1" + "stakpak.dev/devx/k8s" +) + +#KubeVersion: [=~"^8\\.5\\.2"]: minor: >=21 +#Values: [=~"^8\\.5\\.2"]: { + + // Default values for deploying Grafana using Helm + + // Image settings + image: { + repository: string | *"grafana/grafana" + tag: string | *"8.5.1" // Specify the version you want to deploy + pullPolicy: v1.#enumPullPolicy | *"IfNotPresent" + } + + // Admin user configuration + adminUser: string | *"admin" // Default admin username + adminPassword: string | *"admin" // Default admin password + existingSecret: string | *"" + + // Service settings + service: { + type: string | *"ClusterIP" + port: k8s.#Port | *3000 + } + + // Persistence settings + persistence: { + enabled: bool | *true // Enable persistent storage + size: string | *"10Gi" // Size of persistent volume + storageClass: string | *"" + accessMode: string | *"ReadWriteOnce" + existingClaim: string | *"" + } + + livenessProbe: { + enabled: bool | *true + initialDelaySeconds: uint | *300 + periodSeconds: uint | *1 + timeoutSeconds: uint | *5 + failureThreshold: uint | *3 + successThreshold: uint | *1 + } + + readinessProbe: { + enabled: bool | *true + initialDelaySeconds: uint | *30 + periodSeconds: uint | *10 + timeoutSeconds: uint | *1 + failureThreshold: uint | *3 + successThreshold: uint | *1 + } + + // Ingress settings + ingress:{ + enabled: bool | *false // Enable ingress to expose Grafana externally + annotations: k8s.#Annotations + hosts: string | *"grafana.local" // Example hostname for your ingress + tls: bool | *false + } + + resources: v1.#ResourceRequirements | *{} + + // Dashboard provisioning (optional) + dashboards: { + enabled: bool | *true // Enable provisioning of dashboards + defaultFolderName: string | *"grafana-dashboards" // Default folder for imported dashboards + dashboardProviders: [{ + name: string | *"default" // Name of the dashboard provider + orgId: int | *1 // Organization ID + folder: string | *"" // Folder for dashboards + type: string | *"file" // Provider type (e.g., file) + disableDeletion: bool | *false // Disable dashboard deletion + editable: bool | *true // Whether the dashboards are editable + updateIntervalSeconds: int | *10 // Time interval for updates in seconds + options: { + path: string | *"/var/lib/grafana/dashboards" // Path for the dashboards + } + }] + } + + // Datasource provisioning (optional) + datasources: { + enabled: bool | *true // Enable provisioning of datasources + datasources: [{ + name: string | *"Prometheus" // Name of the datasource + type: string | *"prometheus" // Type of the datasource + url: string & =~"^http(s)?://[a-zA-Z0-9.-]+(:[0-9]+)?(/.*)?$" | *"http://prometheus:9090" | "https://prometheus:9090" // URL with validation and two default options + access: string | *"proxy" // Access mode for the datasource + isDefault: bool | *true // Marks the datasource as the default one + }] + } + + + // Node selector, tolerations, and affinity for pod scheduling + affinity: v1.#Affinity + nodeSelector: k8s.#Labels + tolerations: [...v1.#Toleration] + + // Annotations for Grafana pod + podAnnotations: k8s.#Annotations + + // Additional volumes and volume mounts + extraVolumes: [...v1.#Volume] + extraVolumeMounts: [...v1.#VolumeMount] +} \ No newline at end of file diff --git a/k8s/services/grafana/helm.cue b/k8s/services/grafana/helm.cue new file mode 100644 index 0000000..aa14165 --- /dev/null +++ b/k8s/services/grafana/helm.cue @@ -0,0 +1,29 @@ +package grafana + +import ( + "stakpak.dev/devx/v1" + "stakpak.dev/devx/v1/traits" +) + +#GrafanaChart: { + traits.#Helm + k8s: "version": (v1.getMatch & { + match: helm.version + input: #KubeVersion + }).result + helm: { + repoType: "default" + url: "https://grafana.github.io/helm-charts" + chart: "grafana" + + version: string | *"6.22.0" + + namespace: string | *"monitoring" + release: string + + values: (v1.getMatch & { + match: version + input: #Values + }).result + } +} \ No newline at end of file diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index 472a9f1..a3fb83f 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -3,17 +3,25 @@ package stacks import ( "stakpak.dev/devx/v1" "stakpak.dev/devx/k8s/services/loki" + "stakpak.dev/devx/k8s/services/grafana" ) ObservabilityStack: v1.#Stack & { $metadata: stack: "ObservabilityStack" components: { - "grafana": loki.#LokiChart & { + "loki": loki.#LokiChart & { helm: { version: "2.10.2" release: "loki" values: {} } } + "grafana": grafana.#GrafanaChart & { + helm: { + version: "8.5.2" + release: "grafana" + values: {} + } + } } } \ No newline at end of file From 81cf589a42090561e31e1869971a0d0668b5cc24 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sun, 6 Oct 2024 13:56:00 +0300 Subject: [PATCH 09/14] fixed version for grafana service --- k8s/services/grafana/helm-8.5.cue | 4 ++-- k8s/services/grafana/helm.cue | 2 +- k8s/stacks/observ.cue | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/k8s/services/grafana/helm-8.5.cue b/k8s/services/grafana/helm-8.5.cue index 10ae113..61c38d7 100644 --- a/k8s/services/grafana/helm-8.5.cue +++ b/k8s/services/grafana/helm-8.5.cue @@ -5,8 +5,8 @@ import ( "stakpak.dev/devx/k8s" ) -#KubeVersion: [=~"^8\\.5\\.2"]: minor: >=21 -#Values: [=~"^8\\.5\\.2"]: { +#KubeVersion: [=~"^8\\.5\\.1"]: minor: >=21 +#Values: [=~"^8\\.5\\.1"]: { // Default values for deploying Grafana using Helm diff --git a/k8s/services/grafana/helm.cue b/k8s/services/grafana/helm.cue index aa14165..6beadd1 100644 --- a/k8s/services/grafana/helm.cue +++ b/k8s/services/grafana/helm.cue @@ -16,7 +16,7 @@ import ( url: "https://grafana.github.io/helm-charts" chart: "grafana" - version: string | *"6.22.0" + version: string | *"8.5.1" namespace: string | *"monitoring" release: string diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index a3fb83f..1203aa6 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -18,7 +18,7 @@ ObservabilityStack: v1.#Stack & { } "grafana": grafana.#GrafanaChart & { helm: { - version: "8.5.2" + version: "8.5.1" release: "grafana" values: {} } From 6e0fe2344440522e89c3b953205e43e56a5de0a1 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sun, 6 Oct 2024 14:14:31 +0300 Subject: [PATCH 10/14] added values for grafana svc --- grafana-values.yaml | 1386 +++++++++++++++++++++++++++++ k8s/services/grafana/helm-8.5.cue | 525 ++++++++--- 2 files changed, 1812 insertions(+), 99 deletions(-) create mode 100644 grafana-values.yaml diff --git a/grafana-values.yaml b/grafana-values.yaml new file mode 100644 index 0000000..50c0931 --- /dev/null +++ b/grafana-values.yaml @@ -0,0 +1,1386 @@ +global: + # -- Overrides the Docker registry globally for all images + imageRegistry: null + + # To help compatibility with other charts which use global.imagePullSecrets. + # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). + # Can be templated. + # global: + # imagePullSecrets: + # - name: pullSecret1 + # - name: pullSecret2 + # or + # global: + # imagePullSecrets: + # - pullSecret1 + # - pullSecret2 + imagePullSecrets: [] + +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-role + # useExistingClusterRole: name-of-some-clusterRole + pspEnabled: false + pspUseAppArmor: false + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: + ## ServiceAccount labels. + labels: {} + ## Service account annotations. Can be templated. + # annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + + ## autoMount is deprecated in favor of automountServiceAccountToken + # autoMount: false + automountServiceAccountToken: false + +replicas: 1 + +## Create a headless service for the deployment +headlessService: false + +## Should the service account be auto mounted on the pod +automountServiceAccountToken: true + +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPU: "60" + targetMemory: "" + behavior: {} + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# apiVersion: "" +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/grafana + # Overrides the Grafana image tag whose default is the chart appVersion + tag: "" + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Can be templated. + ## + pullSecrets: [] + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: + # -- The Docker registry + registry: docker.io + repository: bats/bats + tag: "v1.4.1" + imagePullPolicy: IfNotPresent + securityContext: {} + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# dns configuration for pod +dnsPolicy: ~ +dnsConfig: {} + # nameservers: + # - 8.8.8.8 + # options: + # - name: ndots + # value: "2" + # - name: edns0 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +# Enable creating the grafana configmap +createConfigmap: true + +# Extra configmaps to mount in grafana pods +# Values are templated. +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + # optional: false + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + # -- The Docker registry + registry: docker.io + repository: curlimages/curl + tag: 7.85.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + +## Pod Annotations +# podAnnotations: {} + +## ConfigMap Annotations +# configMapAnnotations: {} + # argocd.argoproj.io/sync-options: Replace=true + +## Pod Labels +# podLabels: {} + +podPortName: grafana +gossipPortName: gossip +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + enabled: true + type: ClusterIP + # Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + loadBalancerIP: "" + loadBalancerClass: "" + loadBalancerSourceRanges: [] + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + ## Service annotations. Can be templated. + annotations: {} + labels: {} + portName: service + # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" + appProtocol: "" + +serviceMonitor: + ## If true, a ServiceMonitor CR is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 30s + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + metricRelabelings: [] + targetLabels: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s >= 1.1= + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment (evaluated as template) +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## Topology Spread Constraints +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] + +## Additional init containers (evaluated as template) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: "" +# extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + ## Sub-directory of the PV to mount. Can be templated. + # subPath: "" + ## Name of an existing PVC. Can be templated. + # existingClaim: + ## Extra labels to apply to a PVC. + extraPvcLabels: {} + disableWarning: false + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + + ## If 'lookupVolumeName' is set to true, Helm will attempt to retrieve + ## the current value of 'spec.volumeName' and incorporate it into the template. + lookupVolumeName: true + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the grafana-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + # -- The Docker registry + registry: docker.io + repository: library/busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + securityContext: + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + capabilities: + add: + - CHOWN + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + ## Name of the secret. Can be templated. + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Optionally define args if command is used +## Needed if using `hashicorp/envconsul` to manage secrets +## By default no arguments are set +# args: +# - "-secret" +# - "secret/grafana" +# - "./grafana" + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc. +## If the secret values contains "{{", they'll need to be properly escaped so that they are not interpreted by Helm +## ref: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function +envRenderSecret: {} + +## The names of secrets in the same kubernetes namespace which contain values to be added to the environment +## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. +## Name is templated. +envFromSecrets: [] +## - name: secret-name +## prefix: prefix +## optional: true + +## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment +## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. +## Name is templated. +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core +envFromConfigMaps: [] +## - name: configmap-name +## prefix: prefix +## optional: true + +# Inject Kubernetes services as environment variables. +# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables +enableServiceLinks: true + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # optional: false + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume-0 + # mountPath: /mnt/volume0 + # readOnly: true + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # - name: grafana-secrets + # mountPath: /mnt/volume2 + +## Additional Grafana server volumes +extraVolumes: [] + # - name: extra-volume-0 + # existingClaim: volume-claim + # - name: extra-volume-1 + # hostPath: + # path: /usr/shared/ + # type: "" + # - name: grafana-secrets + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "grafana-env-spc" + +## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request +lifecycleHooks: {} + # postStart: + # exec: + # command: [] + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + ## You can also use other plugin download URL, as long as they are valid zip files, + ## and specify the name of the plugin after the semicolon. Like this: + # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: default +# defaultRegion: us-east-1 +# deleteDatasources: [] +# - name: Prometheus + +## Configure grafana alerting (can be templated) +## ref: http://docs.grafana.org/administration/provisioning/#alerting +## +alerting: {} + # rules.yaml: + # apiVersion: 1 + # groups: + # - orgId: 1 + # name: '{{ .Chart.Name }}_my_rule_group' + # folder: my_first_folder + # interval: 60s + # rules: + # - uid: my_id_1 + # title: my_first_rule + # condition: A + # data: + # - refId: A + # datasourceUid: '-100' + # model: + # conditions: + # - evaluator: + # params: + # - 3 + # type: gt + # operator: + # type: and + # query: + # params: + # - A + # reducer: + # type: last + # type: query + # datasource: + # type: __expr__ + # uid: '-100' + # expression: 1==0 + # intervalMs: 1000 + # maxDataPoints: 43200 + # refId: A + # type: math + # dashboardUid: my_dashboard + # panelId: 123 + # noDataState: Alerting + # for: 60s + # annotations: + # some_key: some_value + # labels: + # team: sre_team_1 + # contactpoints.yaml: + # secret: + # apiVersion: 1 + # contactPoints: + # - orgId: 1 + # name: cp_1 + # receivers: + # - uid: first_uid + # type: pagerduty + # settings: + # integrationKey: XXX + # severity: critical + # class: ping failure + # component: Grafana + # group: app-stack + # summary: | + # {{ `{{ include "default.message" . }}` }} + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + # local-dashboard-gitlab: + # url: https://example.com/repository/test-gitlab.json + # gitlabToken: '' + # local-dashboard-bitbucket: + # url: https://example.com/repository/test-bitbucket.json + # bearerToken: '' + # local-dashboard-azure: + # url: https://example.com/repository/test-azure.json + # basic: '' + # acceptHeader: '*/*' + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/ + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net + server: + domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else }}''{{ end }}" +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + # -- The Docker registry + registry: quay.io + repository: kiwigrid/k8s-sidecar + tag: 1.27.4 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + readinessProbe: {} + livenessProbe: {} + # Log level default for all sidecars. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. Defaults to INFO + # logLevel: INFO + alerts: + enabled: false + # Additional environment variables for the alerts sidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true + # label that the configmaps with alert are marked with + label: grafana_alert + # value of label that the configmaps with alert are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO + # If specified, the sidecar will search for alert config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # Endpoint to send request to reload alerts + reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload" + # Absolute path to shell script to execute after a alert got reloaded + script: null + skipReload: false + # This is needed if skipReload is true, to load any alerts defined at startup time. + # Deploy the alert sidecar as an initContainer. + initAlerts: false + # Additional alert sidecar volume mounts + extraMounts: [] + # Sets the size limit of the alert sidecar emptyDir volume + sizeLimit: {} + dashboards: + enabled: false + # Additional environment variables for the dashboards sidecar + env: {} + ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core + ## Renders in container spec as: + ## env: + ## ... + ## - name: + ## valueFrom: + ## + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces. + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # Endpoint to send request to reload alerts + reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" + # Absolute path to shell script to execute after a configmap got reloaded + script: null + skipReload: false + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # folder UID. will be automatically generated if not specified + folderUid: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + # Additional dashboard sidecar volume mounts + extraMounts: [] + # Sets the size limit of the dashboard sidecar emptyDir volume + sizeLimit: {} + datasources: + enabled: false + # Additional environment variables for the datasourcessidecar + env: {} + ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core + ## Renders in container spec as: + ## env: + ## ... + ## - name: + ## valueFrom: + ## + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # Endpoint to send request to reload datasources + reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" + # Absolute path to shell script to execute after a datasource got reloaded + script: null + skipReload: false + # This is needed if skipReload is true, to load any datasources defined at startup time. + # Deploy the datasources sidecar as an initContainer. + initDatasources: false + # Sets the size limit of the datasource sidecar emptyDir volume + sizeLimit: {} + plugins: + enabled: false + # Additional environment variables for the plugins sidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true + # label that the configmaps with plugins are marked with + label: grafana_plugin + # value of label that the configmaps with plugins are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO + # If specified, the sidecar will search for plugin config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # Endpoint to send request to reload plugins + reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" + # Absolute path to shell script to execute after a plugin got reloaded + script: null + skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any plugins defined at startup time. + initPlugins: false + # Sets the size limit of the plugin sidecar emptyDir volume + sizeLimit: {} + notifiers: + enabled: false + # Additional environment variables for the notifierssidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # value of label that the configmaps with notifiers are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # Endpoint to send request to reload notifiers + reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload" + # Absolute path to shell script to execute after a notifier got reloaded + script: null + skipReload: false + # Deploy the notifier sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any notifiers defined at startup time. + initNotifiers: false + # Sets the size limit of the notifier sidecar emptyDir volume + sizeLimit: {} + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + deploymentStrategy: {} + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPU: "60" + targetMemory: "" + behavior: {} + # The url of remote image renderer if it is not in the same namespace with the grafana instance + serverURL: "" + # The callback url of grafana instances if it is not in the same namespace with the remote image renderer + renderingCallbackURL: "" + image: + # -- The Docker registry + registry: docker.io + # image-renderer Image repository + repository: grafana/grafana-image-renderer + # image-renderer Image tag + tag: latest + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # IGNORE_HTTPS_ERRORS: true + + ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core + ## Renders in container spec as: + ## env: + ## ... + ## - name: + ## valueFrom: + ## + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment container securityContext + containerSecurityContext: + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ['ALL'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ## image-renderer pod annotation + podAnnotations: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # Enable the image-renderer service + enabled: true + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # Adds the appProtocol field to the image-renderer service. This allows to work with istio protocol selection. Ex: "http" or "tcp" + appProtocol: "" + serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + # See: https://doc.crds.dev/github.com/prometheus-operator/kube-prometheus/monitoring.coreos.com/ServiceMonitor/v1@v0.11.0#spec-targetLabels + targetLabels: [] + # - targetLabel1 + # - targetLabel2 + # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana + grafanaProtocol: http + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + # Allow additional services to access image-renderer (eg. Prometheus operator when ServiceMonitor is enabled) + extraIngressSelectors: [] + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment (evaluated as template) + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: "default-scheduler" + + # Extra configmaps to mount in image-renderer pods + extraConfigmapMounts: [] + + # Extra secrets to mount in image-renderer pods + extraSecretMounts: [] + + # Extra volumes to mount in image-renderer pods + extraVolumeMounts: [] + + # Extra volumes for image-renderer pods + extraVolumes: [] + +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to grafana port defined. + ## When true, grafana will accept connections from any source + ## (with the correct destination port). + ## + ingress: true + ## @param networkPolicy.ingress When true enables the creation + ## an ingress network policy + ## + allowExternal: true + ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed + ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the grafana. + ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + ## + explicitNamespacesSelector: {} + ## + ## + ## + ## + ## + ## + egress: + ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be + ## created allowing grafana to connect to external data sources from kubernetes cluster. + enabled: false + ## + ## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked + ## for all pods in the grafana namespace. + blockDNSResolution: false + ## + ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress + ports: [] + ## Add ports to the egress by specifying - port: + ## E.X. + ## - port: 80 + ## - port: 443 + ## + ## @param networkPolicy.egress.to Allow egress traffic to specific destinations + to: [] + ## Add destinations to the egress by specifying - ipBlock: + ## E.X. + ## to: + ## - namespaceSelector: + ## matchExpressions: + ## - {key: role, operator: In, values: [grafana]} + ## + ## + ## + ## + ## + +# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option +enableKubeBackwardCompatibility: false +useStatefulSet: false +# Create a dynamic manifests via values: +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: grafana-secrets + # spec: + # backendType: gcpSecretsManager + # data: + # - key: grafana-admin-password + # name: adminPassword + +# assertNoLeakedSecrets is a helper function defined in _helpers.tpl that checks if secret +# values are not exposed in the rendered grafana.ini configmap. It is enabled by default. +# +# To pass values into grafana.ini without exposing them in a configmap, use variable expansion: +# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion +# +# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap, +# you can disable this check by setting assertNoLeakedSecrets to false. +assertNoLeakedSecrets: true \ No newline at end of file diff --git a/k8s/services/grafana/helm-8.5.cue b/k8s/services/grafana/helm-8.5.cue index 61c38d7..22caebc 100644 --- a/k8s/services/grafana/helm-8.5.cue +++ b/k8s/services/grafana/helm-8.5.cue @@ -2,109 +2,436 @@ package grafana import ( "k8s.io/api/core/v1" - "stakpak.dev/devx/k8s" + // "stakpak.dev/devx/k8s" ) #KubeVersion: [=~"^8\\.5\\.1"]: minor: >=21 #Values: [=~"^8\\.5\\.1"]: { - // Default values for deploying Grafana using Helm - - // Image settings - image: { - repository: string | *"grafana/grafana" - tag: string | *"8.5.1" // Specify the version you want to deploy - pullPolicy: v1.#enumPullPolicy | *"IfNotPresent" - } - - // Admin user configuration - adminUser: string | *"admin" // Default admin username - adminPassword: string | *"admin" // Default admin password + global: { + imageRegistry: string | *null + imagePullSecrets: [...string] | *[] + } + rbac: { + create: bool | *true + pspEnabled: bool | *false + pspUseAppArmor: bool | *false + namespaced: bool | *false + extraRoleRules: [...{}] | *[] + extraClusterRoleRules: [...{}] | *[] + } + serviceAccount: { + create: bool | *true + name: string | *null + nameTest: string | *null + labels: {} | *{} + automountServiceAccountToken: bool | *false + } + replicas: int | *1 + headlessService: bool | *false + automountServiceAccountToken: bool | *true + autoscaling: { + enabled: bool | *false + minReplicas: int | *1 + maxReplicas: int | *5 + targetCPU: string | *"60" + targetMemory: string | *"" + behavior: {} | *{} + } + podDisruptionBudget: {} | *{} + deploymentStrategy: { + type: string | *"RollingUpdate" + } + readinessProbe: { + httpGet: { + path: string | *"/api/health" + port: int | *3000 + } + } + livenessProbe: { + httpGet: { + path: string | *"/api/health" + port: int | *3000 + } + initialDelaySeconds: int | *60 + timeoutSeconds: int | *30 + failureThreshold: int | *10 + } + image: { + registry: string | *"docker.io" + repository: string | *"grafana/grafana" + tag: string | *"latest" + sha: string | *"" + pullPolicy: v1.PullPolicy | *"IfNotPresent" + pullSecrets: [...string] | *[] + } + testFramework: { + enabled: bool | *true + image: { + registry: string | *"docker.io" + repository: string | *"bats/bats" + tag: string | *"v1.4.1" + } + imagePullPolicy: v1.PullPolicy | *"IfNotPresent" + securityContext: {} | *{} + resources: {} | *{} + } + dnsPolicy: string | *null + dnsConfig: {} | *{} + securityContext: { + runAsNonRoot: bool | *true + runAsUser: int | *472 + runAsGroup: int | *472 + fsGroup: int | *472 + } + containerSecurityContext: { + allowPrivilegeEscalation: bool | *false + capabilities: { + drop: [...string] | *["ALL"] + } + seccompProfile: { + type: string | *"RuntimeDefault" + } + } + createConfigmap: bool | *true + extraConfigmapMounts: [...{}] | *[] + extraEmptyDirMounts: [...{}] | *[] + extraLabels: {} | *{} + downloadDashboardsImage: { + registry: string | *"docker.io" + repository: string | *"curlimages/curl" + tag: string | *"7.85.0" + sha: string | *"" + pullPolicy: v1.PullPolicy | *"IfNotPresent" + } + downloadDashboards: { + env: {} | *{} + envFromSecret: string | *"" + resources: {} | *{} + securityContext: { + allowPrivilegeEscalation: bool | *false + capabilities: { + drop: [...string] | *["ALL"] + } + seccompProfile: { + type: string | *"RuntimeDefault" + } + } + envValueFrom: {} | *{} + } + service: { + enabled: bool | *true + type: string | *"ClusterIP" + ipFamilyPolicy: string | *"" + ipFamilies: [...string] | *[] + loadBalancerIP: string | *"" + loadBalancerClass: string | *"" + loadBalancerSourceRanges: [...string] | *[] + port: int | *80 + targetPort: int | *3000 + annotations: {} | *{} + labels: {} | *{} + portName: string | *"service" + appProtocol: string | *"" + } + serviceMonitor: { + enabled: bool | *false + path: string | *"/metrics" + labels: {} | *{} + interval: string | *"30s" + scheme: string | *"http" + tlsConfig: {} | *{} + scrapeTimeout: string | *"30s" + relabelings: [...{}] | *[] + metricRelabelings: [...{}] | *[] + targetLabels: [...string] | *[] + } + extraExposePorts: [...{}] | *[] + hostAliases: [...{}] | *[] + ingress: { + enabled: bool | *false + annotations: {} | *{} + labels: {} | *{} + path: string | *"/" + pathType: string | *"Prefix" + hosts: [...string] | *["chart-example.local"] + extraPaths: [...{}] | *[] + tls: [...{}] | *[] + } + resources: {} | *{} + nodeSelector: {} | *{} + tolerations: [...{}] | *[] + affinity: {} | *{} + topologySpreadConstraints: [...{}] | *[] + extraInitContainers: [...{}] | *[] + extraContainers: string | *"" + extraContainerVolumes: [...{}] | *[] + extraVolumeMounts: [...{}] | *[] + extraVolumes: [...{}] | *[] + persistence: { + type: string | *"pvc" + enabled: bool | *false + accessModes: [...string] | *["ReadWriteOnce"] + size: string | *"10Gi" + finalizers: [...string] | *["kubernetes.io/pvc-protection"] + extraPvcLabels: {} | *{} + disableWarning: bool | *false + inMemory: { + enabled: bool | *false + } + lookupVolumeName: bool | *true + } + initChownData: { + enabled: bool | *true + image: { + registry: string | *"docker.io" + repository: string | *"library/busybox" + tag: string | *"1.31.1" + sha: string | *"" + pullPolicy: v1.PullPolicy | *"IfNotPresent" + } + resources: {} | *{} + securityContext: { + runAsNonRoot: bool | *false + runAsUser: int | *0 + seccompProfile: { + type: string | *"RuntimeDefault" + } + capabilities: { + add: [...string] | *["CHOWN"] + } + } + } + adminUser: string | *"admin" + adminPassword: string | *"admin" + admin: { existingSecret: string | *"" - - // Service settings - service: { - type: string | *"ClusterIP" - port: k8s.#Port | *3000 - } - - // Persistence settings - persistence: { - enabled: bool | *true // Enable persistent storage - size: string | *"10Gi" // Size of persistent volume - storageClass: string | *"" - accessMode: string | *"ReadWriteOnce" - existingClaim: string | *"" - } - - livenessProbe: { - enabled: bool | *true - initialDelaySeconds: uint | *300 - periodSeconds: uint | *1 - timeoutSeconds: uint | *5 - failureThreshold: uint | *3 - successThreshold: uint | *1 - } - - readinessProbe: { - enabled: bool | *true - initialDelaySeconds: uint | *30 - periodSeconds: uint | *10 - timeoutSeconds: uint | *1 - failureThreshold: uint | *3 - successThreshold: uint | *1 - } - - // Ingress settings - ingress:{ - enabled: bool | *false // Enable ingress to expose Grafana externally - annotations: k8s.#Annotations - hosts: string | *"grafana.local" // Example hostname for your ingress - tls: bool | *false - } - - resources: v1.#ResourceRequirements | *{} - - // Dashboard provisioning (optional) - dashboards: { - enabled: bool | *true // Enable provisioning of dashboards - defaultFolderName: string | *"grafana-dashboards" // Default folder for imported dashboards - dashboardProviders: [{ - name: string | *"default" // Name of the dashboard provider - orgId: int | *1 // Organization ID - folder: string | *"" // Folder for dashboards - type: string | *"file" // Provider type (e.g., file) - disableDeletion: bool | *false // Disable dashboard deletion - editable: bool | *true // Whether the dashboards are editable - updateIntervalSeconds: int | *10 // Time interval for updates in seconds - options: { - path: string | *"/var/lib/grafana/dashboards" // Path for the dashboards - } - }] - } - - // Datasource provisioning (optional) - datasources: { - enabled: bool | *true // Enable provisioning of datasources - datasources: [{ - name: string | *"Prometheus" // Name of the datasource - type: string | *"prometheus" // Type of the datasource - url: string & =~"^http(s)?://[a-zA-Z0-9.-]+(:[0-9]+)?(/.*)?$" | *"http://prometheus:9090" | "https://prometheus:9090" // URL with validation and two default options - access: string | *"proxy" // Access mode for the datasource - isDefault: bool | *true // Marks the datasource as the default one - }] - } - - - // Node selector, tolerations, and affinity for pod scheduling - affinity: v1.#Affinity - nodeSelector: k8s.#Labels - tolerations: [...v1.#Toleration] - - // Annotations for Grafana pod - podAnnotations: k8s.#Annotations - - // Additional volumes and volume mounts - extraVolumes: [...v1.#Volume] - extraVolumeMounts: [...v1.#VolumeMount] + userKey: string | *"admin-user" + passwordKey: string | *"admin-password" + } + command: [...string] | *null + args: [...string] | *null + env: {} | *{} + envValueFrom: {} | *{} + envFromSecret: string | *"" + envRenderSecret: {} | *{} + envFromSecrets: [...{}] | *[] + envFromConfigMaps: [...{}] | *[] + enableServiceLinks: bool | *true + extraSecretMounts: [...{}] | *[] + extraVolumeMounts: [...{}] | *[] + extraVolumes: [...{}] | *[] + lifecycleHooks: {} | *{} + plugins: [...string] | *[] + datasources: { + enabled: bool | *false + } + alerting: {} | *{} + notifiers: {} | *{} + dashboardProviders: {} | *{} + dashboards: {} | *{} + dashboardsConfigMaps: {} | *{} + grafana_ini: { + paths: { + data: string | *"/var/lib/grafana/" + logs: string | *"/var/log/grafana" + plugins: string | *"/var/lib/grafana/plugins" + provisioning: string | *"/etc/grafana/provisioning" + } + analytics: { + check_for_updates: bool | *true + } + log: { + mode: string | *"console" + } + grafana_net: { + url: string | *"https://grafana.net" + } + server: { + domain: string | *"" + } + } + ldap: { + enabled: bool | *false + existingSecret: string | *"" + config: string | *"" + } + smtp: { + existingSecret: string | *"" + userKey: string | *"user" + passwordKey: string | *"password" + } + sidecar: { + image: { + registry: string | *"quay.io" + repository: string | *"kiwigrid/k8s-sidecar" + tag: string | *"1.27.4" + sha: string | *"" + pullPolicy: v1.PullPolicy | *"IfNotPresent" + } + resources: {} | *{} + securityContext: { + allowPrivilegeEscalation: bool | *false + capabilities: { + drop: [...string] | *["ALL"] + } + seccompProfile: { + type: string | *"RuntimeDefault" + } + } + alerts: { + enabled: bool | *false + env: {} | *{} + label: string | *"grafana_alert" + labelValue: string | *"" + searchNamespace: string | *null + watchMethod: string | *"WATCH" + resource: string | *"both" + reloadURL: string | *"http://localhost:3000/api/admin/provisioning/alerting/reload" + skipReload: bool | *false + initAlerts: bool | *false + } + dashboards: { + enabled: bool | *false + env: {} | *{} + SCProvider: bool | *true + label: string | *"grafana_dashboard" + labelValue: string | *"" + folder: string | *"/tmp/dashboards" + defaultFolderName: string | *null + searchNamespace: string | *null + watchMethod: string | *"WATCH" + resource: string | *"both" + folderAnnotation: string | *null + reloadURL: string | *"http://localhost:3000/api/admin/provisioning/dashboards/reload" + skipReload: bool | *false + } + datasources: { + enabled: bool | *false + env: {} | *{} + label: string | *"grafana_datasource" + labelValue: string | *"" + searchNamespace: string | *null + watchMethod: string | *"WATCH" + resource: string | *"both" + reloadURL: string | *"http://localhost:3000/api/admin/provisioning/datasources/reload" + skipReload: bool | *false + initDatasources: bool | *false + } + plugins: { + enabled: bool | *false + env: {} | *{} + label: string | *"grafana_plugin" + labelValue: string | *"" + searchNamespace: string | *null + watchMethod: string | *"WATCH" + resource: string | *"both" + reloadURL: string | *"http://localhost:3000/api/admin/provisioning/plugins/reload" + skipReload: bool | *false + initPlugins: bool | *false + } + notifiers: { + enabled: bool | *false + env: {} | *{} + label: string | *"grafana_notifier" + labelValue: string | *"" + searchNamespace: string | *null + watchMethod: string | *"WATCH" + resource: string | *"both" + reloadURL: string | *"http://localhost:3000/api/admin/provisioning/notifications/reload" + skipReload: bool | *false + initNotifiers: bool | *false + } + } + namespaceOverride: string | *"" + revisionHistoryLimit: int | *10 + imageRenderer: { + deploymentStrategy: {} | *{} + enabled: bool | *false + replicas: int | *1 + autoscaling: { + enabled: bool | *false + minReplicas: int | *1 + maxReplicas: int | *5 + targetCPU: string | *"60" + targetMemory: string | *"" + behavior: {} | *{} + } + serverURL: string | *"" + renderingCallbackURL: string | *"" + image: { + registry: string | *"docker.io" + repository: string | *"grafana/grafana-image-renderer" + tag: string | *"latest" + sha: string | *"" + pullPolicy: v1.PullPolicy | *"Always" + } + env: { + HTTP_HOST: string | *"0.0.0.0" + } + envValueFrom: {} | *{} + serviceAccountName: string | *"" + securityContext: {} | *{} + containerSecurityContext: { + seccompProfile: { + type: string | *"RuntimeDefault" + } + capabilities: { + drop: [...string] | *["ALL"] + } + allowPrivilegeEscalation: bool | *false + readOnlyRootFilesystem: bool | *true + } + service: { + enabled: bool | *true + portName: string | *"http" + port: int | *8081 + targetPort: int | *8081 + appProtocol: string | *"" + } + serviceMonitor: { + enabled: bool | *false + path: string | *"/metrics" + labels: {} | *{} + interval: string | *"1m" + scheme: string | *"http" + tlsConfig: {} | *{} + scrapeTimeout: string | *"30s" + relabelings: [...{}] | *[] + targetLabels: [...string] | *[] + } + grafanaProtocol: string | *"http" + grafanaSubPath: string | *"" + podPortName: string | *"http" + revisionHistoryLimit: int | *10 + networkPolicy: { + limitIngress: bool | *true + limitEgress: bool | *false + extraIngressSelectors: [...{}] | *[] + } + resources: {} | *{} + nodeSelector: {} | *{} + tolerations: [...{}] | *[] + affinity: {} | *{} + extraConfigmapMounts: [...{}] | *[] + extraSecretMounts: [...{}] | *[] + extraVolumeMounts: [...{}] | *[] + extraVolumes: [...{}] | *[] + } + networkPolicy: { + enabled: bool | *false + ingress: bool | *true + allowExternal: bool | *true + explicitNamespacesSelector: {} | *{} + egress: { + enabled: bool | *false + blockDNSResolution: bool | *false + ports: [...{}] | *[] + to: [...{}] | *[] + } + } + enableKubeBackwardCompatibility: bool | *false + useStatefulSet: bool | *false + extraObjects: [...{}] | *[] + assertNoLeakedSecrets: bool | *true } \ No newline at end of file From 9fa613a8945e6e4550331431d959ce710a8ef8e3 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sun, 6 Oct 2024 14:59:59 +0300 Subject: [PATCH 11/14] added prometheus svc --- grafana-values.yaml | 1386 ------------------------ k8s/services/prometheus/helm-25.26.cue | 76 ++ k8s/services/prometheus/helm.cue | 29 + k8s/stacks/observ.cue | 8 + 4 files changed, 113 insertions(+), 1386 deletions(-) delete mode 100644 grafana-values.yaml create mode 100644 k8s/services/prometheus/helm-25.26.cue create mode 100644 k8s/services/prometheus/helm.cue diff --git a/grafana-values.yaml b/grafana-values.yaml deleted file mode 100644 index 50c0931..0000000 --- a/grafana-values.yaml +++ /dev/null @@ -1,1386 +0,0 @@ -global: - # -- Overrides the Docker registry globally for all images - imageRegistry: null - - # To help compatibility with other charts which use global.imagePullSecrets. - # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). - # Can be templated. - # global: - # imagePullSecrets: - # - name: pullSecret1 - # - name: pullSecret2 - # or - # global: - # imagePullSecrets: - # - pullSecret1 - # - pullSecret2 - imagePullSecrets: [] - -rbac: - create: true - ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) - # useExistingRole: name-of-some-role - # useExistingClusterRole: name-of-some-clusterRole - pspEnabled: false - pspUseAppArmor: false - namespaced: false - extraRoleRules: [] - # - apiGroups: [] - # resources: [] - # verbs: [] - extraClusterRoleRules: [] - # - apiGroups: [] - # resources: [] - # verbs: [] -serviceAccount: - create: true - name: - nameTest: - ## ServiceAccount labels. - labels: {} - ## Service account annotations. Can be templated. - # annotations: - # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - - ## autoMount is deprecated in favor of automountServiceAccountToken - # autoMount: false - automountServiceAccountToken: false - -replicas: 1 - -## Create a headless service for the deployment -headlessService: false - -## Should the service account be auto mounted on the pod -automountServiceAccountToken: true - -## Create HorizontalPodAutoscaler object for deployment type -# -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPU: "60" - targetMemory: "" - behavior: {} - -## See `kubectl explain poddisruptionbudget.spec` for more -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} -# apiVersion: "" -# minAvailable: 1 -# maxUnavailable: 1 - -## See `kubectl explain deployment.spec.strategy` for more -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -deploymentStrategy: - type: RollingUpdate - -readinessProbe: - httpGet: - path: /api/health - port: 3000 - -livenessProbe: - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: "default-scheduler" - -image: - # -- The Docker registry - registry: docker.io - # -- Docker image repository - repository: grafana/grafana - # Overrides the Grafana image tag whose default is the chart appVersion - tag: "" - sha: "" - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Can be templated. - ## - pullSecrets: [] - # - myRegistrKeySecretName - -testFramework: - enabled: true - image: - # -- The Docker registry - registry: docker.io - repository: bats/bats - tag: "v1.4.1" - imagePullPolicy: IfNotPresent - securityContext: {} - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# dns configuration for pod -dnsPolicy: ~ -dnsConfig: {} - # nameservers: - # - 8.8.8.8 - # options: - # - name: ndots - # value: "2" - # - name: edns0 - -securityContext: - runAsNonRoot: true - runAsUser: 472 - runAsGroup: 472 - fsGroup: 472 - -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - -# Enable creating the grafana configmap -createConfigmap: true - -# Extra configmaps to mount in grafana pods -# Values are templated. -extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /etc/grafana/ssl/ - # subPath: certificates.crt # (optional) - # configMap: certs-configmap - # readOnly: true - # optional: false - - -extraEmptyDirMounts: [] - # - name: provisioning-notifiers - # mountPath: /etc/grafana/provisioning/notifiers - - -# Apply extra labels to common labels. -extraLabels: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: - -downloadDashboardsImage: - # -- The Docker registry - registry: docker.io - repository: curlimages/curl - tag: 7.85.0 - sha: "" - pullPolicy: IfNotPresent - -downloadDashboards: - env: {} - envFromSecret: "" - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - -## Pod Annotations -# podAnnotations: {} - -## ConfigMap Annotations -# configMapAnnotations: {} - # argocd.argoproj.io/sync-options: Replace=true - -## Pod Labels -# podLabels: {} - -podPortName: grafana -gossipPortName: gossip -## Deployment annotations -# annotations: {} - -## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - enabled: true - type: ClusterIP - # Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) - ipFamilyPolicy: "" - # Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. - ipFamilies: [] - loadBalancerIP: "" - loadBalancerClass: "" - loadBalancerSourceRanges: [] - port: 80 - targetPort: 3000 - # targetPort: 4181 To be used with a proxy extraContainer - ## Service annotations. Can be templated. - annotations: {} - labels: {} - portName: service - # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" - appProtocol: "" - -serviceMonitor: - ## If true, a ServiceMonitor CR is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator - ## - enabled: false - path: /metrics - # namespace: monitoring (defaults to use the namespace this chart is deployed to) - labels: {} - interval: 30s - scheme: http - tlsConfig: {} - scrapeTimeout: 30s - relabelings: [] - metricRelabelings: [] - targetLabels: [] - -extraExposePorts: [] - # - name: keycloak - # port: 8080 - # targetPort: 8080 - -# overrides pod.spec.hostAliases in the grafana deployment's pods -hostAliases: [] - # - ip: "1.2.3.4" - # hostnames: - # - "my.host.com" - -ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - - # pathType is only for k8s >= 1.1= - pathType: Prefix - - hosts: - - chart-example.local - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## Or for k8s > 1.19 - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -## Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -# -nodeSelector: {} - -## Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Affinity for pod assignment (evaluated as template) -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Topology Spread Constraints -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -topologySpreadConstraints: [] - -## Additional init containers (evaluated as template) -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## -extraInitContainers: [] - -## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod -extraContainers: "" -# extraContainers: | -# - name: proxy -# image: quay.io/gambol99/keycloak-proxy:latest -# args: -# - -provider=github -# - -client-id= -# - -client-secret= -# - -github-org= -# - -email-domain=* -# - -cookie-secret= -# - -http-address=http://0.0.0.0:4181 -# - -upstream-url=http://127.0.0.1:3000 -# ports: -# - name: proxy-web -# containerPort: 4181 - -## Volumes that can be used in init containers that will not be mounted to deployment pods -extraContainerVolumes: [] -# - name: volume-from-secret -# secret: -# secretName: secret-to-mount -# - name: empty-dir-volume -# emptyDir: {} - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - type: pvc - enabled: false - # storageClassName: default - accessModes: - - ReadWriteOnce - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # selectorLabels: {} - ## Sub-directory of the PV to mount. Can be templated. - # subPath: "" - ## Name of an existing PVC. Can be templated. - # existingClaim: - ## Extra labels to apply to a PVC. - extraPvcLabels: {} - disableWarning: false - - ## If persistence is not enabled, this allows to mount the - ## local storage in-memory to improve performance - ## - inMemory: - enabled: false - ## The maximum usage on memory medium EmptyDir would be - ## the minimum value between the SizeLimit specified - ## here and the sum of memory limits of all containers in a pod - ## - # sizeLimit: 300Mi - - ## If 'lookupVolumeName' is set to true, Helm will attempt to retrieve - ## the current value of 'spec.volumeName' and incorporate it into the template. - lookupVolumeName: true - -initChownData: - ## If false, data ownership will not be reset at startup - ## This allows the grafana-server to be run with an arbitrary user - ## - enabled: true - - ## initChownData container image - ## - image: - # -- The Docker registry - registry: docker.io - repository: library/busybox - tag: "1.31.1" - sha: "" - pullPolicy: IfNotPresent - - ## initChownData resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - securityContext: - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - capabilities: - add: - - CHOWN - -# Administrator credentials when not using an existing secret (see below) -adminUser: admin -# adminPassword: strongpassword - -# Use an existing secret for the admin user. -admin: - ## Name of the secret. Can be templated. - existingSecret: "" - userKey: admin-user - passwordKey: admin-password - -## Define command to be executed at startup by grafana container -## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) -## Default is "run.sh" as defined in grafana's Dockerfile -# command: -# - "sh" -# - "/run.sh" - -## Optionally define args if command is used -## Needed if using `hashicorp/envconsul` to manage secrets -## By default no arguments are set -# args: -# - "-secret" -# - "secret/grafana" -# - "./grafana" - -## Extra environment variables that will be pass onto deployment pods -## -## to provide grafana with access to CloudWatch on AWS EKS: -## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) -## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the -## same oidc eks provider as noted before (same as the existing line) -## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name -## -## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", -## -## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess -## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) -## -## env: -## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here -## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token -## AWS_REGION: us-east-1 -## -## 5. uncomment the EKS section in extraSecretMounts: below -## 6. uncomment the annotation section in the serviceAccount: above -## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn - -env: {} - -## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core -## Renders in container spec as: -## env: -## ... -## - name: -## valueFrom: -## -envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - -## The name of a secret in the same kubernetes namespace which contain values to be added to the environment -## This can be useful for auth tokens, etc. Value is templated. -envFromSecret: "" - -## Sensible environment variables that will be rendered as new secret object -## This can be useful for auth tokens, etc. -## If the secret values contains "{{", they'll need to be properly escaped so that they are not interpreted by Helm -## ref: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function -envRenderSecret: {} - -## The names of secrets in the same kubernetes namespace which contain values to be added to the environment -## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. -## Name is templated. -envFromSecrets: [] -## - name: secret-name -## prefix: prefix -## optional: true - -## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment -## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. -## Name is templated. -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core -envFromConfigMaps: [] -## - name: configmap-name -## prefix: prefix -## optional: true - -# Inject Kubernetes services as environment variables. -# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables -enableServiceLinks: true - -## Additional grafana server secret mounts -# Defines additional mounts with secrets. Secrets must be manually created in the namespace. -extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # secretName: grafana-secret-files - # readOnly: true - # optional: false - # subPath: "" - # - # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) - # - name: aws-iam-token - # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount - # readOnly: true - # projected: - # defaultMode: 420 - # sources: - # - serviceAccountToken: - # audience: sts.amazonaws.com - # expirationSeconds: 86400 - # path: token - # - # for CSI e.g. Azure Key Vault use the following - # - name: secrets-store-inline - # mountPath: /run/secrets - # readOnly: true - # csi: - # driver: secrets-store.csi.k8s.io - # readOnly: true - # volumeAttributes: - # secretProviderClass: "akv-grafana-spc" - # nodePublishSecretRef: # Only required when using service principal mode - # name: grafana-akv-creds # Only required when using service principal mode - -## Additional grafana server volume mounts -# Defines additional volume mounts. -extraVolumeMounts: [] - # - name: extra-volume-0 - # mountPath: /mnt/volume0 - # readOnly: true - # - name: extra-volume-1 - # mountPath: /mnt/volume1 - # readOnly: true - # - name: grafana-secrets - # mountPath: /mnt/volume2 - -## Additional Grafana server volumes -extraVolumes: [] - # - name: extra-volume-0 - # existingClaim: volume-claim - # - name: extra-volume-1 - # hostPath: - # path: /usr/shared/ - # type: "" - # - name: grafana-secrets - # csi: - # driver: secrets-store.csi.k8s.io - # readOnly: true - # volumeAttributes: - # secretProviderClass: "grafana-env-spc" - -## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request -lifecycleHooks: {} - # postStart: - # exec: - # command: [] - -## Pass the plugins you want installed as a list. -## -plugins: [] - # - digrich-bubblechart-panel - # - grafana-clock-panel - ## You can also use other plugin download URL, as long as they are valid zip files, - ## and specify the name of the plugin after the semicolon. Like this: - # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource - -## Configure grafana datasources -## ref: http://docs.grafana.org/administration/provisioning/#datasources -## -datasources: {} -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Prometheus -# type: prometheus -# url: http://prometheus-prometheus-server -# access: proxy -# isDefault: true -# - name: CloudWatch -# type: cloudwatch -# access: proxy -# uid: cloudwatch -# editable: false -# jsonData: -# authType: default -# defaultRegion: us-east-1 -# deleteDatasources: [] -# - name: Prometheus - -## Configure grafana alerting (can be templated) -## ref: http://docs.grafana.org/administration/provisioning/#alerting -## -alerting: {} - # rules.yaml: - # apiVersion: 1 - # groups: - # - orgId: 1 - # name: '{{ .Chart.Name }}_my_rule_group' - # folder: my_first_folder - # interval: 60s - # rules: - # - uid: my_id_1 - # title: my_first_rule - # condition: A - # data: - # - refId: A - # datasourceUid: '-100' - # model: - # conditions: - # - evaluator: - # params: - # - 3 - # type: gt - # operator: - # type: and - # query: - # params: - # - A - # reducer: - # type: last - # type: query - # datasource: - # type: __expr__ - # uid: '-100' - # expression: 1==0 - # intervalMs: 1000 - # maxDataPoints: 43200 - # refId: A - # type: math - # dashboardUid: my_dashboard - # panelId: 123 - # noDataState: Alerting - # for: 60s - # annotations: - # some_key: some_value - # labels: - # team: sre_team_1 - # contactpoints.yaml: - # secret: - # apiVersion: 1 - # contactPoints: - # - orgId: 1 - # name: cp_1 - # receivers: - # - uid: first_uid - # type: pagerduty - # settings: - # integrationKey: XXX - # severity: critical - # class: ping failure - # component: Grafana - # group: app-stack - # summary: | - # {{ `{{ include "default.message" . }}` }} - -## Configure notifiers -## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels -## -notifiers: {} -# notifiers.yaml: -# notifiers: -# - name: email-notifier -# type: email -# uid: email1 -# # either: -# org_id: 1 -# # or -# org_name: Main Org. -# is_default: true -# settings: -# addresses: an_email_address@example.com -# delete_notifiers: - -## Configure grafana dashboard providers -## ref: http://docs.grafana.org/administration/provisioning/#dashboards -## -## `path` must be /var/lib/grafana/dashboards/ -## -dashboardProviders: {} -# dashboardproviders.yaml: -# apiVersion: 1 -# providers: -# - name: 'default' -# orgId: 1 -# folder: '' -# type: file -# disableDeletion: false -# editable: true -# options: -# path: /var/lib/grafana/dashboards/default - -## Configure grafana dashboard to import -## NOTE: To use dashboards you must also enable/configure dashboardProviders -## ref: https://grafana.com/dashboards -## -## dashboards per provider, use provider name as key. -## -dashboards: {} - # default: - # some-dashboard: - # json: | - # $RAW_JSON - # custom-dashboard: - # file: dashboards/custom-dashboard.json - # prometheus-stats: - # gnetId: 2 - # revision: 2 - # datasource: Prometheus - # local-dashboard: - # url: https://example.com/repository/test.json - # token: '' - # local-dashboard-base64: - # url: https://example.com/repository/test-b64.json - # token: '' - # b64content: true - # local-dashboard-gitlab: - # url: https://example.com/repository/test-gitlab.json - # gitlabToken: '' - # local-dashboard-bitbucket: - # url: https://example.com/repository/test-bitbucket.json - # bearerToken: '' - # local-dashboard-azure: - # url: https://example.com/repository/test-azure.json - # basic: '' - # acceptHeader: '*/*' - -## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. -## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. -## ConfigMap data example: -## -## data: -## example-dashboard.json: | -## RAW_JSON -## -dashboardsConfigMaps: {} -# default: "" - -## Grafana's primary configuration -## NOTE: values in map will be converted to ini format -## ref: http://docs.grafana.org/installation/configuration/ -## -grafana.ini: - paths: - data: /var/lib/grafana/ - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning - analytics: - check_for_updates: true - log: - mode: console - grafana_net: - url: https://grafana.net - server: - domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else }}''{{ end }}" -## grafana Authentication can be enabled with the following values on grafana.ini - # server: - # The full public facing url you use in browser, used for redirects and emails - # root_url: - # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana - # auth.github: - # enabled: false - # allow_sign_up: false - # scopes: user:email,read:org - # auth_url: https://github.com/login/oauth/authorize - # token_url: https://github.com/login/oauth/access_token - # api_url: https://api.github.com/user - # team_ids: - # allowed_organizations: - # client_id: - # client_secret: -## LDAP Authentication can be enabled with the following values on grafana.ini -## NOTE: Grafana will fail to start if the value for ldap.toml is invalid - # auth.ldap: - # enabled: true - # allow_sign_up: true - # config_file: /etc/grafana/ldap.toml - -## Grafana's LDAP configuration -## Templated by the template in _helpers.tpl -## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled -## ref: http://docs.grafana.org/installation/configuration/#auth-ldap -## ref: http://docs.grafana.org/installation/ldap/#configuration -ldap: - enabled: false - # `existingSecret` is a reference to an existing secret containing the ldap configuration - # for Grafana in a key `ldap-toml`. - existingSecret: "" - # `config` is the content of `ldap.toml` that will be stored in the created secret - config: "" - # config: |- - # verbose_logging = true - - # [[servers]] - # host = "my-ldap-server" - # port = 636 - # use_ssl = true - # start_tls = false - # ssl_skip_verify = false - # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" - -## Grafana's SMTP configuration -## NOTE: To enable, grafana.ini must be configured with smtp.enabled -## ref: http://docs.grafana.org/installation/configuration/#smtp -smtp: - # `existingSecret` is a reference to an existing secret containing the smtp configuration - # for Grafana. - existingSecret: "" - userKey: "user" - passwordKey: "password" - -## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders -## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards -sidecar: - image: - # -- The Docker registry - registry: quay.io - repository: kiwigrid/k8s-sidecar - tag: 1.27.4 - sha: "" - imagePullPolicy: IfNotPresent - resources: {} -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - # skipTlsVerify Set to true to skip tls verification for kube api calls - # skipTlsVerify: true - enableUniqueFilenames: false - readinessProbe: {} - livenessProbe: {} - # Log level default for all sidecars. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. Defaults to INFO - # logLevel: INFO - alerts: - enabled: false - # Additional environment variables for the alerts sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with alert are marked with - label: grafana_alert - # value of label that the configmaps with alert are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for alert config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload alerts - reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload" - # Absolute path to shell script to execute after a alert got reloaded - script: null - skipReload: false - # This is needed if skipReload is true, to load any alerts defined at startup time. - # Deploy the alert sidecar as an initContainer. - initAlerts: false - # Additional alert sidecar volume mounts - extraMounts: [] - # Sets the size limit of the alert sidecar emptyDir volume - sizeLimit: {} - dashboards: - enabled: false - # Additional environment variables for the dashboards sidecar - env: {} - ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - ## Renders in container spec as: - ## env: - ## ... - ## - name: - ## valueFrom: - ## - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - SCProvider: true - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - # value of label that the configmaps with dashboards are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) - folder: /tmp/dashboards - # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead - defaultFolderName: null - # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces. - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # If specified, the sidecar will look for annotation with this name to create folder and put graph here. - # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. - folderAnnotation: null - # Endpoint to send request to reload alerts - reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" - # Absolute path to shell script to execute after a configmap got reloaded - script: null - skipReload: false - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # provider configuration that lets grafana manage the dashboards - provider: - # name of the provider, should be unique - name: sidecarProvider - # orgid as configured in grafana - orgid: 1 - # folder in which the dashboards should be imported in grafana - folder: '' - # folder UID. will be automatically generated if not specified - folderUid: '' - # type of the provider - type: file - # disableDelete to activate a import-only behaviour - disableDelete: false - # allow updating provisioned dashboards from the UI - allowUiUpdates: false - # allow Grafana to replicate dashboard structure from filesystem - foldersFromFilesStructure: false - # Additional dashboard sidecar volume mounts - extraMounts: [] - # Sets the size limit of the dashboard sidecar emptyDir volume - sizeLimit: {} - datasources: - enabled: false - # Additional environment variables for the datasourcessidecar - env: {} - ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - ## Renders in container spec as: - ## env: - ## ... - ## - name: - ## valueFrom: - ## - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with datasources are marked with - label: grafana_datasource - # value of label that the configmaps with datasources are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for datasource config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload datasources - reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" - # Absolute path to shell script to execute after a datasource got reloaded - script: null - skipReload: false - # This is needed if skipReload is true, to load any datasources defined at startup time. - # Deploy the datasources sidecar as an initContainer. - initDatasources: false - # Sets the size limit of the datasource sidecar emptyDir volume - sizeLimit: {} - plugins: - enabled: false - # Additional environment variables for the plugins sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with plugins are marked with - label: grafana_plugin - # value of label that the configmaps with plugins are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for plugin config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload plugins - reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" - # Absolute path to shell script to execute after a plugin got reloaded - script: null - skipReload: false - # Deploy the datasource sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any plugins defined at startup time. - initPlugins: false - # Sets the size limit of the plugin sidecar emptyDir volume - sizeLimit: {} - notifiers: - enabled: false - # Additional environment variables for the notifierssidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with notifiers are marked with - label: grafana_notifier - # value of label that the configmaps with notifiers are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for notifier config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload notifiers - reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload" - # Absolute path to shell script to execute after a notifier got reloaded - script: null - skipReload: false - # Deploy the notifier sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any notifiers defined at startup time. - initNotifiers: false - # Sets the size limit of the notifier sidecar emptyDir volume - sizeLimit: {} - -## Override the deployment namespace -## -namespaceOverride: "" - -## Number of old ReplicaSets to retain -## -revisionHistoryLimit: 10 - -## Add a seperate remote image renderer deployment/service -imageRenderer: - deploymentStrategy: {} - # Enable the image-renderer deployment & service - enabled: false - replicas: 1 - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPU: "60" - targetMemory: "" - behavior: {} - # The url of remote image renderer if it is not in the same namespace with the grafana instance - serverURL: "" - # The callback url of grafana instances if it is not in the same namespace with the remote image renderer - renderingCallbackURL: "" - image: - # -- The Docker registry - registry: docker.io - # image-renderer Image repository - repository: grafana/grafana-image-renderer - # image-renderer Image tag - tag: latest - # image-renderer Image sha (optional) - sha: "" - # image-renderer ImagePullPolicy - pullPolicy: Always - # extra environment variables - env: - HTTP_HOST: "0.0.0.0" - # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 - # RENDERING_MODE: clustered - # IGNORE_HTTPS_ERRORS: true - - ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - ## Renders in container spec as: - ## env: - ## ... - ## - name: - ## valueFrom: - ## - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - - # image-renderer deployment serviceAccount - serviceAccountName: "" - # image-renderer deployment securityContext - securityContext: {} - # image-renderer deployment container securityContext - containerSecurityContext: - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ['ALL'] - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - ## image-renderer pod annotation - podAnnotations: {} - # image-renderer deployment Host Aliases - hostAliases: [] - # image-renderer deployment priority class - priorityClassName: '' - service: - # Enable the image-renderer service - enabled: true - # image-renderer service port name - portName: 'http' - # image-renderer service port used by both service and deployment - port: 8081 - targetPort: 8081 - # Adds the appProtocol field to the image-renderer service. This allows to work with istio protocol selection. Ex: "http" or "tcp" - appProtocol: "" - serviceMonitor: - ## If true, a ServiceMonitor CRD is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator - ## - enabled: false - path: /metrics - # namespace: monitoring (defaults to use the namespace this chart is deployed to) - labels: {} - interval: 1m - scheme: http - tlsConfig: {} - scrapeTimeout: 30s - relabelings: [] - # See: https://doc.crds.dev/github.com/prometheus-operator/kube-prometheus/monitoring.coreos.com/ServiceMonitor/v1@v0.11.0#spec-targetLabels - targetLabels: [] - # - targetLabel1 - # - targetLabel2 - # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana - grafanaProtocol: http - # In case a sub_path is used this needs to be added to the image renderer callback - grafanaSubPath: "" - # name of the image-renderer port on the pod - podPortName: http - # number of image-renderer replica sets to keep - revisionHistoryLimit: 10 - networkPolicy: - # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods - limitIngress: true - # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods - limitEgress: false - # Allow additional services to access image-renderer (eg. Prometheus operator when ServiceMonitor is enabled) - extraIngressSelectors: [] - resources: {} -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## Affinity for pod assignment (evaluated as template) - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: "default-scheduler" - - # Extra configmaps to mount in image-renderer pods - extraConfigmapMounts: [] - - # Extra secrets to mount in image-renderer pods - extraSecretMounts: [] - - # Extra volumes to mount in image-renderer pods - extraVolumeMounts: [] - - # Extra volumes for image-renderer pods - extraVolumes: [] - -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to grafana port defined. - ## When true, grafana will accept connections from any source - ## (with the correct destination port). - ## - ingress: true - ## @param networkPolicy.ingress When true enables the creation - ## an ingress network policy - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the grafana. - ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - ## - ## - ## - ## - ## - ## - egress: - ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be - ## created allowing grafana to connect to external data sources from kubernetes cluster. - enabled: false - ## - ## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked - ## for all pods in the grafana namespace. - blockDNSResolution: false - ## - ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress - ports: [] - ## Add ports to the egress by specifying - port: - ## E.X. - ## - port: 80 - ## - port: 443 - ## - ## @param networkPolicy.egress.to Allow egress traffic to specific destinations - to: [] - ## Add destinations to the egress by specifying - ipBlock: - ## E.X. - ## to: - ## - namespaceSelector: - ## matchExpressions: - ## - {key: role, operator: In, values: [grafana]} - ## - ## - ## - ## - ## - -# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option -enableKubeBackwardCompatibility: false -useStatefulSet: false -# Create a dynamic manifests via values: -extraObjects: [] - # - apiVersion: "kubernetes-client.io/v1" - # kind: ExternalSecret - # metadata: - # name: grafana-secrets - # spec: - # backendType: gcpSecretsManager - # data: - # - key: grafana-admin-password - # name: adminPassword - -# assertNoLeakedSecrets is a helper function defined in _helpers.tpl that checks if secret -# values are not exposed in the rendered grafana.ini configmap. It is enabled by default. -# -# To pass values into grafana.ini without exposing them in a configmap, use variable expansion: -# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion -# -# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap, -# you can disable this check by setting assertNoLeakedSecrets to false. -assertNoLeakedSecrets: true \ No newline at end of file diff --git a/k8s/services/prometheus/helm-25.26.cue b/k8s/services/prometheus/helm-25.26.cue new file mode 100644 index 0000000..aee6693 --- /dev/null +++ b/k8s/services/prometheus/helm-25.26.cue @@ -0,0 +1,76 @@ +package prometheus + +#KubeVersion: [=~"^25\\.26\\.0"]: minor: >=21 +#Values: [=~"^25\\.26\\.0"]: { + + image: { + repository: string | *"quay.io/prometheus/prometheus" + tag: string | *"latest" // Change to the desired Prometheus version + pullPolicy: string | *"IfNotPresent" // Options: Always, IfNotPresent + } + + service: { + enabled: bool | *true + type: string | *"ClusterIP" // Options: ClusterIP, NodePort, LoadBalancer + port: int | *9090 // Default Prometheus service port + } + + retention: string | *"15d" // Data retention period (e.g., 15 days) + + persistentVolume: { + enabled: bool | *true // Enable persistent storage + size: string | *"10Gi" // Persistent Volume size + storageClass: string | *"" // Set the StorageClass, leave empty for default + accessModes: [string] | *["ReadWriteOnce"] + } + + resources: { + requests: { + cpu: string | *"500m" + memory: string | *"512Mi" + } + limits: { + cpu: string | *"1" + memory: string | *"1Gi" + } + } + + alertmanager: { + enabled: bool | *true // Enable Alertmanager + persistence: { + enabled: bool | *true + size: string | *"2Gi" // Size of the persistent volume for Alertmanager + } + } + + rbac: { + create: bool | *true // Enable RBAC roles and bindings + } + + global: { + scrape_interval: string | *"1m" // Frequency of scraping metrics + scrape_timeout: string | *"10s" // Timeout for a scrape request + evaluation_interval: string | *"1m" // Frequency of rule evaluations + } + + securityContext: { + runAsUser: int | *65534 + runAsNonRoot: bool | *true + fsGroup: int | *65534 // File system group for volume mounts + } + + ingress: { + enabled: bool | *false // Enable Ingress to expose Prometheus externally + annotations: [string]: string | *{} + hosts: [...string] | *[] + path: string | *"/" + tls: [...string] | *[] + } + + serviceAccounts: { + server: { + create: bool | *true + name: string | *"" // Leave empty to use default ServiceAccount + } + } +} \ No newline at end of file diff --git a/k8s/services/prometheus/helm.cue b/k8s/services/prometheus/helm.cue new file mode 100644 index 0000000..121f12a --- /dev/null +++ b/k8s/services/prometheus/helm.cue @@ -0,0 +1,29 @@ +package prometheus + +import ( + "stakpak.dev/devx/v1" + "stakpak.dev/devx/v1/traits" +) + +#PrometheusChart: { + traits.#Helm + k8s: "version": (v1.getMatch & { + match: helm.version + input: #KubeVersion + }).result + helm: { + repoType: "default" + url: "https://prometheus-community.github.io/helm-charts" + chart: "prometheus" + + version: string | *"25.26.0" + + namespace: string | *"monitoring" + release: string + + values: (v1.getMatch & { + match: version + input: #Values + }).result + } +} \ No newline at end of file diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index 1203aa6..54cbd06 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -4,6 +4,7 @@ import ( "stakpak.dev/devx/v1" "stakpak.dev/devx/k8s/services/loki" "stakpak.dev/devx/k8s/services/grafana" + "stakpak.dev/devx/k8s/services/prometheus" ) ObservabilityStack: v1.#Stack & { @@ -23,5 +24,12 @@ ObservabilityStack: v1.#Stack & { values: {} } } + "prometheus": prometheus.#PrometheusChart & { + helm: { + version: "25.26.0" + release: "prometheus" + values: {} + } + } } } \ No newline at end of file From 9ce2ba2fae55da6b7a1e3031df896d10aead1612 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Sun, 6 Oct 2024 15:37:50 +0300 Subject: [PATCH 12/14] fixed loki chart version --- .../loki/{helm-2.10.cue => helm-6.16.cue} | 32 ++----------------- k8s/services/loki/helm.cue | 2 +- k8s/stacks/observ.cue | 2 +- 3 files changed, 4 insertions(+), 32 deletions(-) rename k8s/services/loki/{helm-2.10.cue => helm-6.16.cue} (53%) diff --git a/k8s/services/loki/helm-2.10.cue b/k8s/services/loki/helm-6.16.cue similarity index 53% rename from k8s/services/loki/helm-2.10.cue rename to k8s/services/loki/helm-6.16.cue index 1adfd0c..f478135 100644 --- a/k8s/services/loki/helm-2.10.cue +++ b/k8s/services/loki/helm-6.16.cue @@ -1,7 +1,7 @@ package loki -#KubeVersion: [=~"^2\\.10\\.2"]: minor: >=21 -#Values: [=~"^2\\.10\\.2"]: { +#KubeVersion: [=~"^6\\.16\\.0"]: minor: >=21 +#Values: [=~"^6\\.16\\.0"]: { // Loki settings loki: { @@ -39,32 +39,4 @@ package loki // }] } } - - // Grafana settings - grafana: { - enabled: bool | *true - sidecar: { - datasources: { - label: string | *"" - labelValue: string | *"" - enabled: bool | *true - maxLines: int | *1000 - } - } - image: { - tag: string | *"10.3.3" - } - adminUser: string | *"grafana" - adminPassword: string | *"grafana" - } - - // Prometheus settings - prometheus: { - enabled: bool | *true - isDefault: bool | *true - // url: string | *"http://{{ include \"prometheus.fullname\" .}}:{{ .Values.prometheus.server.service.servicePort }}{{ .Values.prometheus.server.prefixURL }}" - datasource: { - jsonData: string | *"{}" - } - } } \ No newline at end of file diff --git a/k8s/services/loki/helm.cue b/k8s/services/loki/helm.cue index 6e02cdc..9203b6c 100644 --- a/k8s/services/loki/helm.cue +++ b/k8s/services/loki/helm.cue @@ -16,7 +16,7 @@ import ( url: "https://grafana.github.io/helm-charts" chart: "loki" - version: string | *"2.10.2" + version: string | *"6.16.0" namespace: string | *"monitoring" release: string diff --git a/k8s/stacks/observ.cue b/k8s/stacks/observ.cue index 54cbd06..499ddd6 100644 --- a/k8s/stacks/observ.cue +++ b/k8s/stacks/observ.cue @@ -12,7 +12,7 @@ ObservabilityStack: v1.#Stack & { components: { "loki": loki.#LokiChart & { helm: { - version: "2.10.2" + version: "6.16.0" release: "loki" values: {} } From e49139f3825d0485ff344d347fc7f7c427135d88 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Mon, 7 Oct 2024 22:12:12 +0300 Subject: [PATCH 13/14] chore: add all prometheus values --- k8s/services/prometheus/helm-25.26.cue | 203 ++++++++++++++++--------- 1 file changed, 135 insertions(+), 68 deletions(-) diff --git a/k8s/services/prometheus/helm-25.26.cue b/k8s/services/prometheus/helm-25.26.cue index aee6693..d2ac776 100644 --- a/k8s/services/prometheus/helm-25.26.cue +++ b/k8s/services/prometheus/helm-25.26.cue @@ -3,74 +3,141 @@ package prometheus #KubeVersion: [=~"^25\\.26\\.0"]: minor: >=21 #Values: [=~"^25\\.26\\.0"]: { - image: { - repository: string | *"quay.io/prometheus/prometheus" - tag: string | *"latest" // Change to the desired Prometheus version - pullPolicy: string | *"IfNotPresent" // Options: Always, IfNotPresent + rbac: create: bool | *true + podSecurityPolicy: enabled: bool | *false + imagePullSecrets: [...{ name: string }] + serviceAccounts: { + server: { + create: bool | *true + name: string | *"" + annotations: [string]: string } + } + commonMetaLabels: [string]: string + configmapReload: { + reloadUrl: string | *"" + env: [...{ + name: string + value: string | *"" + valueFrom: { + secretKeyRef: { + name: string + key: string + optional: bool | *false + } + } + }] + prometheus: { + enabled: bool | *true + name: string | *"configmap-reload" + image: { + repository: string | *"quay.io/prometheus-operator/prometheus-config-reloader" + tag: string | *"v0.76.0" + digest: string | *"" + pullPolicy: string | *"IfNotPresent" + } + containerPort: int | *8080 + containerPortName: string | *"metrics" + extraArgs: [string]: string + extraVolumeDirs: [string]: string + extraVolumeMounts: [string]: string + extraConfigmapMounts: [...{ + name: string + mountPath: string + subPath: string + configMap: string + readOnly: bool | *true + }] + containerSecurityContext: [string]: string + livenessProbe: { + httpGet: { + path: string | *"/healthz" + port: int | *8080 + scheme: string | *"HTTP" + } + periodSeconds: int | *10 + initialDelaySeconds: int | *2 + } + readinessProbe: { + httpGet: { + path: string | *"/healthz" + port: int | *8080 + scheme: string | *"HTTP" + } + periodSeconds: int | *10 + } + startupProbe: { + enabled: bool | *false + httpGet: { + path: string | *"/healthz" + port: int | *8080 + scheme: string | *"HTTP" + } + periodSeconds: int | *10 + } + resources: [string]: string + } + } - service: { - enabled: bool | *true - type: string | *"ClusterIP" // Options: ClusterIP, NodePort, LoadBalancer - port: int | *9090 // Default Prometheus service port - } - - retention: string | *"15d" // Data retention period (e.g., 15 days) - - persistentVolume: { - enabled: bool | *true // Enable persistent storage - size: string | *"10Gi" // Persistent Volume size - storageClass: string | *"" // Set the StorageClass, leave empty for default - accessModes: [string] | *["ReadWriteOnce"] - } - - resources: { - requests: { - cpu: string | *"500m" - memory: string | *"512Mi" - } - limits: { - cpu: string | *"1" - memory: string | *"1Gi" - } - } - - alertmanager: { - enabled: bool | *true // Enable Alertmanager - persistence: { - enabled: bool | *true - size: string | *"2Gi" // Size of the persistent volume for Alertmanager - } - } - - rbac: { - create: bool | *true // Enable RBAC roles and bindings - } - - global: { - scrape_interval: string | *"1m" // Frequency of scraping metrics - scrape_timeout: string | *"10s" // Timeout for a scrape request - evaluation_interval: string | *"1m" // Frequency of rule evaluations - } - - securityContext: { - runAsUser: int | *65534 - runAsNonRoot: bool | *true - fsGroup: int | *65534 // File system group for volume mounts - } - - ingress: { - enabled: bool | *false // Enable Ingress to expose Prometheus externally - annotations: [string]: string | *{} - hosts: [...string] | *[] - path: string | *"/" - tls: [...string] | *[] - } - - serviceAccounts: { - server: { - create: bool | *true - name: string | *"" // Leave empty to use default ServiceAccount - } - } + server: { + name: string | *"server" + image: { + repository: string | *"quay.io/prometheus/prometheus" + tag: string | *"" + digest: string | *"" + pullPolicy: string | *"IfNotPresent" + } + global: { + scrape_interval: string | *"1m" + scrape_timeout: string | *"10s" + evaluation_interval: string | *"1m" + } + resources: { + limits: { + cpu: string | *"500m" + memory: string | *"512Mi" + } + requests: { + cpu: string | *"500m" + memory: string | *"512Mi" + } + } + podSecurityContext: { + runAsUser: int | *65534 + runAsNonRoot: bool | *true + fsGroup: int | *65534 + } + service: { + enabled: bool | *true + type: string | *"ClusterIP" + servicePort: int | *80 + } + ingress: { + enabled: bool | *false + annotations: [string]: string + hosts: [string] + path: string | *"/" + tls: [...{ + secretName: string + hosts: [string] + }] + } + persistentVolume: { + enabled: bool | *true + size: string | *"8Gi" + storageClass: string | *"" + accessModes: [...string] | *["ReadWriteOnce"] + mountPath: string | *"/data" + } + alertmanager: { + enabled: bool | *true + persistence: { + enabled: bool | *true + size: string | *"2Gi" + } + } + kubeStateMetrics: enabled: bool | *true + nodeExporter: enabled: bool | *true + pushGateway: enabled: bool | *true + } } \ No newline at end of file From d3c6d3616d742598fb0e304cd93f4af114a84055 Mon Sep 17 00:00:00 2001 From: Omar-Ahmed-Dt Date: Mon, 7 Oct 2024 22:13:57 +0300 Subject: [PATCH 14/14] chore: latest img for prometheus --- k8s/services/prometheus/helm-25.26.cue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/services/prometheus/helm-25.26.cue b/k8s/services/prometheus/helm-25.26.cue index d2ac776..9ebe013 100644 --- a/k8s/services/prometheus/helm-25.26.cue +++ b/k8s/services/prometheus/helm-25.26.cue @@ -32,7 +32,7 @@ package prometheus name: string | *"configmap-reload" image: { repository: string | *"quay.io/prometheus-operator/prometheus-config-reloader" - tag: string | *"v0.76.0" + tag: string | *"latest" digest: string | *"" pullPolicy: string | *"IfNotPresent" }