This commit is contained in:
parent
ca9804a4db
commit
4ba6c3a636
86
grafana/grafana-deployment.yaml
Normal file
86
grafana/grafana-deployment.yaml
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: grafana
|
||||||
|
name: grafana
|
||||||
|
namespace: grafana-ns
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: grafana
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: grafana
|
||||||
|
spec:
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 472
|
||||||
|
supplementalGroups:
|
||||||
|
- 0
|
||||||
|
containers:
|
||||||
|
- name: grafana
|
||||||
|
image: grafana/grafana:latest
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
env:
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
|
||||||
|
value: "true"
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_NAME
|
||||||
|
value: "Authentik"
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP
|
||||||
|
value: "true"
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: grafana-oauth
|
||||||
|
key: OAUTH_CLIENT_ID
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: grafana-oauth
|
||||||
|
key: OAUTH_CLIENT_SECRET
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
|
||||||
|
value: "https://auth.clortox.com/application/o/authorize/"
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
|
||||||
|
value: "https://auth.clortox.com/application/o/token/"
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
|
||||||
|
value: "user:email"
|
||||||
|
- name: GF_AUTH_GENERIC_OAUTH_API_URL
|
||||||
|
value: "https://auth.clortox.com/application/o/userinfo/"
|
||||||
|
- name: GF_SERVER_ROOT_URL
|
||||||
|
value: "https://grafana.clortox.com/"
|
||||||
|
ports:
|
||||||
|
- containerPort: 3000
|
||||||
|
name: http-grafana
|
||||||
|
protocol: TCP
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /robots.txt
|
||||||
|
port: 3000
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 30
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 2
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: 3000
|
||||||
|
timeoutSeconds: 1
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 250m
|
||||||
|
memory: 750Mi
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/lib/grafana
|
||||||
|
name: grafana-pv
|
||||||
|
volumes:
|
||||||
|
- name: grafana-pv
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: grafana-pvc
|
12
grafana/grafana-pvc.yaml
Normal file
12
grafana/grafana-pvc.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: grafana-pvc
|
||||||
|
namespace: grafana-ns
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: longhorn
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Gi
|
13
grafana/grafana-service.yaml
Normal file
13
grafana/grafana-service.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
namespace: grafana-ns
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: http-grafana
|
||||||
|
selector:
|
||||||
|
app: grafana
|
||||||
|
type: LoadBalancer
|
16
grafana/sealed-secret.yaml
Normal file
16
grafana/sealed-secret.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: grafana-oauth
|
||||||
|
namespace: grafana-ns
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
OAUTH_CLIENT_ID: AgC4zLWPZrbLn1o6Ehec1O6T6SlxT8OayWxwrsbGZFVBiZj2RBRNx0Rm76+MfuzUX5bgfbk8YQyy+Wi+eR/NzXmqMV+KWy/eZmkM0olGtvPefwH08WoNS5mvHu7C1RRW6CVubJTHmbyhFxiDcHVS7h2XM3STfJ7XjMZZNzYYmNh+EscDVG8IRB4JyvEcRqkIn5nfjDKk2D8Po5BEznh9XzkPAqIfBbNgi1Y/ofk3bGjJr0b12xH1diNe0RCSaz+tBBzs9viKbiOpCSYE+plmBixjBYQXHkErXWbJijWkbzik2T92epf/270jL4wYR+bw7W14VOgxy2x2w0N+rOVzm7BNwFjgbLGr3HReC2ToSx3Kw0UI56n1zb0BS/MaK4OsJa7KGReLdwkRSofqUgX9HnUfDhnJ/2aryc1+C16Vh70l6ZCZHNZr0sdvuFT47YTQ+p8hJAp8Z9addy+WmgGG2HjSBZtFEHlkEcXqpooy5TSkhq5BO8gCHKDOEGbD+i3uuTo9Y2AZK3bPqCYICsKrp51+jhV6zOeQtDpkjO3jKdvh+xZvfoHmydehTITGjRt+/ER3gijm4TcGapa4o2MN/LUZdueGQwLJr+vNwkL7PLGKJgF4azqmCiRc8E4/Em67GMnt9AHv68J0f2Q5g6v29mYnF2kn+mEARN+KVXlZcLIZkXk3Y5UACPIAW2ph9hcFqK8/OFcnH6gXGiUlLWIXWmvk9+yinrptlZ54YyXBWFI497gnHUzunJRi
|
||||||
|
OAUTH_CLIENT_SECRET: AgBnJPWxgtbgi9Zw34F/pE3Zc0pJaqUb9UG9yc2UIaV3e+g3RFctJdqRWPv0z6Z5diWYYv9ILJuQoVWHTzqglFIf5thAWqCGxs50ntmSrPpz2WzlQ+WyPehXhiTi/3+SwezFbdzuCovR2hKd8gUs4uZkbcIV7NgReI61rnvykfHKCBBSq5szuKTJVaRkDxPlxWjMAx7EBa8k3+68SkHyUBioC1cIA9vzJoLmo+Ab3g2d3Iq3NfZU2gTOfgNB0tP8L/dvr061EuNApkaIhz9YDYK2iB8wb7hHO1FgmmEobyvQXw7DNGvNmCZyCMn9RvxcPpXRfT0Sxz3H5WnKdI6oi6JskPxZsa5cQIlOmKHm2Cd4HN3mepD95PL2Pwb3al/kAqefVRlHXouEIQxoPXWA4Po09dS2D09IljtVOEDzDwk8DYi3b6hC54AnEQT0/aCUcxV55HOuKRCzCywodb2X4/S0HJT+2GfA/nefR4tuMZ+6z+uSbO+6KJNMPSUtgvAGiS5zZ3TlskG9OTeuz2+A3MU/BPP3QS3kSIPX+GaPzNFtm7HIaHDASyJmy5Un+c4PbNfX3ZLxULPDjaPkUWNtBkCBKOArcT7QnHtIS2ygjt6bFrfKKPxFFMMlIgOoRMWf5m991AUe3ZSkxMsXbYbghJMtg0OqXl0Gbm5QNqT9sCtb5F9N3Wm9MGJXmFPNoMMo7sqvuhItTeCzjHWDdjg+HYl/1ByLa9qvWtu+QYzPXlz/WRf+LhiLRtffAmG4MLJFaZiNsHSlyXV91zP1HnT/ZS5r5OlJcxpbQwUNW6fJ34gVnp2w9P6IJwrhsaODnHZDdUM1dEk9sdyxbAKKxGSvMXYwKavg/XVpOzae0BlUX2DzcA==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: grafana-oauth
|
||||||
|
namespace: grafana-ns
|
||||||
|
---
|
Loading…
Reference in New Issue
Block a user