From e00058258cdd71b97b1b2c7711648fc881f33a0d Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Sat, 4 May 2024 22:30:56 -0400 Subject: [PATCH] Add grafana --- grafana/grafana-deployment.yaml | 86 +++++++++++++++++++++++++++++++++ grafana/grafana-pvc.yaml | 12 +++++ grafana/grafana-service.yaml | 13 +++++ grafana/sealed-secret.yaml | 15 ++++++ 4 files changed, 126 insertions(+) create mode 100644 grafana/grafana-deployment.yaml create mode 100644 grafana/grafana-pvc.yaml create mode 100644 grafana/grafana-service.yaml create mode 100644 grafana/sealed-secret.yaml diff --git a/grafana/grafana-deployment.yaml b/grafana/grafana-deployment.yaml new file mode 100644 index 0000000..7ee5af6 --- /dev/null +++ b/grafana/grafana-deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: grafana + name: grafana + namespace: grafana-ns +spec: + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + strategy: + type: Recreate + securityContext: + fsGroup: 472 + supplementalGroups: + - 0 + containers: + - name: grafana + image: grafana/grafana:latest + imagePullPolicy: IfNotPresent + env: + - name: GF_AUTH_GENERIC_OAUTH_ENABLED + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_NAME + value: "Authentik" + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: grafana-oauth + key: OAUTH_CLIENT_ID + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: grafana-oauth + key: OAUTH_CLIENT_SECRET + - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL + value: "https://auth.clortox.com/application/o/authorize/" + - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL + value: "https://auth.clortox.com/application/o/token/" + - name: GF_AUTH_GENERIC_OAUTH_SCOPES + value: "user:email" + - name: GF_AUTH_GENERIC_OAUTH_API_URL + value: "https://auth.clortox.com/application/o/userinfo/" + - name: GF_SERVER_ROOT_URL + value: "https://grafana.clortox.com/" + ports: + - containerPort: 3000 + name: http-grafana + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /robots.txt + port: 3000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 2 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3000 + timeoutSeconds: 1 + resources: + requests: + cpu: 250m + memory: 750Mi + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-pv + volumes: + - name: grafana-pv + persistentVolumeClaim: + claimName: grafana-pvc diff --git a/grafana/grafana-pvc.yaml b/grafana/grafana-pvc.yaml new file mode 100644 index 0000000..196027f --- /dev/null +++ b/grafana/grafana-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: grafana-pvc + namespace: grafana-ns +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/grafana/grafana-service.yaml b/grafana/grafana-service.yaml new file mode 100644 index 0000000..2ef0c11 --- /dev/null +++ b/grafana/grafana-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: grafana + namespace: grafana-ns +spec: + ports: + - port: 80 + protocol: TCP + targetPort: http-grafana + selector: + app: grafana + type: LoadBalancer diff --git a/grafana/sealed-secret.yaml b/grafana/sealed-secret.yaml new file mode 100644 index 0000000..420f65b --- /dev/null +++ b/grafana/sealed-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: grafana-oauth + namespace: grafana-ns +spec: + encryptedData: + OAUTH_CLIENT_ID: AgC4zLWPZrbLn1o6Ehec1O6T6SlxT8OayWxwrsbGZFVBiZj2RBRNx0Rm76+MfuzUX5bgfbk8YQyy+Wi+eR/NzXmqMV+KWy/eZmkM0olGtvPefwH08WoNS5mvHu7C1RRW6CVubJTHmbyhFxiDcHVS7h2XM3STfJ7XjMZZNzYYmNh+EscDVG8IRB4JyvEcRqkIn5nfjDKk2D8Po5BEznh9XzkPAqIfBbNgi1Y/ofk3bGjJr0b12xH1diNe0RCSaz+tBBzs9viKbiOpCSYE+plmBixjBYQXHkErXWbJijWkbzik2T92epf/270jL4wYR+bw7W14VOgxy2x2w0N+rOVzm7BNwFjgbLGr3HReC2ToSx3Kw0UI56n1zb0BS/MaK4OsJa7KGReLdwkRSofqUgX9HnUfDhnJ/2aryc1+C16Vh70l6ZCZHNZr0sdvuFT47YTQ+p8hJAp8Z9addy+WmgGG2HjSBZtFEHlkEcXqpooy5TSkhq5BO8gCHKDOEGbD+i3uuTo9Y2AZK3bPqCYICsKrp51+jhV6zOeQtDpkjO3jKdvh+xZvfoHmydehTITGjRt+/ER3gijm4TcGapa4o2MN/LUZdueGQwLJr+vNwkL7PLGKJgF4azqmCiRc8E4/Em67GMnt9AHv68J0f2Q5g6v29mYnF2kn+mEARN+KVXlZcLIZkXk3Y5UACPIAW2ph9hcFqK8/OFcnH6gXGiUlLWIXWmvk9+yinrptlZ54YyXBWFI497gnHUzunJRi + OAUTH_CLIENT_SECRET: AgBnJPWxgtbgi9Zw34F/pE3Zc0pJaqUb9UG9yc2UIaV3e+g3RFctJdqRWPv0z6Z5diWYYv9ILJuQoVWHTzqglFIf5thAWqCGxs50ntmSrPpz2WzlQ+WyPehXhiTi/3+SwezFbdzuCovR2hKd8gUs4uZkbcIV7NgReI61rnvykfHKCBBSq5szuKTJVaRkDxPlxWjMAx7EBa8k3+68SkHyUBioC1cIA9vzJoLmo+Ab3g2d3Iq3NfZU2gTOfgNB0tP8L/dvr061EuNApkaIhz9YDYK2iB8wb7hHO1FgmmEobyvQXw7DNGvNmCZyCMn9RvxcPpXRfT0Sxz3H5WnKdI6oi6JskPxZsa5cQIlOmKHm2Cd4HN3mepD95PL2Pwb3al/kAqefVRlHXouEIQxoPXWA4Po09dS2D09IljtVOEDzDwk8DYi3b6hC54AnEQT0/aCUcxV55HOuKRCzCywodb2X4/S0HJT+2GfA/nefR4tuMZ+6z+uSbO+6KJNMPSUtgvAGiS5zZ3TlskG9OTeuz2+A3MU/BPP3QS3kSIPX+GaPzNFtm7HIaHDASyJmy5Un+c4PbNfX3ZLxULPDjaPkUWNtBkCBKOArcT7QnHtIS2ygjt6bFrfKKPxFFMMlIgOoRMWf5m991AUe3ZSkxMsXbYbghJMtg0OqXl0Gbm5QNqT9sCtb5F9N3Wm9MGJXmFPNoMMo7sqvuhItTeCzjHWDdjg+HYl/1ByLa9qvWtu+QYzPXlz/WRf+LhiLRtffAmG4MLJFaZiNsHSlyXV91zP1HnT/ZS5r5OlJcxpbQwUNW6fJ34gVnp2w9P6IJwrhsaODnHZDdUM1dEk9sdyxbAKKxGSvMXYwKavg/XVpOzae0BlUX2DzcA== + template: + metadata: + creationTimestamp: null + name: grafana-oauth + namespace: grafana-ns