apiVersion: apps/v1 kind: Deployment metadata: labels: app: grafana name: grafana namespace: grafana-ns spec: selector: matchLabels: app: grafana template: metadata: labels: app: grafana spec: strategy: type: Recreate securityContext: fsGroup: 472 supplementalGroups: - 0 containers: - name: grafana image: grafana/grafana:latest imagePullPolicy: IfNotPresent env: - name: GF_AUTH_GENERIC_OAUTH_ENABLED value: "true" - name: GF_AUTH_GENERIC_OAUTH_NAME value: "Authentik" - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP value: "true" - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: grafana-oauth key: OAUTH_CLIENT_ID - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: grafana-oauth key: OAUTH_CLIENT_SECRET - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL value: "https://auth.clortox.com/application/o/authorize/" - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL value: "https://auth.clortox.com/application/o/token/" - name: GF_AUTH_GENERIC_OAUTH_SCOPES value: "user:email" - name: GF_AUTH_GENERIC_OAUTH_API_URL value: "https://auth.clortox.com/application/o/userinfo/" - name: GF_SERVER_ROOT_URL value: "https://grafana.clortox.com/" ports: - containerPort: 3000 name: http-grafana protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /robots.txt port: 3000 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 2 livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 3000 timeoutSeconds: 1 resources: requests: cpu: 250m memory: 750Mi volumeMounts: - mountPath: /var/lib/grafana name: grafana-pv volumes: - name: grafana-pv persistentVolumeClaim: claimName: grafana-pvc