--- apiVersion: apps/v1 kind: StatefulSet metadata: name: grafana labels: app: grafana spec: serviceName: grafana replicas: 1 selector: matchLabels: app: grafana template: metadata: labels: app: grafana spec: containers: - name: grafana image: grafana/grafana:latest imagePullPolicy: IfNotPresent ports: - containerPort: 3000 name: http env: - name: GF_DATABASE_TYPE value: sqlite3 - name: GF_DATABASE_PATH value: /var/lib/grafana/grafana.db - name: GF_SERVER_DOMAIN value: grafana.ee-lte-1.codemowers.io - name: GF_SERVER_ROOT_URL value: "https://%(domain)s/" - name: GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP value: "true" - name: GF_AUTH_BASIC_ENABLED value: "false" - name: GF_AUTH_GENERIC_OAUTH_ENABLED value: "true" - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP value: "true" - name: GF_AUTH_GENERIC_OAUTH_USE_PKCE value: "true" - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH value: "contains(groups[*], 'github.com:codemowers:admins') && 'Admin' || Viewer" - name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN value: "true" - name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION value: "true" volumeMounts: - name: grafana-storage mountPath: /var/lib/grafana readinessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /api/health port: 3000 initialDelaySeconds: 30 periodSeconds: 10 volumeClaimTemplates: - metadata: name: grafana-storage spec: accessModes: - ReadWriteOnce storageClassName: sqlite resources: requests: storage: 5Gi --- apiVersion: v1 kind: Service metadata: name: grafana labels: app: grafana spec: type: ClusterIP selector: app: grafana ports: - name: http port: 3000 targetPort: 3000