From ffaf47903e18082b95c467b375411b5f31b33fe8 Mon Sep 17 00:00:00 2001 From: AndreiS Date: Tue, 10 Feb 2026 14:07:18 +0000 Subject: [PATCH] Update grafana --- grafana | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 190 insertions(+), 7 deletions(-) diff --git a/grafana b/grafana index dd1b824..5542377 100644 --- a/grafana +++ b/grafana @@ -1,15 +1,198 @@ -- name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-datasources + namespace: memelord-andrei +data: + datasources.yaml: | + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus-operated.monitoring.svc.cluster.local:9090 + isDefault: true + editable: true + + - name: Loki + type: loki + access: proxy + url: http://loki.monitoring.svc.cluster.local:3100 + editable: true +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: grafana + namespace: memelord-andrei + labels: + app: grafana +spec: + serviceName: grafana + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + containers: + - name: grafana + image: grafana/grafana:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + name: http + env: + - name: GF_DATABASE_TYPE + value: sqlite3 + - name: GF_DATABASE_PATH + value: /var/lib/grafana/grafana.db + + - name: GF_SERVER_ROOT_URL + value: https://grafana-andrei.ee-lte-1.codemowers.io + + - name: GF_AUTH_GENERIC_OAUTH_ENABLED + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_NAME + value: "Passmower" + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP + value: "true" - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - - name: GF_AUTH_GENERIC_OAUTH_SECRET + valueFrom: + secretKeyRef: + name: oidc-client-grafana-andrei-owner-secrets + key: OIDC_CLIENT_ID + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc-client-grafana-andrei-owner-secrets + key: OIDC_CLIENT_SECRET - name: GF_AUTH_GENERIC_OAUTH_SCOPES + value: "openid profile" - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL + value: "https://auth.ee-lte-1.codemowers.io/auth" - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL + value: "http://passmower.passmower.svc.cluster.local/token" - name: GF_AUTH_GENERIC_OAUTH_API_URL + value: "http://passmower.passmower.svc.cluster.local/me" + - name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL + value: "https://auth.ee-lte-1.codemowers.io/logout" + # Auto-assign admin role + - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH + value: "contains(groups[*], 'admin') && 'Admin' || 'Editor'" + # Disable anonymous access + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "false" -export GF_DEFAULT_INSTANCE_NAME=my-instance -export GF_SECURITY_ADMIN_USER=owner -export GF_AUTH_GOOGLE_CLIENT_SECRET=newS3cretKey -export GF_PLUGIN_GRAFANA_IMAGE_RENDERER_RENDERING_IGNORE_HTTPS_ERRORS=true -export GF_FEATURE_TOGGLES_ENABLE=newNavigation \ No newline at end of file + volumeMounts: + - name: grafana-storage + mountPath: /var/lib/grafana + - name: datasources + mountPath: /etc/grafana/provisioning/datasources + + readinessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 10 + + livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + + volumes: + - name: datasources + configMap: + name: grafana-datasources + + volumeClaimTemplates: + - metadata: + name: grafana-storage + spec: + accessModes: + - ReadWriteOnce + storageClassName: sqlite + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana + namespace: memelord-andrei + labels: + app: grafana +spec: + type: ClusterIP + selector: + app: grafana + ports: + - name: http + port: 80 + targetPort: 3000 +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: grafana-andrei + namespace: memelord-andrei +spec: + secretName: grafana-andrei-tls + dnsNames: + - grafana-andrei.ee-lte-1.codemowers.io + issuerRef: + name: letsencrypt + kind: ClusterIssuer +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana-andrei + namespace: memelord-andrei + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + rules: + - host: grafana-andrei.ee-lte-1.codemowers.io + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: grafana + port: + number: 80 + tls: + - secretName: grafana-andrei-tls +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCClient +metadata: + name: grafana-andrei + namespace: memelord-andrei +spec: + displayName: Grafana andrei + uri: https://grafana-andrei.ee-lte-1.codemowers.io/ + redirectUris: + - https://grafana-andrei.ee-lte-1.codemowers.io/login/generic_oauth + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + pkce: false \ No newline at end of file