--- apiVersion: v1 kind: ConfigMap metadata: name: grafana-datasources namespace: memelord-raiko data: datasources.yaml: | apiVersion: 1 datasources: - name: Prometheus type: prometheus access: proxy url: http://prometheus-operated.monitoring.svc.cluster.local:9090 isDefault: true editable: true - name: Loki type: loki access: proxy url: http://loki.monitoring.svc.cluster.local:3100 editable: true --- apiVersion: apps/v1 kind: StatefulSet metadata: name: grafana namespace: memelord-raiko labels: app: grafana spec: serviceName: grafana replicas: 1 selector: matchLabels: app: grafana template: metadata: labels: app: grafana spec: containers: - name: grafana image: grafana/grafana:latest imagePullPolicy: IfNotPresent ports: - containerPort: 3000 name: http env: - name: GF_DATABASE_TYPE value: sqlite3 - name: GF_DATABASE_PATH value: /var/lib/grafana/grafana.db - name: GF_SERVER_ROOT_URL value: https://grafana-raiko.ee-lte-1.codemowers.io - name: GF_AUTH_GENERIC_OAUTH_ENABLED value: "true" - name: GF_AUTH_GENERIC_OAUTH_NAME value: "Passmower" - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP value: "true" - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: oidc-client-grafana-raiko-owner-secrets key: OIDC_CLIENT_ID - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-client-grafana-raiko-owner-secrets key: OIDC_CLIENT_SECRET - name: GF_AUTH_GENERIC_OAUTH_SCOPES value: "openid profile groups" - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL value: "https://auth.ee-lte-1.codemowers.io/auth" - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL value: "http://passmower.passmower.svc.cluster.local/token" - name: GF_AUTH_GENERIC_OAUTH_API_URL value: "http://passmower.passmower.svc.cluster.local/me" # - name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL # value: "https://auth.ee-lte-1.codemowers.io//openid/session/end" - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH value: "contains(groups[*], 'github.com:codemowers:admins') && 'Admin' || Viewer" - name: GF_AUTH_ANONYMOUS_ENABLED value: "false" volumeMounts: - name: grafana-storage mountPath: /var/lib/grafana - name: datasources mountPath: /etc/grafana/provisioning/datasources volumes: - name: datasources configMap: name: grafana-datasources volumeClaimTemplates: - metadata: name: grafana-storage spec: accessModes: - ReadWriteOnce storageClassName: sqlite resources: requests: storage: 5Gi --- apiVersion: v1 kind: Service metadata: name: grafana namespace: memelord-raiko labels: app: grafana spec: type: ClusterIP selector: app: grafana ports: - name: http port: 80 targetPort: 3000 --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: grafana-raiko namespace: memelord-raiko spec: secretName: grafana-raiko-tls dnsNames: - grafana-raiko.ee-lte-1.codemowers.io issuerRef: name: letsencrypt kind: ClusterIssuer --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana-raiko namespace: memelord-raiko annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: - host: grafana-raiko.ee-lte-1.codemowers.io http: paths: - pathType: Prefix path: "/" backend: service: name: grafana port: number: 80 tls: - secretName: grafana-raiko-tls --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCClient metadata: name: grafana-raiko namespace: memelord-raiko spec: displayName: Grafana Raiko uri: https://grafana-raiko.ee-lte-1.codemowers.io/ redirectUris: - https://grafana-raiko.ee-lte-1.codemowers.io/login/generic_oauth grantTypes: - authorization_code - refresh_token responseTypes: - code availableScopes: - openid - profile - groups allowedGroups: - github.com:codemowers:admins pkce: false