image: repository: grafana/grafana pullPolicy: IfNotPresent tag: 11.2.0@sha256:408afb9726de5122b00a2576763a8a57a3c86d5b0eff5305bc994ceb3eb96c3f sidecarImage: repository: quay.io/kiwigrid/k8s-sidecar tag: 1.27.6@sha256:db85bd5532530d288736b35e63baceacbf570bf863d85a0404b33c1e1631f63b securityContext: container: readOnlyRootFilesystem: false service: main: ports: main: protocol: http targetPort: 3000 port: 3000 workload: main: replicas: 1 strategy: RollingUpdate podSpec: containers: main: env: GF_SECURITY_ADMIN_USER: "admin" GF_SECURITY_ADMIN_PASSWORD: "testpassword" GF_INSTALL_PLUGINS: "" GF_AUTH_LDAP_ENABLED: "false" GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" GF_SERVER_HTTP_PORT: 3000 GF_DATABASE_TYPE: postgres GF_DATABASE_NAME: "{{ .Values.cnpg.main.user }}" GF_DATABASE_USER: "{{ .Values.cnpg.main.database }}" GF_DATABASE_SSL_MODE: disable GF_DATABASE_HOST: secretKeyRef: name: cnpg-main-urls key: host GF_DATABASE_PASSWORD: secretKeyRef: name: cnpg-main-user key: password probes: liveness: path: "/api/health" readiness: path: "/api/health" startup: path: "/api/health" dashboards: enabled: true imageSelector: sidecarImage env: IGNORE_ALREADY_PROCESSED: false METHOD: WATCH LABEL: grafana_dashboard LABEL_VALUE: "1" LOG_LEVEL: info FOLDER: /tmp/dashboards RESOURCE: both NAMESPACE: "ALL" UNIQUE_FILENAMES: false # NAMESPACE: null # FOLDER_ANNOTATION: null # script: null # WATCH_SERVER_TIMEOUT: 3600 # WATCH_CLIENT_TIMEOUT: 3600 SKIP_TLS_VERIFY: false REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" REQ_URL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" REQ_METHOD: POST probes: liveness: enabled: false readiness: enabled: false startup: enabled: false datasources: enabled: true imageSelector: sidecarImage env: IGNORE_ALREADY_PROCESSED: false METHOD: WATCH LABEL: grafana_datasources LABEL_VALUE: "1" LOG_LEVEL: info FOLDER: /etc/grafana/provisioning/datasources RESOURCE: both NAMESPACE: "ALL" UNIQUE_FILENAMES: false # NAMESPACE: null # FOLDER_ANNOTATION: null # script: null # WATCH_SERVER_TIMEOUT: 3600 # WATCH_CLIENT_TIMEOUT: 3600 SKIP_TLS_VERIFY: false REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" REQ_URL: "http://localhost:3000/api/admin/provisioning/datasources/reload" REQ_METHOD: POST probes: liveness: enabled: false readiness: enabled: false startup: enabled: false alerts: enabled: true imageSelector: sidecarImage env: IGNORE_ALREADY_PROCESSED: false METHOD: WATCH LABEL: grafana_alerts LABEL_VALUE: "1" LOG_LEVEL: info FOLDER: /etc/grafana/provisioning/alerts RESOURCE: both NAMESPACE: "ALL" UNIQUE_FILENAMES: false # NAMESPACE: null # FOLDER_ANNOTATION: null # script: null # WATCH_SERVER_TIMEOUT: 3600 # WATCH_CLIENT_TIMEOUT: 3600 SKIP_TLS_VERIFY: false REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" REQ_URL: "http://localhost:3000/api/admin/provisioning/alerts/reload" REQ_METHOD: POST probes: liveness: enabled: false readiness: enabled: false startup: enabled: false plugins: enabled: true imageSelector: sidecarImage env: IGNORE_ALREADY_PROCESSED: false METHOD: WATCH LABEL: grafana_plugins LABEL_VALUE: "1" LOG_LEVEL: info FOLDER: /etc/grafana/provisioning/plugins RESOURCE: both NAMESPACE: "ALL" UNIQUE_FILENAMES: false # NAMESPACE: null # FOLDER_ANNOTATION: null # script: null # WATCH_SERVER_TIMEOUT: 3600 # WATCH_CLIENT_TIMEOUT: 3600 SKIP_TLS_VERIFY: false REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" REQ_URL: "http://localhost:3000/api/admin/provisioning/plugins/reload" REQ_METHOD: POST probes: liveness: enabled: false readiness: enabled: false startup: enabled: false notifiers: enabled: true imageSelector: sidecarImage env: IGNORE_ALREADY_PROCESSED: false METHOD: WATCH LABEL: grafana_notifiers LABEL_VALUE: "1" LOG_LEVEL: info FOLDER: /etc/grafana/provisioning/notifiers RESOURCE: both NAMESPACE: "ALL" UNIQUE_FILENAMES: false # NAMESPACE: null # FOLDER_ANNOTATION: null # script: null # WATCH_SERVER_TIMEOUT: 3600 # WATCH_CLIENT_TIMEOUT: 3600 SKIP_TLS_VERIFY: false REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" REQ_URL: "http://localhost:3000/api/admin/provisioning/notifiers/reload" REQ_METHOD: POST probes: liveness: enabled: false readiness: enabled: false startup: enabled: false configmap: dashboard-provider: enabled: true data: provider.yaml: |- apiVersion: 1 providers: - name: sidecarProvider orgId: 1 folder: '' type: file disableDeletion: false allowUiUpdates: false updateIntervalSeconds: 30 options: foldersFromFilesStructure: true path: /tmp/dashboards config: enabled: true data: grafana.ini: |- paths: data: /var/lib/grafana/ logs: /var/log/grafana plugins: /var/lib/grafana/plugins provisioning: /etc/grafana/provisioning analytics: check_for_updates: true log: mode: console grafana_net: url: https://grafana.net server: domain: "{{ if (and .Values.ingress.main.enabled .Values.ingress.main.hosts) }}{{ .Values.ingress.main.hosts | first }}{{ else }}''{{ end }}" ldap.toml: |- # nope persistence: config: enabled: true type: configmap objectName: config mountPath: /etc/grafana/grafana.ini subPath: grafana.ini ldap: enabled: true type: configmap objectName: config mountPath: /etc/grafana/ldap.toml subPath: ldap.toml data: enabled: true mountPath: "/var/lib/grafana" grafana-tmp: enabled: true type: emptyDir mountPath: /app/tmp targetSelectAll: true sc-dashboard-volume: enabled: true type: emptyDir mountPath: /tmp/dashboards targetSelectAll: true sc-dashboard-config: enabled: true type: configmap objectName: dashboard-provider mountPath: /etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml subPath: provider.yaml sc-datasource-volume: enabled: true type: emptyDir mountPath: /etc/grafana/provisioning/datasources targetSelectAll: true sc-alerts-volume: enabled: true type: emptyDir mountPath: /etc/grafana/provisioning/alerts targetSelectAll: true sc-plugins-volume: enabled: true type: emptyDir mountPath: /etc/grafana/provisioning/plugins targetSelectAll: true sc-notifiers-volume: enabled: true type: emptyDir mountPath: /etc/grafana/provisioning/notifiers targetSelectAll: true metrics: main: # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. # @default -- See values.yaml enabled: true type: "servicemonitor" endpoints: - port: main path: /metrics # -- Enable and configure Prometheus Rules for the chart under this key. # @default -- See values.yaml prometheusRule: enabled: false labels: {} # -- Configure additionial rules for the chart under this key. # @default -- See prometheusrules.yaml rules: [] # - alert: UnifiPollerAbsent # annotations: # description: Unifi Poller has disappeared from Prometheus service discovery. # summary: Unifi Poller is down. # expr: | # absent(up{job=~".*unifi-poller.*"} == 1) # for: 5m # labels: # severity: critical portal: open: enabled: true # -- Whether Role Based Access Control objects like roles and rolebindings should be created rbac: main: enabled: true primary: true clusterWide: true rules: - apiGroups: [""] resources: ["configmaps", "secrets"] verbs: ["get", "watch", "list"] serviceAccount: main: enabled: true primary: true podOptions: automountServiceAccountToken: true cnpg: main: enabled: true user: grafana database: grafana