Skip to content

Commit

Permalink
Updated grafana-cr to use grafanav5 operator (#79)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shane-snyder
shane-snyder authored May 14, 2024
1 parent d38a2cb commit 98dc4b5
Show file tree
Hide file tree
Showing 5 changed files with 109 additions and 85 deletions.
2 changes: 1 addition & 1 deletion charts/grafana-cr/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: grafana-cr
description: A Helm chart for Deploying Grafana instances using the Grafana Operator
type: application
version: 0.4.0
version: 0.5.0
home: https://github.com/rh-mobb/helm-charts
maintainers:
- name: paulczar
7 changes: 7 additions & 0 deletions charts/grafana-cr/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "grafana-cr.fullname" . }}-certs
labels:
config.openshift.io/inject-trusted-cabundle: "true"
name: {{ include "grafana-cr.fullname" . }}-certs
7 changes: 4 additions & 3 deletions charts/grafana-cr/templates/dashboards.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
{{ range .Values.dashboards }}
---
apiVersion: integreatly.org/v1alpha1
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: {{ .name }}
labels:
app: grafana
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
json: {{ .json }}
{{ end }}

176 changes: 96 additions & 80 deletions charts/grafana-cr/templates/grafana.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,103 +1,119 @@
---
apiVersion: integreatly.org/v1alpha1
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
name: {{ include "grafana-cr.fullname" . }}
labels:
dashboards: "grafana"
{{- include "grafana-cr.labels" . | nindent 4 }}
spec:
route:
spec:
port:
targetPort: https
tls:
termination: reencrypt
to:
kind: Service
name: {{ include "grafana-cr.fullname" . }}-service
weight: 100
wildcardPolicy: None
deployment:
skipCreateAdminAccount: True
envFrom:
- secretRef:
name: {{ include "grafana-cr.fullname" . }}-creds
spec:
template:
spec:
volumes:
- name: {{ include "grafana-cr.fullname" . }}-tls
secret:
secretName: {{ include "grafana-cr.fullname" . }}-tls
- name: {{ include "grafana-cr.fullname" . }}-proxy
secret:
secretName: {{ include "grafana-cr.fullname" . }}-proxy
- name: {{ include "grafana-cr.fullname" . }}-certs
configMap:
name: {{ include "grafana-cr.fullname" . }}-certs
containers:
- image: 'quay.io/openshift/origin-oauth-proxy:4.12'
name: grafana-proxy
args:
- -provider=openshift
- -https-address=:9091
- -http-address=
- -email-domain=*
- -upstream=http://localhost:3000
- '-openshift-sar={"resource": "namespaces", "verb": "get"}'
- '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}'
- -tls-cert=/etc/tls/private/tls.crt
- -tls-key=/etc/tls/private/tls.key
- -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- -openshift-service-account={{ include "grafana-cr.fullname" . }}-sa
- -openshift-ca=/etc/pki/tls/cert.pem
- -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- -openshift-ca=/etc/proxy/certs/ca-bundle.crt
- -cookie-secret-file=/etc/proxy/secrets/session_secret
- -cookie-expire=24h
- -scope=user:info user:check-access user:list-projects
- -pass-access-token=true
- -pass-basic-auth=false
- -skip-provider-button=true
- -skip-auth-regex=^/metrics
envFrom:
- secretRef:
name: {{ include "grafana-cr.fullname" . }}-creds
ports:
- containerPort: 9091
name: https
resources: {}
volumeMounts:
- mountPath: /etc/tls/private
name: {{ include "grafana-cr.fullname" . }}-tls
readOnly: false
- mountPath: /etc/proxy/secrets
name: {{ include "grafana-cr.fullname" . }}-proxy
readOnly: false
- mountPath: /etc/proxy/certs
name: {{ include "grafana-cr.fullname" . }}-certs
readOnly: false
config:
analytics:
check_for_updates: false
reporting_enabled: false
auth.anonymous:
enabled: "True"
auth:
disable_login_form: true
disable_signout_menu: true
sigv4_auth_enabled: true
disable_login_form: "False"
disable_signout_menu: "True"
auth.basic:
enabled: false
enabled: "True"
auth.proxy:
auto_sign_up: true
enabled: true
header_name: X-Forwarded-User
auto_sign_up: "True"
enabled: "True"
enable_login_token: "True"
header_property: "username"
header_name: "X-Forwarded-User"
log:
level: {{ .Values.logLevel }}
mode: console
security:
admin_user: system:does-not-exist
cookie_secure: true
users:
auto_assign_org: true
auto_assign_org: "True"
auto_assign_org_role: {{ .Values.oauthProxy.orgRoleAssigned }}
default_theme: light
editors_can_admin: true
viewers_can_edit: true
containers:
- image: 'quay.io/openshift/origin-oauth-proxy:4.12'
name: grafana-proxy
args:
- -provider=openshift
- -https-address=:9091
- -http-address=
- -email-domain=*
- -upstream=http://localhost:3000
- '-openshift-sar={"resource": "namespaces", "verb": "get"}'
- '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}'
- -tls-cert=/etc/tls/private/tls.crt
- -tls-key=/etc/tls/private/tls.key
- -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- -openshift-service-account=grafana-serviceaccount
- -openshift-ca=/etc/pki/tls/cert.pem
- -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- -cookie-secret-file=/etc/proxy/secrets/session_secret
- -cookie-expire=24h
- -scope=user:info user:check-access user:list-projects
- -pass-access-token=true
- -pass-basic-auth=false
- -display-htpasswd-form=false
- -htpasswd-file=/etc/proxy/htpasswd/auth
- -skip-provider-button=true
ports:
- containerPort: 9091
name: grafana-proxy
resources: {}
volumeMounts:
- mountPath: /etc/tls/private
name: secret-{{ include "grafana-cr.fullname" . }}-tls
readOnly: false
- mountPath: /etc/proxy/secrets
name: secret-{{ include "grafana-cr.fullname" . }}-proxy
readOnly: false
- mountPath: /etc/proxy/htpasswd
name: secret-{{ include "grafana-cr.fullname" . }}-htpasswd
readOnly: true
default_theme: dark
editors_can_admin: "True"
viewers_can_edit: "True"
secrets:
- {{ include "grafana-cr.fullname" . }}-tls
- {{ include "grafana-cr.fullname" . }}-proxy
- {{ include "grafana-cr.fullname" . }}-htpasswd
service:
ports:
- name: grafana-proxy
port: 9091
protocol: TCP
targetPort: grafana-proxy
annotations:
service.alpha.openshift.io/serving-cert-secret-name: {{ include "grafana-cr.fullname" . }}-tls
ingress:
enabled: True
targetPort: grafana-proxy
termination: reencrypt
metadata:
annotations:
service.beta.openshift.io/serving-cert-secret-name: {{ include "grafana-cr.fullname" . }}-tls
spec:
ports:
- name: https
port: 9091
protocol: TCP
targetPort: https
client:
preferIngress: false
serviceAccount:
annotations:
serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"grafana-route"}}'
{{- with .Values.serviceAccountAnnotations }}
{{- toYaml . | nindent 6 }}
{{- end }}
dashboardLabelSelector:
- matchExpressions:
- { key: "app", operator: In, values: ['grafana'] }
metadata:
annotations:
serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"{{ include "grafana-cr.fullname" . }}-route"}}'
2 changes: 1 addition & 1 deletion charts/grafana-cr/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,5 @@ roleRef:
name: {{ include "grafana-cr.fullname" . }}
subjects:
- kind: ServiceAccount
name: grafana-serviceaccount
name: {{ include "grafana-cr.fullname" . }}-sa
namespace: {{ .Release.Namespace }}

0 comments on commit 98dc4b5

Please sign in to comment.