tobru
/
gitops-tbrnt
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity

update helm chart for grafana
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Tobias Brunner 2021-12-13 20:54:10 +01:00
parent 3c9a893569
commit 30a2a654b7
2 changed files with 71 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
graphs/Makefile
View File

@ -1,5 +1,5 @@
build:
helm template graphs --namespace=graphs stable/grafana \
helm template graphs --namespace=graphs grafana/grafana \
-f grafana-config.yaml \
> grafana.yaml
.PHONY: build

128
graphs/grafana.yaml
View File

@ -4,15 +4,14 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
@ -20,23 +19,13 @@ spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
# Default set from Docker, without DAC_OVERRIDE or CHOWN
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_RAW
- SYS_CHROOT
- MKNOD
- AUDIT_WRITE
- SETFCAP
# Default set from Docker, with DAC_OVERRIDE and CHOWN
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'csi'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
@ -48,9 +37,17 @@ spec:
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'RunAsAny'
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
---
# Source: grafana/templates/tests/test-podsecuritypolicy.yaml
@ -58,12 +55,11 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: graphs-grafana-test
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
spec:
allowPrivilegeEscalation: true
@ -84,6 +80,7 @@ spec:
- downwardAPI
- emptyDir
- projected
- csi
- secret
---
# Source: grafana/templates/serviceaccount.yaml
@ -91,10 +88,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
name: graphs-grafana
namespace: graphs
@ -104,10 +101,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
name: graphs-grafana-test
namespace: graphs
@ -119,10 +116,10 @@ metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
data:
grafana.ini: |
@ -133,7 +130,7 @@ data:
[log]
mode = console
[paths]
data = /var/lib/grafana/data
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
@ -145,10 +142,10 @@ metadata:
name: graphs-grafana-test
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
data:
run.sh: |-
@ -166,10 +163,10 @@ metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
finalizers:
- kubernetes.io/pvc-protection
@ -182,16 +179,16 @@ spec:
storageClassName: local-path
---
# Source: grafana/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: ['extensions']
@ -206,10 +203,10 @@ metadata:
name: graphs-grafana-test
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: ['policy']
@ -218,16 +215,16 @@ rules:
resourceNames: [graphs-grafana-test]
---
# Source: grafana/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -245,10 +242,10 @@ metadata:
name: graphs-grafana-test
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
@ -266,10 +263,10 @@ metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
@ -290,13 +287,14 @@ metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: grafana
@ -309,21 +307,23 @@ spec:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
annotations:
checksum/config: f34039c0df1008eed25ca27450db228f70591224ed3ceb5530368abccd411749
checksum/config: 2c2d529c87c67a9488b40aa5f8b576425105e4d67ca24b4820a7869a9ae4b24c
checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
spec:
serviceAccountName: graphs-grafana
automountServiceAccountToken: true
securityContext:
fsGroup: 472
runAsGroup: 472
runAsUser: 472
initContainers:
- name: init-chown-data
image: "busybox:1.34.1"
image: "busybox:1.31.1"
imagePullPolicy: IfNotPresent
securityContext:
runAsNonRoot: false
runAsUser: 0
command: ["chown", "-R", "472:472", "/var/lib/grafana"]
resources:
@ -331,6 +331,7 @@ spec:
volumeMounts:
- name: storage
mountPath: "/var/lib/grafana"
enableServiceLinks: true
containers:
- name: grafana
image: "grafana/grafana:8.3.2"
@ -359,6 +360,15 @@ spec:
secretKeyRef:
name: admin-creds
key: admin-password
- name: GF_PATHS_DATA
value: /var/lib/grafana/
- name: GF_PATHS_LOGS
value: /var/log/grafana
- name: GF_PATHS_PLUGINS
value: /var/lib/grafana/plugins
- name: GF_PATHS_PROVISIONING
value: /etc/grafana/provisioning
- name: "GF_AUTH_ANONYMOUS_ENABLED"
value: "true"
- name: "GF_SERVER_DOMAIN"
@ -387,16 +397,16 @@ spec:
claimName: graphs-grafana
---
# Source: grafana/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: graphs-grafana
namespace: graphs
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
@ -410,11 +420,13 @@ spec:
- host: graphs.tbrnt.ch
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: graphs-grafana
servicePort: 80
service:
name: graphs-grafana
port:
number: 80
---
# Source: grafana/templates/tests/test.yaml
apiVersion: v1
@ -422,10 +434,10 @@ kind: Pod
metadata:
name: graphs-grafana-test
labels:
helm.sh/chart: grafana-5.2.1
helm.sh/chart: grafana-6.19.1
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: graphs
app.kubernetes.io/version: "7.0.3"
app.kubernetes.io/version: "8.3.1"
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test-success
@ -434,7 +446,7 @@ spec:
serviceAccountName: graphs-grafana-test
containers:
- name: graphs-test
image: "bats/bats:1.2.1"
image: "bats/bats:v1.4.1"
imagePullPolicy: "IfNotPresent"
command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
volumeMounts: