update helm chart for grafana
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
3c9a893569
commit
30a2a654b7
|
@ -1,5 +1,5 @@
|
|||
build:
|
||||
helm template graphs --namespace=graphs stable/grafana \
|
||||
helm template graphs --namespace=graphs grafana/grafana \
|
||||
-f grafana-config.yaml \
|
||||
> grafana.yaml
|
||||
.PHONY: build
|
||||
|
|
|
@ -4,15 +4,14 @@ apiVersion: policy/v1beta1
|
|||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
|
||||
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
|
||||
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||
|
@ -20,23 +19,13 @@ spec:
|
|||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
# Default set from Docker, without DAC_OVERRIDE or CHOWN
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SETPCAP
|
||||
- NET_BIND_SERVICE
|
||||
- NET_RAW
|
||||
- SYS_CHROOT
|
||||
- MKNOD
|
||||
- AUDIT_WRITE
|
||||
- SETFCAP
|
||||
# Default set from Docker, with DAC_OVERRIDE and CHOWN
|
||||
- ALL
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'csi'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'persistentVolumeClaim'
|
||||
|
@ -48,9 +37,17 @@ spec:
|
|||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
---
|
||||
# Source: grafana/templates/tests/test-podsecuritypolicy.yaml
|
||||
|
@ -58,12 +55,11 @@ apiVersion: policy/v1beta1
|
|||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: graphs-grafana-test
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
allowPrivilegeEscalation: true
|
||||
|
@ -84,6 +80,7 @@ spec:
|
|||
- downwardAPI
|
||||
- emptyDir
|
||||
- projected
|
||||
- csi
|
||||
- secret
|
||||
---
|
||||
# Source: grafana/templates/serviceaccount.yaml
|
||||
|
@ -91,10 +88,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
|
@ -104,10 +101,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: graphs-grafana-test
|
||||
namespace: graphs
|
||||
|
@ -119,10 +116,10 @@ metadata:
|
|||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
data:
|
||||
grafana.ini: |
|
||||
|
@ -133,7 +130,7 @@ data:
|
|||
[log]
|
||||
mode = console
|
||||
[paths]
|
||||
data = /var/lib/grafana/data
|
||||
data = /var/lib/grafana/
|
||||
logs = /var/log/grafana
|
||||
plugins = /var/lib/grafana/plugins
|
||||
provisioning = /etc/grafana/provisioning
|
||||
|
@ -145,10 +142,10 @@ metadata:
|
|||
name: graphs-grafana-test
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
data:
|
||||
run.sh: |-
|
||||
|
@ -166,10 +163,10 @@ metadata:
|
|||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
finalizers:
|
||||
- kubernetes.io/pvc-protection
|
||||
|
@ -182,16 +179,16 @@ spec:
|
|||
storageClassName: local-path
|
||||
---
|
||||
# Source: grafana/templates/role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups: ['extensions']
|
||||
|
@ -206,10 +203,10 @@ metadata:
|
|||
name: graphs-grafana-test
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups: ['policy']
|
||||
|
@ -218,16 +215,16 @@ rules:
|
|||
resourceNames: [graphs-grafana-test]
|
||||
---
|
||||
# Source: grafana/templates/rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
@ -245,10 +242,10 @@ metadata:
|
|||
name: graphs-grafana-test
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
@ -266,10 +263,10 @@ metadata:
|
|||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
type: ClusterIP
|
||||
|
@ -290,13 +287,14 @@ metadata:
|
|||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: grafana
|
||||
|
@ -309,21 +307,23 @@ spec:
|
|||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
annotations:
|
||||
checksum/config: f34039c0df1008eed25ca27450db228f70591224ed3ceb5530368abccd411749
|
||||
checksum/config: 2c2d529c87c67a9488b40aa5f8b576425105e4d67ca24b4820a7869a9ae4b24c
|
||||
checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
spec:
|
||||
|
||||
serviceAccountName: graphs-grafana
|
||||
automountServiceAccountToken: true
|
||||
securityContext:
|
||||
fsGroup: 472
|
||||
runAsGroup: 472
|
||||
runAsUser: 472
|
||||
initContainers:
|
||||
- name: init-chown-data
|
||||
image: "busybox:1.34.1"
|
||||
image: "busybox:1.31.1"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
command: ["chown", "-R", "472:472", "/var/lib/grafana"]
|
||||
resources:
|
||||
|
@ -331,6 +331,7 @@ spec:
|
|||
volumeMounts:
|
||||
- name: storage
|
||||
mountPath: "/var/lib/grafana"
|
||||
enableServiceLinks: true
|
||||
containers:
|
||||
- name: grafana
|
||||
image: "grafana/grafana:8.3.2"
|
||||
|
@ -359,6 +360,15 @@ spec:
|
|||
secretKeyRef:
|
||||
name: admin-creds
|
||||
key: admin-password
|
||||
|
||||
- name: GF_PATHS_DATA
|
||||
value: /var/lib/grafana/
|
||||
- name: GF_PATHS_LOGS
|
||||
value: /var/log/grafana
|
||||
- name: GF_PATHS_PLUGINS
|
||||
value: /var/lib/grafana/plugins
|
||||
- name: GF_PATHS_PROVISIONING
|
||||
value: /etc/grafana/provisioning
|
||||
- name: "GF_AUTH_ANONYMOUS_ENABLED"
|
||||
value: "true"
|
||||
- name: "GF_SERVER_DOMAIN"
|
||||
|
@ -387,16 +397,16 @@ spec:
|
|||
claimName: graphs-grafana
|
||||
---
|
||||
# Source: grafana/templates/ingress.yaml
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: graphs-grafana
|
||||
namespace: graphs
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
|
@ -410,11 +420,13 @@ spec:
|
|||
- host: graphs.tbrnt.ch
|
||||
http:
|
||||
paths:
|
||||
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
serviceName: graphs-grafana
|
||||
servicePort: 80
|
||||
service:
|
||||
name: graphs-grafana
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
# Source: grafana/templates/tests/test.yaml
|
||||
apiVersion: v1
|
||||
|
@ -422,10 +434,10 @@ kind: Pod
|
|||
metadata:
|
||||
name: graphs-grafana-test
|
||||
labels:
|
||||
helm.sh/chart: grafana-5.2.1
|
||||
helm.sh/chart: grafana-6.19.1
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/instance: graphs
|
||||
app.kubernetes.io/version: "7.0.3"
|
||||
app.kubernetes.io/version: "8.3.1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
|
@ -434,7 +446,7 @@ spec:
|
|||
serviceAccountName: graphs-grafana-test
|
||||
containers:
|
||||
- name: graphs-test
|
||||
image: "bats/bats:1.2.1"
|
||||
image: "bats/bats:v1.4.1"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
|
||||
volumeMounts:
|
||||
|
|
Reference in New Issue