diff --git a/graphs/grafana.yaml b/graphs/grafana.yaml index a83495a..ba3c857 100644 --- a/graphs/grafana.yaml +++ b/graphs/grafana.yaml @@ -1,97 +1,13 @@ --- -# Source: grafana/templates/podsecuritypolicy.yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: graphs-grafana - labels: - helm.sh/chart: grafana-6.19.1 - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" - app.kubernetes.io/managed-by: Helm - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - # Default set from Docker, with DAC_OVERRIDE and CHOWN - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'csi' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false ---- -# Source: grafana/templates/tests/test-podsecuritypolicy.yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: graphs-grafana-test - labels: - helm.sh/chart: grafana-6.19.1 - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" - app.kubernetes.io/managed-by: Helm -spec: - allowPrivilegeEscalation: true - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - fsGroup: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - projected - - csi - - secret ---- # Source: grafana/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm name: graphs-grafana namespace: graphs @@ -101,10 +17,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm name: graphs-grafana-test namespace: graphs @@ -116,10 +32,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm data: grafana.ini: | @@ -134,10 +50,8 @@ data: logs = /var/log/grafana plugins = /var/lib/grafana/plugins provisioning = /etc/grafana/provisioning - [unified_alerting] - enabled = true - [alerting] - enabled = false + [server] + domain = graphs.tbrnt.ch --- # Source: grafana/templates/tests/test-configmap.yaml apiVersion: v1 @@ -146,17 +60,17 @@ metadata: name: graphs-grafana-test namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm data: run.sh: |- @test "Test Health" { url="http://graphs-grafana/api/health" - code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') [ "$code" == "200" ] } --- @@ -167,10 +81,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm finalizers: - kubernetes.io/pvc-protection @@ -189,10 +103,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: ['extensions'] @@ -207,10 +121,10 @@ metadata: name: graphs-grafana-test namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: ['policy'] @@ -225,10 +139,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -246,10 +160,10 @@ metadata: name: graphs-grafana-test namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -267,10 +181,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -279,7 +193,6 @@ spec: port: 80 protocol: TCP targetPort: 3000 - selector: app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs @@ -291,10 +204,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -311,11 +224,10 @@ spec: app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs annotations: - checksum/config: 2c2d529c87c67a9488b40aa5f8b576425105e4d67ca24b4820a7869a9ae4b24c + checksum/config: 92c6c3be43039977139ad66d2fc29e36e4a7473258afa4e2372a0a95a5e9e2cf checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - spec: - + spec: serviceAccountName: graphs-grafana automountServiceAccountToken: true securityContext: @@ -324,21 +236,19 @@ spec: runAsUser: 472 initContainers: - name: init-chown-data - image: "busybox:1.35.0" + image: "busybox:1.31.1" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: false runAsUser: 0 command: ["chown", "-R", "472:472", "/var/lib/grafana"] - resources: - {} volumeMounts: - name: storage mountPath: "/var/lib/grafana" enableServiceLinks: true containers: - name: grafana - image: "grafana/grafana:9.1.0" + image: "grafana/grafana:9.1.5" imagePullPolicy: IfNotPresent volumeMounts: - name: config @@ -347,9 +257,6 @@ spec: - name: storage mountPath: "/var/lib/grafana" ports: - - name: service - containerPort: 80 - protocol: TCP - name: grafana containerPort: 3000 protocol: TCP @@ -364,7 +271,6 @@ spec: secretKeyRef: name: admin-creds key: admin-password - - name: GF_PATHS_DATA value: /var/lib/grafana/ - name: GF_PATHS_LOGS @@ -390,8 +296,6 @@ spec: httpGet: path: /api/health port: 3000 - resources: - {} volumes: - name: config configMap: @@ -407,10 +311,10 @@ metadata: name: graphs-grafana namespace: graphs labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" @@ -438,13 +342,14 @@ kind: Pod metadata: name: graphs-grafana-test labels: - helm.sh/chart: grafana-6.19.1 + helm.sh/chart: grafana-6.38.3 app.kubernetes.io/name: grafana app.kubernetes.io/instance: graphs - app.kubernetes.io/version: "8.3.1" + app.kubernetes.io/version: "9.1.5" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" namespace: graphs spec: serviceAccountName: graphs-grafana-test