diff --git a/k8s/operators/kube-prometheus/grafana-deployment-patch.yaml b/k8s/operators/kube-prometheus/grafana-deployment-patch.yaml new file mode 100644 index 0000000..2e07660 --- /dev/null +++ b/k8s/operators/kube-prometheus/grafana-deployment-patch.yaml @@ -0,0 +1,5 @@ +- op: add + path: /spec/template/spec/containers/0/envFrom + value: + - secretRef: + name: grafana-secrets diff --git a/k8s/operators/kube-prometheus/grafana.ini b/k8s/operators/kube-prometheus/grafana.ini new file mode 100644 index 0000000..62e170d --- /dev/null +++ b/k8s/operators/kube-prometheus/grafana.ini @@ -0,0 +1,47 @@ +[server] +domain = grafana.home.finn.io +root_url = https://%(domain)s/ + +[date_formats] +default_timezone = America/Los_Angeles + +[analytics] +reporting_enabled = false +check_for_updates = false + +[security] +strict_transport_security = true +strict_transport_security_max_age_seconds = 86400 +strict_transport_security_subdomains = true + +[auth] +disable_signout_menu = false +oauth_auto_login = true + +[auth.generic_oauth] +auto_login = true +enabled = true +name = Janky Solutions Auth +client_id = $__env{OAUTH_CLIENT_ID} +client_secret = $__env{OAUTH_CLIENT_SECRET} +scopes = openid email profile offline_access roles +email_attribute_path = email +login_attribute_path = username +name_attribute_path = full_name +auth_url = https://auth.janky.solutions/realms/janky.solutions/protocol/openid-connect/auth +token_url = https://auth.janky.solutions/realms/janky.solutions/protocol/openid-connect/token +api_url = https://auth.janky.solutions/realms/janky.solutions/protocol/openid-connect/userinfo +role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer' +allow_assign_grafana_admin = true + +[external_image_storage] +provider = s3 + +[external_image_storage.s3] +endpoint = storage.home.finn.io +path_style_access = true +bucket = grafana +region = sea-01 +;path = +access_key = BOx3M6NesE3HilaWg9PJ +secret_key = $__env{S3_SECRET_ACCESS_KEY} diff --git a/k8s/operators/kube-prometheus/kustomization.yaml b/k8s/operators/kube-prometheus/kustomization.yaml index a05321c..6e66139 100644 --- a/k8s/operators/kube-prometheus/kustomization.yaml +++ b/k8s/operators/kube-prometheus/kustomization.yaml @@ -34,3 +34,15 @@ patches: target: kind: ClusterRole name: prometheus-k8s + + - path: grafana-deployment-patch.yaml + target: + kind: Deployment + name: grafana + +secretGenerator: + - name: grafana-config + namespace: monitoring + behavior: replace + files: + - grafana.ini