{{/* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.manifests.deployment }} {{- $envAll := . }} {{- $mounts_grafana := .Values.pod.mounts.grafana.grafana }} {{- $serviceAccountName := "grafana" }} {{ tuple $envAll "grafana" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1 kind: Deployment metadata: name: grafana annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} labels: {{ tuple $envAll "grafana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: replicas: {{ .Values.pod.replicas.grafana }} selector: matchLabels: {{ tuple $envAll "grafana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} template: metadata: labels: {{ tuple $envAll "grafana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} {{ dict "envAll" $envAll "podName" "grafana" "containerNames" (list "grafana" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: {{ dict "envAll" $envAll "application" "dashboard" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $serviceAccountName }} affinity: {{ tuple $envAll "grafana" "dashboard" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.grafana.node_selector_key }}: {{ .Values.labels.grafana.node_selector_value | quote }} initContainers: {{ tuple $envAll "grafana" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{- if and .Values.conf.grafana.image_rendering_sidecar.enabled .Values.conf.grafana.image_rendering_sidecar.k8s_sidecar_feature_enabled }} - name: grafana-image-renderer {{ tuple $envAll "grafana_image_renderer" | include "helm-toolkit.snippets.image" | indent 10 }} restartPolicy: Always ports: - containerPort: {{ tuple "grafana" "image_rendering" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: tcpSocket: port: {{ tuple "grafana" "image_rendering" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 15 periodSeconds: 10 {{- end }} containers: {{- if and .Values.conf.grafana.image_rendering_sidecar.enabled (not .Values.conf.grafana.image_rendering_sidecar.k8s_sidecar_feature_enabled) }} - name: grafana-image-renderer {{ tuple $envAll "grafana_image_renderer" | include "helm-toolkit.snippets.image" | indent 10 }} ports: - containerPort: {{ tuple "grafana" "image_rendering" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: tcpSocket: port: {{ tuple "grafana" "image_rendering" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 15 periodSeconds: 10 {{- end }} - name: grafana {{ tuple $envAll "grafana" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.grafana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ dict "envAll" $envAll "application" "dashboard" "container" "grafana" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/grafana.sh - start ports: - name: dashboard containerPort: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /login port: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 env: - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: name: grafana-admin-creds key: GRAFANA_ADMIN_USERNAME - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: name: grafana-admin-creds key: GRAFANA_ADMIN_PASSWORD - name: PROMETHEUS_URL value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} {{- if .Values.manifests.certificates }} - name: CACERT valueFrom: secretKeyRef: key: ca.crt name: prometheus-tls-api {{- end }} {{- if .Values.conf.grafana.image_rendering_sidecar.enabled }} - name: GF_RENDERING_SERVER_URL value: "http://localhost:{{ tuple "grafana" "image_rendering" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/render" - name: GF_RENDERING_CALLBACK_URL value: "http://localhost:{{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" {{- end }} {{- if .Values.pod.env.grafana }} {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.pod.env.grafana | indent 12 }} {{- end }} volumeMounts: - name: pod-tmp mountPath: /tmp - name: pod-etc-grafana mountPath: /etc/grafana - name: pod-screenshots-grafana mountPath: /var/lib/grafana/png - name: pod-dashboards-grafana mountPath: /etc/grafana/dashboards - name: pod-provisioning-grafana mountPath: {{ .Values.conf.grafana.paths.provisioning }} - name: pod-alerting-grafana mountPath: {{ .Values.conf.grafana.paths.alerting }} - name: pod-csv-grafana mountPath: {{ .Values.conf.grafana.paths.csv }} - name: grafana-bin mountPath: /tmp/grafana.sh subPath: grafana.sh readOnly: true - name: grafana-etc mountPath: {{ .Values.conf.grafana.paths.provisioning }}/dashboards/dashboards.yaml subPath: dashboards.yaml - name: grafana-etc mountPath: {{ .Values.conf.grafana.paths.provisioning }}/datasources/datasources.yaml subPath: datasources.yaml - name: grafana-etc mountPath: /etc/grafana/grafana.ini subPath: grafana.ini - name: grafana-etc mountPath: /etc/grafana/ldap.toml subPath: ldap.toml - name: data mountPath: /var/lib/grafana/data {{- range $group, $dashboards := .Values.conf.dashboards }} {{- range $key, $value := $dashboards }} - name: grafana-dashboards-{{$group}} mountPath: /etc/grafana/dashboards/{{$key}}.json subPath: {{$key}}.json {{- end }} {{- end }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{ if $mounts_grafana.volumeMounts }}{{ toYaml $mounts_grafana.volumeMounts | indent 12 }}{{ end }} volumes: - name: pod-tmp emptyDir: {} - name: pod-etc-grafana emptyDir: {} - name: pod-screenshots-grafana emptyDir: {} - name: pod-dashboards-grafana emptyDir: {} - name: pod-provisioning-grafana emptyDir: {} - name: pod-alerting-grafana emptyDir: {} - name: pod-csv-grafana emptyDir: {} - name: grafana-bin configMap: name: grafana-bin defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc defaultMode: 0444 {{- range $group, $dashboards := .Values.conf.dashboards }} - name: grafana-dashboards-{{$group}} configMap: name: grafana-dashboards-{{$group}} defaultMode: 0555 {{- end }} - name: data emptyDir: {} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{ if $mounts_grafana.volumes }}{{ toYaml $mounts_grafana.volumes | indent 8 }}{{ end }} {{- end }}