--- apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: grafana name: grafana namespace: {{ grafana_namespace }} spec: replicas: 1 selector: matchLabels: app: grafana template: metadata: labels: app: grafana name: grafana spec: serviceAccountName: {{ grafana_namespace }} {% if grafana_node_selector is iterable and grafana_node_selector | length > 0 %} nodeSelector: {% for key, value in grafana_node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} containers: - name: oauth-proxy image: "{{ l_openshift_grafana_proxy_image_prefix }}oauth-proxy:{{ l_openshift_grafana_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if grafana_oauth_proxy_memory_requests is defined and grafana_oauth_proxy_memory_requests is not none %} memory: "{{ grafana_oauth_proxy_memory_requests }}" {% endif %} {% if grafana_oauth_proxy_cpu_requests is defined and grafana_oauth_proxy_cpu_requests is not none %} cpu: "{{ grafana_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if grafana_oauth_proxy_memory_limit is defined and grafana_oauth_proxy_memory_limit is not none %} memory: "{{ grafana_oauth_proxy_memory_limit }}" {% endif %} {% if grafana_oauth_proxy_cpu_limit is defined and grafana_oauth_proxy_cpu_limit is not none %} cpu: "{{ grafana_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: {{ grafana_service_port }} name: web args: - -https-address=:{{ grafana_service_targetport }} - -http-address= - -email-domain=* - -client-id=system:serviceaccount:{{ grafana_namespace }}:{{ grafana_service_name }} - -upstream=http://localhost:{{ grafana_container_port }} - -provider=openshift # - '-openshift-delegate-urls={"/api/datasources": {"resource": "namespace", "verb": "get", "resourceName": "{{ grafana_namespace }}", "namespace": "{{ grafana_namespace }}"}}' - '-openshift-sar={"namespace": "{{ grafana_namespace }}", "verb": "list", "resource": "services"}' - -tls-cert=/etc/tls/private/tls.crt - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret - -skip-auth-regex=^/metrics,/api/datasources,/api/dashboards volumeMounts: - mountPath: /etc/tls/private name: grafana-tls-secret - mountPath: /etc/proxy/secrets name: grafana-proxy-secrets - name: grafana image: "{{ l_openshift_grafana_image_prefix }}{{ l_openshift_grafana_image }}:{{ l_openshift_grafana_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_grafana_memory_requests is defined and openshift_grafana_memory_requests is not none %} memory: "{{ openshift_grafana_memory_requests }}" {% endif %} {% if openshift_grafana_cpu_requests is defined and openshift_grafana_cpu_requests is not none %} cpu: "{{ openshift_grafana_cpu_requests }}" {% endif %} limits: {% if openshift_grafana_memory_limit is defined and openshift_grafana_memory_limit is not none %} memory: "{{ openshift_grafana_memory_limit }}" {% endif %} {% if openshift_grafana_cpu_limit is defined and openshift_grafana_cpu_limit is not none %} cpu: "{{ openshift_grafana_cpu_limit }}" {% endif %} ports: - name: grafana-http containerPort: {{ grafana_container_port }} volumeMounts: - mountPath: "/root/go/src/github.com/grafana/grafana/data" name: grafana-data - mountPath: "/root/go/src/github.com/grafana/grafana/conf" name: grafana-config - mountPath: /etc/tls/private name: grafana-tls-secret - mountPath: /etc/proxy/secrets name: grafana-proxy-secrets command: - "./bin/grafana-server" volumes: - name: grafana-config configMap: name: grafana-config - name: grafana-proxy-secrets secret: secretName: grafana-proxy - name: grafana-tls-secret secret: secretName: grafana-tls - name: grafana-data {% if grafana_storage_type == 'pvc' %} persistentVolumeClaim: claimName: {{ grafana_pvc_name }} {% else %} emptydir: {} {% endif %}