grafana.yml.j2 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. ---
  2. apiVersion: extensions/v1beta1
  3. kind: Deployment
  4. metadata:
  5. labels:
  6. app: grafana
  7. name: grafana
  8. namespace: {{ grafana_namespace }}
  9. spec:
  10. replicas: 1
  11. selector:
  12. matchLabels:
  13. app: grafana
  14. template:
  15. metadata:
  16. labels:
  17. app: grafana
  18. name: grafana
  19. spec:
  20. serviceAccountName: {{ grafana_namespace }}
  21. {% if grafana_node_selector is iterable and grafana_node_selector | length > 0 %}
  22. nodeSelector:
  23. {% for key, value in grafana_node_selector.items() %}
  24. {{ key }}: "{{ value }}"
  25. {% endfor %}
  26. {% endif %}
  27. containers:
  28. - name: oauth-proxy
  29. image: "{{ l_openshift_grafana_proxy_image_prefix }}oauth-proxy:{{ l_openshift_grafana_proxy_image_version }}"
  30. imagePullPolicy: IfNotPresent
  31. resources:
  32. requests:
  33. {% if grafana_oauth_proxy_memory_requests is defined and grafana_oauth_proxy_memory_requests is not none %}
  34. memory: "{{ grafana_oauth_proxy_memory_requests }}"
  35. {% endif %}
  36. {% if grafana_oauth_proxy_cpu_requests is defined and grafana_oauth_proxy_cpu_requests is not none %}
  37. cpu: "{{ grafana_oauth_proxy_cpu_requests }}"
  38. {% endif %}
  39. limits:
  40. {% if grafana_oauth_proxy_memory_limit is defined and grafana_oauth_proxy_memory_limit is not none %}
  41. memory: "{{ grafana_oauth_proxy_memory_limit }}"
  42. {% endif %}
  43. {% if grafana_oauth_proxy_cpu_limit is defined and grafana_oauth_proxy_cpu_limit is not none %}
  44. cpu: "{{ grafana_oauth_proxy_cpu_limit }}"
  45. {% endif %}
  46. ports:
  47. - containerPort: {{ grafana_service_port }}
  48. name: web
  49. args:
  50. - -https-address=:{{ grafana_service_targetport }}
  51. - -http-address=
  52. - -email-domain=*
  53. - -client-id=system:serviceaccount:{{ grafana_namespace }}:{{ grafana_service_name }}
  54. - -upstream=http://localhost:{{ grafana_container_port }}
  55. - -provider=openshift
  56. # - '-openshift-delegate-urls={"/api/datasources": {"resource": "namespace", "verb": "get", "resourceName": "{{ grafana_namespace }}", "namespace": "{{ grafana_namespace }}"}}'
  57. - '-openshift-sar={"namespace": "{{ grafana_namespace }}", "verb": "list", "resource": "services"}'
  58. - -tls-cert=/etc/tls/private/tls.crt
  59. - -tls-key=/etc/tls/private/tls.key
  60. - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
  61. - -cookie-secret-file=/etc/proxy/secrets/session_secret
  62. - -skip-auth-regex=^/metrics,/api/datasources,/api/dashboards
  63. volumeMounts:
  64. - mountPath: /etc/tls/private
  65. name: grafana-tls-secret
  66. - mountPath: /etc/proxy/secrets
  67. name: grafana-proxy-secrets
  68. - name: grafana
  69. image: "{{ l_openshift_grafana_image_prefix }}{{ l_openshift_grafana_image }}:{{ l_openshift_grafana_image_version }}"
  70. imagePullPolicy: IfNotPresent
  71. resources:
  72. requests:
  73. {% if openshift_grafana_memory_requests is defined and openshift_grafana_memory_requests is not none %}
  74. memory: "{{ openshift_grafana_memory_requests }}"
  75. {% endif %}
  76. {% if openshift_grafana_cpu_requests is defined and openshift_grafana_cpu_requests is not none %}
  77. cpu: "{{ openshift_grafana_cpu_requests }}"
  78. {% endif %}
  79. limits:
  80. {% if openshift_grafana_memory_limit is defined and openshift_grafana_memory_limit is not none %}
  81. memory: "{{ openshift_grafana_memory_limit }}"
  82. {% endif %}
  83. {% if openshift_grafana_cpu_limit is defined and openshift_grafana_cpu_limit is not none %}
  84. cpu: "{{ openshift_grafana_cpu_limit }}"
  85. {% endif %}
  86. ports:
  87. - name: grafana-http
  88. containerPort: {{ grafana_container_port }}
  89. volumeMounts:
  90. - mountPath: "/root/go/src/github.com/grafana/grafana/data"
  91. name: grafana-data
  92. - mountPath: "/root/go/src/github.com/grafana/grafana/conf"
  93. name: grafana-config
  94. - mountPath: /etc/tls/private
  95. name: grafana-tls-secret
  96. - mountPath: /etc/proxy/secrets
  97. name: grafana-proxy-secrets
  98. command:
  99. - "./bin/grafana-server"
  100. volumes:
  101. - name: grafana-config
  102. configMap:
  103. name: grafana-config
  104. - name: grafana-proxy-secrets
  105. secret:
  106. secretName: grafana-proxy
  107. - name: grafana-tls-secret
  108. secret:
  109. secretName: grafana-tls
  110. - name: grafana-data
  111. {% if grafana_storage_type == 'pvc' %}
  112. persistentVolumeClaim:
  113. claimName: {{ grafana_pvc_name }}
  114. {% else %}
  115. emptydir: {}
  116. {% endif %}