grafana: adminUser: admin adminPassword: changeme # TODO: Use secret management # Disable local persistence - using PostgreSQL database persistence: enabled: false resources: requests: cpu: 100m memory: 256Mi limits: memory: 512Mi extraSecretMounts: - name: db-secret secretName: grafana-pg-cluster-app mountPath: /secrets/my-db readOnly: true datasources: datasources.yaml: apiVersion: 1 datasources: - name: Prometheus type: prometheus access: proxy url: http://prometheus-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090 isDefault: true editable: false jsonData: timeInterval: 30s queryTimeout: 60s - name: Loki type: loki access: proxy url: http://loki-gateway.logging.svc.cluster.local editable: false jsonData: maxLines: 1000 derivedFields: - datasourceUid: Prometheus matcherRegex: "traceID=(\\w+)" name: TraceID url: "$${__value.raw}" dashboardProviders: dashboardproviders.yaml: apiVersion: 1 providers: - name: 'default' orgId: 1 folder: '' type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/default - name: 'kubernetes' orgId: 1 folder: 'Kubernetes' type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/kubernetes dashboards: default: node-exporter: gnetId: 1860 revision: 37 datasource: Prometheus k8s-cluster: gnetId: 7249 revision: 1 datasource: Prometheus kubernetes: k8s-pods: gnetId: 6417 revision: 1 datasource: Prometheus loki-logs: gnetId: 13639 revision: 2 datasource: Loki grafana.ini: server: root_url: https://grafana.noxxos.nl serve_from_sub_path: false database: type: postgres host: "$__file{/secrets/my-db/host}:$__file{/secrets/my-db/port}" name: "$__file{/secrets/my-db/dbname}" user: "$__file{/secrets/my-db/user}" password: "$__file{/secrets/my-db/password}" auth.generic_oauth: enabled: false # Enable after configuring secret name: Authentik client_id: grafana # client_secret should be set via envValueFrom or existingSecret scopes: openid profile email auth_url: https://auth.noxxos.nl/application/o/authorize/ token_url: https://auth.noxxos.nl/application/o/token/ api_url: https://auth.noxxos.nl/application/o/userinfo/ role_attribute_path: contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' allow_sign_up: true analytics: reporting_enabled: false check_for_updates: false log: mode: console level: info console: format: json users: auto_assign_org: true auto_assign_org_role: Viewer serviceMonitor: enabled: false plugins: - grafana-piechart-panel - grafana-clock-panel route: main: enabled: true hostnames: - grafana.noxxos.nl parentRefs: - name: traefik-gateway namespace: traefik sectionName: websecure extraObjects: - apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: grafana-pg-cluster namespace: monitoring spec: instances: 2 postgresql: parameters: max_connections: "20" shared_buffers: "25MB" effective_cache_size: "75MB" maintenance_work_mem: "6400kB" checkpoint_completion_target: "0.9" wal_buffers: "768kB" default_statistics_target: "100" random_page_cost: "1.1" effective_io_concurrency: "300" work_mem: "640kB" huge_pages: "off" max_wal_size: "128MB" bootstrap: initdb: database: grafana owner: grafana storage: size: 10Gi storageClass: ceph-block resources: requests: cpu: 100m memory: 100Mi limits: memory: 512Mi plugins: - enabled: true name: barman-cloud.cloudnative-pg.io isWALArchiver: true parameters: barmanObjectName: grafana-backup-store - apiVersion: barmancloud.cnpg.io/v1 kind: ObjectStore metadata: name: grafana-backup-store namespace: monitoring spec: retentionPolicy: "30d" configuration: destinationPath: s3://postgresql-backups/grafana endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 s3Credentials: accessKeyId: name: grafana-pg-backup-creds key: AWS_ACCESS_KEY_ID secretAccessKey: name: grafana-pg-backup-creds key: AWS_SECRET_ACCESS_KEY wal: compression: bzip2 data: compression: bzip2 immediateCheckpoint: true - apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup metadata: name: grafana-pg-backup namespace: monitoring spec: method: plugin immediate: true schedule: "0 30 2 * * *" # 2:30 AM daily backupOwnerReference: self cluster: name: grafana-pg-cluster pluginConfiguration: name: barman-cloud.cloudnative-pg.io - apiVersion: objectbucket.io/v1alpha1 kind: ObjectBucketClaim metadata: name: grafana-pg-backups namespace: monitoring spec: bucketName: postgresql-backups storageClassName: ceph-bucket additionalConfig: maxSize: "50Gi" - apiVersion: v1 kind: Secret metadata: name: grafana-pg-backup-creds namespace: monitoring type: Opaque stringData: AWS_ACCESS_KEY_ID: placeholder AWS_SECRET_ACCESS_KEY: placeholder