178 lines
4.2 KiB
YAML
178 lines
4.2 KiB
YAML
grafana:
|
|
# Admin credentials
|
|
adminUser: admin
|
|
adminPassword: changeme # TODO: Use secret management
|
|
|
|
# Persistence
|
|
persistence:
|
|
enabled: true
|
|
storageClassName: ceph-block
|
|
size: 10Gi
|
|
|
|
# Resources
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
memory: 512Mi
|
|
|
|
# Datasources
|
|
datasources:
|
|
datasources.yaml:
|
|
apiVersion: 1
|
|
datasources:
|
|
# Thanos datasource
|
|
- name: Thanos
|
|
type: prometheus
|
|
access: proxy
|
|
url: http://thanos-query-frontend.monitoring.svc.cluster.local:9090
|
|
isDefault: true
|
|
editable: false
|
|
jsonData:
|
|
timeInterval: 30s
|
|
queryTimeout: 60s
|
|
|
|
# Loki datasource
|
|
- name: Loki
|
|
type: loki
|
|
access: proxy
|
|
url: http://loki-gateway.logging.svc.cluster.local
|
|
editable: false
|
|
jsonData:
|
|
maxLines: 1000
|
|
derivedFields:
|
|
- datasourceUid: Thanos
|
|
matcherRegex: "traceID=(\\w+)"
|
|
name: TraceID
|
|
url: "$${__value.raw}"
|
|
|
|
# Dashboard providers
|
|
dashboardProviders:
|
|
dashboardproviders.yaml:
|
|
apiVersion: 1
|
|
providers:
|
|
- name: 'default'
|
|
orgId: 1
|
|
folder: ''
|
|
type: file
|
|
disableDeletion: false
|
|
editable: true
|
|
options:
|
|
path: /var/lib/grafana/dashboards/default
|
|
- name: 'kubernetes'
|
|
orgId: 1
|
|
folder: 'Kubernetes'
|
|
type: file
|
|
disableDeletion: false
|
|
editable: true
|
|
options:
|
|
path: /var/lib/grafana/dashboards/kubernetes
|
|
|
|
# Preload dashboards
|
|
dashboards:
|
|
default:
|
|
# Node exporter dashboard
|
|
node-exporter:
|
|
gnetId: 1860
|
|
revision: 37
|
|
datasource: Thanos
|
|
|
|
# Kubernetes cluster monitoring
|
|
k8s-cluster:
|
|
gnetId: 7249
|
|
revision: 1
|
|
datasource: Thanos
|
|
|
|
kubernetes:
|
|
# Kubernetes pods
|
|
k8s-pods:
|
|
gnetId: 6417
|
|
revision: 1
|
|
datasource: Thanos
|
|
|
|
# Loki logs dashboard
|
|
loki-logs:
|
|
gnetId: 13639
|
|
revision: 2
|
|
datasource: Loki
|
|
|
|
# Grafana config
|
|
grafana.ini:
|
|
server:
|
|
root_url: https://grafana.noxxos.nl
|
|
serve_from_sub_path: false
|
|
|
|
# Authentication - Authentik OIDC
|
|
auth.generic_oauth:
|
|
enabled: false # Enable after configuring secret
|
|
name: Authentik
|
|
client_id: grafana
|
|
# client_secret should be set via envValueFrom or existingSecret
|
|
scopes: openid profile email
|
|
auth_url: https://auth.noxxos.nl/application/o/authorize/
|
|
token_url: https://auth.noxxos.nl/application/o/token/
|
|
api_url: https://auth.noxxos.nl/application/o/userinfo/
|
|
role_attribute_path: contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'
|
|
allow_sign_up: true
|
|
|
|
analytics:
|
|
reporting_enabled: false
|
|
check_for_updates: false
|
|
|
|
log:
|
|
mode: console
|
|
level: info
|
|
|
|
users:
|
|
auto_assign_org: true
|
|
auto_assign_org_role: Viewer
|
|
|
|
# Service Monitor
|
|
serviceMonitor:
|
|
enabled: true
|
|
|
|
# Plugins
|
|
plugins:
|
|
- grafana-piechart-panel
|
|
- grafana-clock-panel
|
|
|
|
# Gateway API HTTPRoute
|
|
extraObjects:
|
|
# ReferenceGrant
|
|
- apiVersion: gateway.networking.k8s.io/v1beta1
|
|
kind: ReferenceGrant
|
|
metadata:
|
|
name: traefik-gateway-access
|
|
namespace: monitoring
|
|
spec:
|
|
from:
|
|
- group: gateway.networking.k8s.io
|
|
kind: HTTPRoute
|
|
namespace: monitoring
|
|
to:
|
|
- group: ""
|
|
kind: Service
|
|
|
|
# Grafana HTTPRoute
|
|
- apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: grafana
|
|
namespace: monitoring
|
|
spec:
|
|
parentRefs:
|
|
- name: traefik-gateway
|
|
namespace: traefik
|
|
sectionName: websecure
|
|
hostnames:
|
|
- "grafana.noxxos.nl"
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
backendRefs:
|
|
- name: grafana
|
|
port: 80
|