246 lines
6.2 KiB
YAML
246 lines
6.2 KiB
YAML
grafana:
|
|
|
|
adminUser: admin
|
|
adminPassword: changeme # TODO: Use secret management
|
|
|
|
# Disable local persistence - using PostgreSQL database
|
|
persistence:
|
|
enabled: false
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
memory: 512Mi
|
|
|
|
extraSecretMounts:
|
|
- name: db-secret
|
|
secretName: grafana-pg-cluster-app
|
|
mountPath: /secrets/my-db
|
|
readOnly: true
|
|
|
|
envFromSecret: authentik-client-secret-grafana
|
|
|
|
datasources:
|
|
datasources.yaml:
|
|
apiVersion: 1
|
|
datasources:
|
|
- name: Prometheus
|
|
type: prometheus
|
|
access: proxy
|
|
url: http://prometheus-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090
|
|
isDefault: true
|
|
editable: false
|
|
jsonData:
|
|
timeInterval: 30s
|
|
queryTimeout: 60s
|
|
|
|
- name: Loki
|
|
type: loki
|
|
access: proxy
|
|
url: http://loki-gateway.logging.svc.cluster.local
|
|
editable: false
|
|
jsonData:
|
|
maxLines: 1000
|
|
derivedFields:
|
|
- datasourceUid: Prometheus
|
|
matcherRegex: "traceID=(\\w+)"
|
|
name: TraceID
|
|
url: "$${__value.raw}"
|
|
|
|
dashboardProviders:
|
|
dashboardproviders.yaml:
|
|
apiVersion: 1
|
|
providers:
|
|
- name: 'default'
|
|
orgId: 1
|
|
folder: ''
|
|
type: file
|
|
disableDeletion: false
|
|
editable: true
|
|
options:
|
|
path: /var/lib/grafana/dashboards/default
|
|
- name: 'kubernetes'
|
|
orgId: 1
|
|
folder: 'Kubernetes'
|
|
type: file
|
|
disableDeletion: false
|
|
editable: true
|
|
options:
|
|
path: /var/lib/grafana/dashboards/kubernetes
|
|
|
|
dashboards:
|
|
default:
|
|
node-exporter:
|
|
gnetId: 1860
|
|
revision: 37
|
|
datasource: Prometheus
|
|
|
|
k8s-cluster:
|
|
gnetId: 7249
|
|
revision: 1
|
|
datasource: Prometheus
|
|
|
|
kubernetes:
|
|
k8s-pods:
|
|
gnetId: 6417
|
|
revision: 1
|
|
datasource: Prometheus
|
|
|
|
loki-logs:
|
|
gnetId: 13639
|
|
revision: 2
|
|
datasource: Loki
|
|
|
|
grafana.ini:
|
|
server:
|
|
root_url: https://grafana.noxxos.nl
|
|
serve_from_sub_path: false
|
|
|
|
database:
|
|
type: postgres
|
|
host: "$__file{/secrets/my-db/host}:$__file{/secrets/my-db/port}"
|
|
name: "$__file{/secrets/my-db/dbname}"
|
|
user: "$__file{/secrets/my-db/user}"
|
|
password: "$__file{/secrets/my-db/password}"
|
|
|
|
auth.generic_oauth:
|
|
enabled: true
|
|
name: Authentik
|
|
client_id: "$__from_env{GF_AUTH_GENERIC_OAUTH_CLIENT_ID}"
|
|
client_secret: "$__from_env{GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}"
|
|
scopes: openid profile email
|
|
auth_url: https://auth.noxxos.nl/application/o/authorize/
|
|
token_url: https://auth.noxxos.nl/application/o/token/
|
|
api_url: https://auth.noxxos.nl/application/o/userinfo/
|
|
role_attribute_path: contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'
|
|
allow_sign_up: true
|
|
|
|
analytics:
|
|
reporting_enabled: false
|
|
check_for_updates: false
|
|
|
|
log:
|
|
mode: console
|
|
level: info
|
|
console:
|
|
format: json
|
|
|
|
users:
|
|
auto_assign_org: true
|
|
auto_assign_org_role: Viewer
|
|
|
|
serviceMonitor:
|
|
enabled: false
|
|
|
|
plugins:
|
|
- grafana-piechart-panel
|
|
- grafana-clock-panel
|
|
|
|
route:
|
|
main:
|
|
enabled: true
|
|
hostnames:
|
|
- grafana.noxxos.nl
|
|
parentRefs:
|
|
- name: traefik-gateway
|
|
namespace: traefik
|
|
sectionName: websecure
|
|
|
|
extraObjects:
|
|
- apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: grafana-pg-cluster
|
|
namespace: monitoring
|
|
spec:
|
|
instances: 2
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "20"
|
|
shared_buffers: "25MB"
|
|
effective_cache_size: "75MB"
|
|
maintenance_work_mem: "6400kB"
|
|
checkpoint_completion_target: "0.9"
|
|
wal_buffers: "768kB"
|
|
default_statistics_target: "100"
|
|
random_page_cost: "1.1"
|
|
effective_io_concurrency: "300"
|
|
work_mem: "640kB"
|
|
huge_pages: "off"
|
|
max_wal_size: "128MB"
|
|
bootstrap:
|
|
initdb:
|
|
database: grafana
|
|
owner: grafana
|
|
storage:
|
|
size: 10Gi
|
|
storageClass: local-path
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
limits:
|
|
memory: 512Mi
|
|
plugins:
|
|
- enabled: true
|
|
name: barman-cloud.cloudnative-pg.io
|
|
isWALArchiver: true
|
|
parameters:
|
|
barmanObjectName: grafana-backup-store
|
|
- apiVersion: barmancloud.cnpg.io/v1
|
|
kind: ObjectStore
|
|
metadata:
|
|
name: grafana-backup-store
|
|
namespace: monitoring
|
|
spec:
|
|
retentionPolicy: "30d"
|
|
configuration:
|
|
destinationPath: s3://postgresql-backups/grafana
|
|
endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
|
|
s3Credentials:
|
|
accessKeyId:
|
|
name: grafana-pg-backup-creds
|
|
key: AWS_ACCESS_KEY_ID
|
|
secretAccessKey:
|
|
name: grafana-pg-backup-creds
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
wal:
|
|
compression: bzip2
|
|
data:
|
|
compression: bzip2
|
|
immediateCheckpoint: true
|
|
- apiVersion: postgresql.cnpg.io/v1
|
|
kind: ScheduledBackup
|
|
metadata:
|
|
name: grafana-pg-backup
|
|
namespace: monitoring
|
|
spec:
|
|
method: plugin
|
|
immediate: true
|
|
schedule: "0 30 2 * * *" # 2:30 AM daily
|
|
backupOwnerReference: self
|
|
cluster:
|
|
name: grafana-pg-cluster
|
|
pluginConfiguration:
|
|
name: barman-cloud.cloudnative-pg.io
|
|
- apiVersion: objectbucket.io/v1alpha1
|
|
kind: ObjectBucketClaim
|
|
metadata:
|
|
name: grafana-pg-backups
|
|
namespace: monitoring
|
|
spec:
|
|
bucketName: postgresql-backups
|
|
storageClassName: ceph-bucket
|
|
additionalConfig:
|
|
maxSize: "50Gi"
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: grafana-pg-backup-creds
|
|
namespace: monitoring
|
|
type: Opaque
|
|
stringData:
|
|
AWS_ACCESS_KEY_ID: placeholder
|
|
AWS_SECRET_ACCESS_KEY: placeholder |