---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: grafana
namespace: monitoring
spec:
chart:
spec:
chart: grafana
interval: 30m
sourceRef:
kind: HelmRepository
name: grafana
namespace: flux-system
version: 7.0.3
interval: 30m
timeout: 20m
maxHistory: 2
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
annotations:
configmap.reloader.stakater.com/reload: grafana
secret.reloader.stakater.com/reload: grafana-secrets
replicas: 1
envFromSecret: grafana-secrets
grafana.ini:
analytics:
check_for_updates: false
check_for_plugin_updates: false
reporting_enabled: false
auth:
oauth_auto_login: true
oauth_allow_insecure_email_lookup: true
signout_redirect_url: https://auth.hsn.dev/application/o/grafana/end-session/
auth.basic:
enabled: false
auth.anonymous:
enabled: false
auth.generic_oauth:
enabled: true
name: Authentik
icon: signin
scopes: openid profile email
empty_scopes: false
login_attribute_path: preferred_username
groups_attribute_path: groups
name_attribute_path: name
use_pkce: true
client_id: CoV7ae1HxuNzwCbVPf3U7TfYMX2rVqC5T9RAUo5M
client_secret: # Set by env vars
auth_url: https://auth.hsn.dev/application/o/authorize/
token_url: https://auth.hsn.dev/application/o/token/
api_url: https://auth.hsn.dev/application/o/userinfo/
# map user groups to Grafana roles
role_attribute_path: |
contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'
date_formats:
use_browser_locale: true
explore:
enabled: true
news:
news_feed_enabled: false
panels:
disable_sanitize_html: true
security:
allow_embedding: true
cookie_samesite: grafana
server:
root_url: https://grafana.valinor.social
datasources:
datasources.yaml:
apiVersion: 1
deleteDatasources:
- { name: Alertmanager, orgId: 1 }
- { name: Loki, orgId: 1 }
- { name: Prometheus, orgId: 1 }
datasources:
- name: Prometheus
type: prometheus
uid: prometheus
access: proxy
url: http://thanos-query-frontend.monitoring.svc.cluster.local:9090
jsonData:
prometheusType: Thanos
isDefault: true
- name: Alertmanager
type: alertmanager
uid: alertmanager
access: proxy
url: http://alertmanager-operated.monitoring.svc.cluster.local:9093
jsonData:
implementation: prometheus
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: default
orgId: 1
folder: ""
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
- name: ceph
orgId: 1
folder: Ceph
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/ceph
- name: flux
orgId: 1
folder: Flux
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/flux
- name: kubernetes
orgId: 1
folder: Kubernetes
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/kubernetes
- name: nginx
orgId: 1
folder: Nginx
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/nginx
- name: thanos
orgId: 1
folder: Thanos
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/thanos
dashboards:
default:
external-dns:
# renovate: depName="External-dns"
gnetId: 15038
revision: 1
datasource: Prometheus
minio:
# renovate: depName="MinIO Dashboard"
gnetId: 13502
revision: 24
datasource:
- { name: DS_PROMETHEUS, value: Prometheus }
ceph:
ceph-cluster:
# renovate: depName="Ceph Cluster"
gnetId: 2842
revision: 17
datasource: Prometheus
ceph-osd:
# renovate: depName="Ceph - OSD (Single)"
gnetId: 5336
revision: 9
datasource: Prometheus
ceph-pools:
# renovate: depName="Ceph - Pools"
gnetId: 5342
revision: 9
datasource: Prometheus
flux:
flux-cluster:
url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json
datasource: Prometheus
flux-control-plane:
url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/control-plane.json
datasource: Prometheus
flux-logs:
url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/logs.json
datasource: Prometheus
kubernetes:
kubernetes-api-server:
# renovate: depName="Kubernetes / System / API Server"
gnetId: 15761
revision: 14
datasource: Prometheus
kubernetes-coredns:
# renovate: depName="Kubernetes / System / CoreDNS"
gnetId: 15762
revision: 13
datasource: Prometheus
kubernetes-global:
# renovate: depName="Kubernetes / Views / Global"
gnetId: 15757
revision: 31
datasource: Prometheus
kubernetes-namespaces:
# renovate: depName="Kubernetes / Views / Namespaces"
gnetId: 15758
revision: 27
datasource: Prometheus
kubernetes-nodes:
# renovate: depName="Kubernetes / Views / Nodes"
gnetId: 15759
revision: 19
datasource: Prometheus
kubernetes-pods:
# renovate: depName="Kubernetes / Views / Pods"
gNetId: 15760
revision: 21
datasource: Prometheus
kubernetes-volumes:
# renovate: depName="K8s / Storage / Volumes / Cluster"
gnetId: 11454
revision: 14
datasource: Prometheus
nginx:
nginx:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json
datasource: Prometheus
nginx-request-handling-performance:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json
datasource: Prometheus
thanos:
thanos-bucket-replicate:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/bucket-replicate.json
datasource: Prometheus
thanos-compact:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/compact.json
datasource: Prometheus
thanos-overview:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/overview.json
datasource: Prometheus
thanos-query:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/query.json
datasource: Prometheus
thanos-query-frontend:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/query-frontend.json
datasource: Prometheus
thanos-receieve:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/receive.json
datasource: Prometheus
thanos-rule:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/rule.json
datasource: Prometheus
thanos-sidecar:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/sidecar.json
datasource: Prometheus
thanos-store:
url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/store.json
datasource: Prometheus
ingress:
enabled: true
annotations:
external-dns.alpha.kubernetes.io/target: ingress.valinor.social
ingressClassName: nginx
hosts:
- &host grafana.valinor.social
tls:
- hosts:
- *host
sidecar:
dashboards:
enabled: true
searchNamespace: ALL
labelValue: ""
label: grafana_dashboard
folderAnnotation: grafana_folder
provider:
disableDelete: true
foldersFromFilesStructure: true
datasources:
enabled: true
searchNamespace: ALL
labelValue: ""
plugins:
- natel-discrete-panel
- pr0ps-trackmap-panel
- grafana-piechart-panel
- vonage-status-panel
- grafana-worldmap-panel
- grafana-clock-panel
persistence:
enabled: false
testFramework:
enabled: false
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: grafana