--- # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: grafana namespace: monitoring spec: chart: spec: chart: grafana interval: 30m sourceRef: kind: HelmRepository name: grafana namespace: flux-system version: 7.0.17 interval: 30m timeout: 20m maxHistory: 2 install: createNamespace: true remediation: retries: 3 upgrade: cleanupOnFail: true remediation: retries: 3 uninstall: keepHistory: false values: annotations: configmap.reloader.stakater.com/reload: grafana secret.reloader.stakater.com/reload: grafana-secrets replicas: 1 envFromSecret: grafana-secrets grafana.ini: analytics: check_for_updates: false check_for_plugin_updates: false reporting_enabled: false auth: oauth_auto_login: true oauth_allow_insecure_email_lookup: true signout_redirect_url: https://auth.hsn.dev/application/o/grafana/end-session/ auth.basic: enabled: false auth.anonymous: enabled: false auth.generic_oauth: enabled: true name: Authentik icon: signin scopes: openid profile email empty_scopes: false login_attribute_path: preferred_username groups_attribute_path: groups name_attribute_path: name use_pkce: true client_id: CoV7ae1HxuNzwCbVPf3U7TfYMX2rVqC5T9RAUo5M client_secret: # Set by env vars auth_url: https://auth.hsn.dev/application/o/authorize/ token_url: https://auth.hsn.dev/application/o/token/ api_url: https://auth.hsn.dev/application/o/userinfo/ # map user groups to Grafana roles role_attribute_path: | contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' date_formats: use_browser_locale: true explore: enabled: true news: news_feed_enabled: false panels: disable_sanitize_html: true security: allow_embedding: true cookie_samesite: grafana server: root_url: https://grafana.hsn.dev datasources: datasources.yaml: apiVersion: 1 deleteDatasources: - { name: Alertmanager, orgId: 1 } - { name: Loki, orgId: 1 } - { name: Prometheus, orgId: 1 } datasources: - name: Prometheus type: prometheus uid: prometheus access: proxy url: http://thanos-query-frontend.monitoring.svc.cluster.local:9090 jsonData: prometheusType: Thanos isDefault: true - name: Alertmanager type: alertmanager uid: alertmanager access: proxy url: http://alertmanager-operated.monitoring.svc.cluster.local:9093 jsonData: implementation: prometheus dashboardProviders: dashboardproviders.yaml: apiVersion: 1 providers: - name: default orgId: 1 folder: "" type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/default - name: ceph orgId: 1 folder: Ceph type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/ceph - name: flux orgId: 1 folder: Flux type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/flux - name: kubernetes orgId: 1 folder: Kubernetes type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/kubernetes - name: nginx orgId: 1 folder: Nginx type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/nginx - name: thanos orgId: 1 folder: Thanos type: file disableDeletion: false editable: true options: path: /var/lib/grafana/dashboards/thanos dashboards: default: external-dns: # renovate: depName="External-dns" gnetId: 15038 revision: 3 datasource: Prometheus # minio: # # renovate: depName="MinIO Dashboard" # gnetId: 13502 # revision: 24 # datasource: # - { name: DS_PROMETHEUS, value: Prometheus } # ceph: # ceph-cluster: # # renovate: depName="Ceph Cluster" # gnetId: 2842 # revision: 17 # datasource: Prometheus # ceph-osd: # # renovate: depName="Ceph - OSD (Single)" # gnetId: 5336 # revision: 9 # datasource: Prometheus # ceph-pools: # # renovate: depName="Ceph - Pools" # gnetId: 5342 # revision: 9 # datasource: Prometheus flux: flux-cluster: url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json datasource: Prometheus flux-control-plane: url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/control-plane.json datasource: Prometheus flux-logs: url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/logs.json datasource: Prometheus kubernetes: kubernetes-api-server: # renovate: depName="Kubernetes / System / API Server" gnetId: 15761 revision: 14 datasource: Prometheus kubernetes-coredns: # renovate: depName="Kubernetes / System / CoreDNS" gnetId: 15762 revision: 13 datasource: Prometheus kubernetes-global: # renovate: depName="Kubernetes / Views / Global" gnetId: 15757 revision: 31 datasource: Prometheus kubernetes-namespaces: # renovate: depName="Kubernetes / Views / Namespaces" gnetId: 15758 revision: 27 datasource: Prometheus kubernetes-nodes: # renovate: depName="Kubernetes / Views / Nodes" gnetId: 15759 revision: 19 datasource: Prometheus kubernetes-pods: # renovate: depName="Kubernetes / Views / Pods" gNetId: 15760 revision: 21 datasource: Prometheus kubernetes-volumes: # renovate: depName="K8s / Storage / Volumes / Cluster" gnetId: 11454 revision: 14 datasource: Prometheus nginx: nginx: url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json datasource: Prometheus nginx-request-handling-performance: url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json datasource: Prometheus thanos: thanos-bucket-replicate: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/bucket-replicate.json datasource: Prometheus thanos-compact: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/compact.json datasource: Prometheus thanos-overview: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/overview.json datasource: Prometheus thanos-query: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/query.json datasource: Prometheus thanos-query-frontend: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/query-frontend.json datasource: Prometheus thanos-receieve: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/receive.json datasource: Prometheus thanos-rule: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/rule.json datasource: Prometheus thanos-sidecar: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/sidecar.json datasource: Prometheus thanos-store: url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/store.json datasource: Prometheus ingress: enabled: true annotations: external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" ingressClassName: hsn-nginx hosts: - &host grafana.hsn.dev tls: - hosts: - *host sidecar: dashboards: enabled: true searchNamespace: ALL labelValue: "" label: grafana_dashboard folderAnnotation: grafana_folder provider: disableDelete: true foldersFromFilesStructure: true datasources: enabled: true searchNamespace: ALL labelValue: "" plugins: - natel-discrete-panel - pr0ps-trackmap-panel - grafana-piechart-panel - vonage-status-panel - grafana-worldmap-panel - grafana-clock-panel persistence: enabled: false testFramework: enabled: false topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app.kubernetes.io/name: grafana