Dustin C. Hatch
35ff500812
Usually, Grafana datastores are configured using its web GUI. When setting up a datastore that requires TLS client authentication, the client certificate and private key have to be pasted into the form. For certificates that renew frequently, this method would require a frequent manual effort. Fortunately, Grafana supports defining datastores via its "provisioning" mechanism, reading the configuration from YAML files on the filesystem.
102 lines
2.2 KiB
YAML
102 lines
2.2 KiB
YAML
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: grafana
|
|
labels:
|
|
app.kubernetes.io/name: grafana
|
|
app.kubernetes.io/component: grafana
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: grafana
|
|
labels:
|
|
app.kubernetes.io/name: grafana
|
|
app.kubernetes.io/component: grafana
|
|
spec:
|
|
ports:
|
|
- port: 3000
|
|
name: grafana
|
|
selector:
|
|
app.kubernetes.io/name: grafana
|
|
app.kubernetes.io/component: grafana
|
|
clusterIP: None
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: grafana
|
|
labels:
|
|
app.kubernetes.io/name: grafana
|
|
app.kubernetes.io/component: grafana
|
|
spec:
|
|
serviceName: grafana
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: grafana
|
|
app.kubernetes.io/component: grafana
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: grafana
|
|
app.kubernetes.io/component: grafana
|
|
spec:
|
|
containers:
|
|
- name: grafana
|
|
image: docker.io/grafana/grafana:10.2.3
|
|
ports:
|
|
- containerPort: 3000
|
|
name: http
|
|
readinessProbe: &probe
|
|
httpGet:
|
|
port: http
|
|
path: /api/health
|
|
periodSeconds: 60
|
|
startupProbe:
|
|
<<: *probe
|
|
periodSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 30
|
|
timeoutSeconds: 1
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- mountPath: /etc/grafana
|
|
name: config
|
|
readOnly: true
|
|
- mountPath: /etc/grafana/provisioning/datasources
|
|
name: datasources
|
|
readOnly: true
|
|
- mountPath: /run/secrets/grafana
|
|
name: secrets
|
|
readOnly: true
|
|
- mountPath: /var/lib/grafana
|
|
name: grafana
|
|
subPath: data
|
|
securityContext:
|
|
fsGroup: 472
|
|
runAsNonRoot: true
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: grafana
|
|
- name: datasources
|
|
configMap:
|
|
name: datasources
|
|
optional: true
|
|
- name: grafana
|
|
persistentVolumeClaim:
|
|
claimName: grafana
|
|
- name: secrets
|
|
secret:
|
|
secretName: grafana
|