Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Added grafana

Browse Source
This commit is contained in:
Dreaded_X 2024-12-30 05:54:52 +01:00
parent 95fce60e62
commit acf918bfc2
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
10 changed files with 191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apps/grafana/kustomization.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: grafana
resources:
- ./namespace.yaml
- ./repository.yaml
- ./release.yaml
- ./lldap.yaml
configurations:
- nameReference.yaml
secretGenerator:
- name: grafana-ldap-toml
files:
- ldap-toml

53
apps/grafana/ldap-toml Normal file
View File

@ -0,0 +1,53 @@
# This is only the ldap config, you also need to enable ldap support in the main config file
# of Grafana. See https://grafana.com/docs/grafana/latest/auth/ldap/#enable-ldap
# You can test that it is working correctly by trying usernames at: https://<your grafana instance>/admin/ldap
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "lldap.lldap.svc.cluster.local"
# Default port is 389 or 636 if use_ssl = true
port = 3890
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = false
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = false
# set to true if you want to skip SSL cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "uid=grafana,ou=people,dc=huizinga,dc=dev"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = """${LDAP_ADMIN_PASSWORD}"""
# User search filter
search_filter = "(&(|(uid=%s)(mail=%s))(objectClass=person))"
# If you want to limit to only users of a specific group use this instead:
# search_filter = "(&(uid=%s)(memberOf=cn=<your group>,ou=groups,dc=huizinga,dc=dev))"
# An array of base dns to search through
search_base_dns = ["dc=huizinga,dc=dev"]
# Specify names of the LDAP attributes your LDAP uses
[servers.attributes]
member_of = "memberOf"
email = "mail"
name = "givenName"
surname = "sn"
username = "uid"
# If you want to map your ldap groups to grafana's groups, see: https://grafana.com/docs/grafana/latest/auth/ldap/#group-mappings
# As a quick example, here is how you would map lldap's admin group to grafana's admin
[[servers.group_mappings]]
group_dn = "cn=lldap_admin,ou=groups,dc=huizinga,dc=dev"
org_role = "Admin"
grafana_admin = true
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"

60
apps/grafana/lldap.yaml Normal file
View File

@ -0,0 +1,60 @@
apiVersion: v1
kind: Secret
metadata:
name: grafana-lldap
type: Opaque
stringData:
password: ENC[AES256_GCM,data:0QolUQJaul0Hao4qJF/wxmV1APnwuJPMm/JgjdrPSr6edFTjED5jSt9lyio=,iv:faITYBBHrnHEnPn9zAK+y24AfXi9rZDZzu7RO9EBpX0=,tag:SI7sf2ORGYrbU1v3PdRYmw==,type:str]
user-configs.json: ENC[AES256_GCM,data:oshuHNNLYtNXbtkWw4oSpsxGRLNnOfCOJ9jFhKaPtgwYqCLEiOvw2AoWC7SBBv+gScBHDAbghwWJHP0ff2RSCNT6zGaAOinTOezErwmdpwA8A6JZY+EGh2+qnSkO6Eosy+tbWATUqAfZGmzqLzKlhF1Bleg2pc3pb3q9lzv4RWaizg0sFVKxfxaKJ98BRmq7blH7F47c+ybmkheZL10dBr9JLtfTsQ==,iv:KvJVCDyseQ82CQn2gUB3BM1MFVAMoZGWGqzrt8Tjmcs=,tag:FvyL72NYx4VRXdrzW4abdg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-12-30T03:11:38Z"
mac: ENC[AES256_GCM,data:XIV9UXqKcSkWRyPUBasswbfUFy7PKCjz3xqghmvk0Nin0l2GzrPfXvmiFb9Ytt8HduR7s+a4c609ZXlnXLQPHoM0w7I/4ELYTPzez4jgWPRSB3f4Oz5GDz0zKOzHqXJQec92YULhbUKeuQdBnTlMl+JMLuMX2C7t16HlI+WgWvA=,iv:5yfI/pBYYNNE5B5JICGUnk1t045abQaQYDJObZbXflc=,tag:LdU1tMHmelPGTG4bESxPPg==,type:str]
pgp:
- created_at: "2024-12-30T03:06:07Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7pKPTYH5bqOARAAqYYnP/oUVePG0EMSXrEY/IadyZoi49oMzMKVKATJoRti
CMoDSc9URIe9hW9aVzTj925qfh/e1bU3gYS1ghCxRXINHkVpgFZ7o/iVGL4bdeuU
QrGYxrm7/IZQUSNy5d4r1vO/n5lEdrcmX57N4LKYDUnF2+Vf/j3DILGzDFBTh3U2
GnlaFMPtabMzZpDz5U9hfGeLmz+63DKMQeExq4egKoeKf1RIVG3x1S9XpvpwAvvG
omZSvDaT44winp2T6HF70oqF5nF0ex3mBTrhsEdff+5o/cinT40WfOID239MUmzq
U7Rafx/tHM9CI4u646C0CIAAY7tS0jB+eud8btA+X1KyfSUegFwAm1FzL5w3ZI3/
kcGXgV0AbrjprqWCqBbWF8ZWoHN3RgEr7naYuo8Z0wMWLdW6IvW9CBvh+I1K1hDW
mFZ8fA4cW4kowzSr79wYd32w1lnfjuA8itr/paSzCKpF44GfpkZ470h55KiEwCij
92ChS+RshTjLGebIzE/5LOmJYGauU1jcJ9HtRvWIajprQ6Y8oJh1fCvendTkVK58
psGNoVsguj3Jf4OZ7PK8KMvxxG/dceYHDRKlQe78x3VhlwUC3N0jrPqmqzuo1SFT
07L0tRepxa1MokZzC4Vs+yEFoy7lF1VjMSmXQWkavqzuEkffU9y/3gABnR7UEvrU
aAEJAhA5mxWyM1zu7f0ppbyTaYd7wqpq7DO6uoCziYza7xE3hZ+fNLMssi/gctd5
E9O1e7yRtxQui1L4uVtrpW3o7RfE+UqtE2peUFcdW7Uja+URM4/G7kzadgDAQ1fj
8PqQ49TpHxYC
=eBq+
-----END PGP MESSAGE-----
fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
- created_at: "2024-12-30T03:06:07Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA51kG++kLewoARAApjAXIvzIxzFJgKTynZSQz36hBdz1silLW6iJF2I8rlll
tdw6Sez7m3ynta3dMU9m2rtA4yVNiDIOyW6HaKtNEAOSkaIfKDVTLt77a3ypZzVi
/mcJ94DmRqax/a8OInYIFKzKnH07ZF8uZ5NogRRCEd66AuUrymi0okNpKXYa/hw9
gJXmxzk5tzDqyoaDm4GraUQelE2CAFnML36nguc4HEwJsHvgnD+gEuAagDiLrdIU
LFNw39s+1wpstSjiWaOwZbl3XG9t+wBnUHpoN830cQE0hjib/XMtiH4D1EnHjxTr
wSRPEczLbe2Z1kpTHd2Zt/nFNsudtqViy2LgQDAkrlJL2YNbvWqfssMmPkVjDLeH
qh0cGKWJ3we+ad/pR60DBm2Q8RVzylqojn6o5sdOPlCh+cwI9Tiac6b3cdVYDAop
el4hbxGPojRw+BWGbrpTvu3H3zaTNA8Xwds1FIoisyTRIEISq9HGkbwFmtCXQGwN
R4qi151dUiuGDwkJlaVspbAu8uikV0ucZ7xR6+D6f3NUhyCeGiBz6gb48SZDJ0u8
IfcYu0HOzgeQzMn4X0vluxbFbIA4CxZlyy1I60YwHUSUvDGYFiJ7fDBSOnQeHUT9
2BSYlMsw0r5o8KZDPQ0vRVOCN7FC0lVZ+O4hSAfYJq7KdzD55HGFNZ1SgncUI3/S
XgGe/0g5rvyHi2Mc67Sl/6ooLL3AeelzTgOD1deMKO7inzfFfolETn42O09H3RL4
FVDaqZTgxRTo5vI0xy7tt8WzC2RnnKO04eCU2Fpzz/jORMD1YCOoAGuf5ZDsJbM=
=9p2Q
-----END PGP MESSAGE-----
fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
encrypted_regex: ^(data|stringData)$
version: 3.9.1

6
apps/grafana/nameReference.yaml Normal file
View File

@ -0,0 +1,6 @@
# This makes sure the field in the HelmRelease is recognized as a Secret
nameReference:
- kind: Secret
fieldSpecs:
- kind: HelmRelease
path: spec/values/ldap/existingSecret

4
apps/grafana/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: grafana

37
apps/grafana/release.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: grafana
spec:
chart:
spec:
chart: grafana
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: grafana
version: 8.8.2
interval: 15m
values:
replicas: 1
ingress:
enabled: true
hosts:
- grafana.${domain}
tls:
- secretName: ${domain//./-}-tls
envValueFrom:
LDAP_ADMIN_PASSWORD:
secretKeyRef:
name: grafana-lldap
key: password
grafana.ini:
auth.ldap:
enabled: true
ldap:
enabled: true
existingSecret: grafana-ldap-toml

7
apps/grafana/repository.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: grafana
spec:
interval: 15m
url: https://grafana.github.io/helm-charts

1
apps/kustomization.yaml
View File

@ -3,6 +3,7 @@ kind: Kustomization
resources: resources:
- ./lldap - ./lldap
- ./authelia - ./authelia
- ./grafana
- ./whoami.yaml - ./whoami.yaml
- ./akri-demo.yaml - ./akri-demo.yaml

5
apps/lldap/bootstrap/bootstrap-job.yaml
View File

@ -67,6 +67,11 @@ spec:
items: items:
- key: user-configs.json - key: user-configs.json
path: authelia-configs.json path: authelia-configs.json
- secret:
name: grafana-lldap
items:
- key: user-configs.json
path: grafana-configs.json
- name: group-configs - name: group-configs
projected: projected:

2
apps/lldap/bootstrap/kustomization.yaml
View File

@ -3,6 +3,8 @@ kind: Kustomization
resources: resources:
- ./bootstrap-job.yaml - ./bootstrap-job.yaml
- ../../authelia/lldap.yaml - ../../authelia/lldap.yaml
- ../../grafana/lldap.yaml
configMapGenerator: configMapGenerator:
- name: bootstrap - name: bootstrap
options: options: