74 lines
1.8 KiB
YAML
74 lines
1.8 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: grafana
|
|
spec:
|
|
chart:
|
|
spec:
|
|
chart: grafana
|
|
reconcileStrategy: ChartVersion
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: grafana
|
|
version: 8.8.2
|
|
interval: 15m
|
|
values:
|
|
replicas: 2
|
|
|
|
ingress:
|
|
enabled: true
|
|
hosts:
|
|
- grafana.${domain}
|
|
tls:
|
|
- secretName: ${domain//./-}-tls
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
|
|
traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
|
|
envValueFrom:
|
|
BIND_DN:
|
|
secretKeyRef:
|
|
name: grafana-lldap-credentials
|
|
key: bind_dn
|
|
LDAP_PASSWORD:
|
|
secretKeyRef:
|
|
name: grafana-lldap-credentials
|
|
key: password
|
|
|
|
grafana.ini:
|
|
auth.ldap:
|
|
enabled: true
|
|
|
|
auth.proxy:
|
|
enabled: true
|
|
header_name: Remote-User
|
|
header_property: username
|
|
auto_sign_up: true
|
|
headers: Groups:Remote-Group
|
|
enable_login_token: false
|
|
sync_ttl: 0
|
|
signout_redirect_url: https://login.${domain}/logout?rd=https://grafana.${domain}
|
|
|
|
database:
|
|
type: postgres
|
|
host: $__file{/etc/secrets/db/host}
|
|
name: $__file{/etc/secrets/db/dbname}
|
|
user: $__file{/etc/secrets/db/user}
|
|
password: $__file{/etc/secrets/db/password}
|
|
|
|
remote_cache:
|
|
type: redis
|
|
connstr: addr=dragonflydb.grafana:6379
|
|
|
|
ldap:
|
|
enabled: true
|
|
existingSecret: grafana-ldap-toml
|
|
|
|
extraSecretMounts:
|
|
- name: postgres-app-mount
|
|
secretName: postgres-app
|
|
defaultMode: 0440
|
|
mountPath: /etc/secrets/db
|
|
readOnly: true
|