kustomize grafana

grafana/kustomization.yaml

@@ -0,0 +1,71 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: grafana
+
+# spec: https://kubectl.docs.kubernetes.io/references/kustomize/builtins/#_helmchartinflationgenerator_
+helmCharts:
+- includeCRDs: true
+  name: &name grafana
+  releaseName: *name
+  repo: https://grafana.github.io/helm-charts
+  valuesInline: # https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml
+    ingress:
+      enabled: true
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+      hosts: [grafana.k-space.ee]
+      tls: [hosts: ["*.k-space.ee"]]
+    persistence:
+      inMemory:
+        enabled: true
+    grafana.ini:
+      log: {level: warn}
+      server:
+        root_url: https://grafana.k-space.ee/
+      security:
+        disable_initial_admin_creation: true
+      auth:
+        oauth_allow_insecure_email_lookup: true
+      auth.basic:
+          enabled: false
+      auth.generic_oauth:
+          enabled: true
+          auto_login: true
+          name: auth.k-space.ee
+          role_attribute_path: contains(groups[*], 'k-space:kubernetes:admins') && 'Admin' || contains(groups[*], 'k-space:floor') && 'Editor' || Viewer
+          allow_assign_grafana_admin: true
+          client_id: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_CLIENT_ID}
+          client_secret: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_CLIENT_SECRET}
+          scopes: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_AVAILABLE_SCOPES}
+          auth_url: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_IDP_AUTH_URI}
+          token_url: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_IDP_TOKEN_URI}
+          api_url: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_IDP_USERINFO_URI}
+          signout_redirect_url: $__file{/etc/secrets/oidc-client-grafana-owner-secrets/OIDC_IDP_URI}
+          use_pkce: true
+    extraSecretMounts:
+      - name: oidc-client-grafana-owner-secrets
+        secretName: oidc-client-grafana-owner-secrets
+        mountPath: /etc/secrets/oidc-client-grafana-owner-secrets
+        defaultMode: 0440
+        subPath: .
+        readOnly: true
+    envFromSecrets:
+     - name: grafana-database
+    datasources:
+      prometheus.yaml:
+        apiVersion: 1
+        prune: true
+        datasources:
+        - name: Prometheus
+          type: prometheus
+          url: http://prometheus-prometheus-server
+          orgId: 1
+          version: 1
+          editable: false
+  version: v9.2.10
+
+resources:
+- ./passmower.yaml
+- ssh://git@git.k-space.ee/secretspace/kube/grafana # secret: grafana-database