charts,salt,build: Bump kube-prometheus-stack version to 16.9.1

Update kube-prometheus-stack chart to 16.9.1 ``` rm -rf charts/kube-prometheus-stack helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update helm fetch -d charts --untar prometheus-community/kube-prometheus-stack ``` Re-render chart to salt state using ``` ./charts/render.py prometheus-operator \ charts/kube-prometheus-stack.yaml \ charts/kube-prometheus-stack/ \ --namespace metalk8s-monitoring \ --service-config grafana \ metalk8s-grafana-config \ metalk8s/addons/prometheus-operator/config/grafana.yaml \ metalk8s-monitoring \ --service-config prometheus \ metalk8s-prometheus-config \ metalk8s/addons/prometheus-operator/config/prometheus.yaml \ metalk8s-monitoring \ --service-config alertmanager \ metalk8s-alertmanager-config \ metalk8s/addons/prometheus-operator/config/alertmanager.yaml \ metalk8s-monitoring \ --service-config dex \ metalk8s-dex-config \ metalk8s/addons/dex/config/dex.yaml.j2 metalk8s-auth \ --drop-prometheus-rules charts/drop-prometheus-rules.yaml \ > salt/metalk8s/addons/prometheus-operator/deployed/chart.sls ``` Update vendored rules Update alert rules extract ``` ./tools/rule_extractor/rule_extractor.py \ -i <control-plane-ip> -p 8443 -t rules ```
scality · Jun 25, 2021 · d8dad8b · d8dad8b
1 parent 4df3e8b
commit d8dad8b
Show file tree

Hide file tree

Showing 141 changed files with 11,678 additions and 21,103 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -28,17 +28,16 @@
   dex image from v2.27.0 to v2.28.1
   (PR[#3370](https://github.com/scality/metalk8s/pull/3370))
 
-- [#3279](https://github.com/scality/metalk8s/issues/3279) - Bump
-  kube-prometheus-stack charts version from 12.2.3 to 15.4.4.
+- Bump kube-prometheus-stack charts version to 16.9.1
   The following images have also been bumped accordingly:
-   - grafana from 7.3.5 to 7.5.5
-   - k8s-sidecar from 1.1.0 to 1.10.7
-   - kube-state-metrics from v1.9.7 to v1.9.8
-   - node-exporter from v1.0.1 to v1.1.2
-   - prometheus from v2.22.1 to v2.26.0
-   - prometheus-config-reloader fomr v0.43.2 to v0.47.0
-   - prometheus-operator from v0.43.2 to v0.47.0
-  (PR[#3360](https://github.com/scality/metalk8s/pull/3360))
+   - grafana to 8.0.1
+   - k8s-sidecar to 1.12.2
+   - kube-state-metrics to v2.0.0
+   - node-exporter to v1.1.2
+   - prometheus to v2.27.1
+   - prometheus-config-reloader to v0.48.1
+   - prometheus-operator to v0.48.1
+  (PR[#3422](https://github.com/scality/metalk8s/pull/3422))
 
 - [#3279](https://github.com/scality/metalk8s/issues/3279) - Bump
   ingress-nginx chart version from 3.13.0 to 3.30.0

diff --git a/buildchain/buildchain/constants.py b/buildchain/buildchain/constants.py
@@ -19,13 +19,13 @@
 # URLs of the main container repositories.
 CALICO_REPOSITORY: str = "docker.io/calico"
 COREDNS_REPOSITORY: str = "k8s.gcr.io/coredns"
-COREOS_REPOSITORY: str = "quay.io/coreos"
 DEX_REPOSITORY: str = "ghcr.io/dexidp"
 DOCKER_REPOSITORY: str = "docker.io/library"
 GOOGLE_REPOSITORY: str = "k8s.gcr.io"
 GRAFANA_REPOSITORY: str = "docker.io/grafana"
 INGRESS_REPOSITORY: str = "k8s.gcr.io/ingress-nginx"
-KIWIGRID_REPOSITORY: str = "docker.io/kiwigrid"
+KIWIGRID_REPOSITORY: str = "quay.io/kiwigrid"
+KUBE_STATE_METRICS_REPOSITORY: str = "k8s.gcr.io/kube-state-metrics"
 PROMETHEUS_ADAPTER_REPOSITORY: str = "docker.io/directxman12"
 PROMETHEUS_OPERATOR_REPOSITORY: str = "quay.io/prometheus-operator"
 PROMETHEUS_REPOSITORY: str = "quay.io/prometheus"

diff --git a/buildchain/buildchain/image.py b/buildchain/buildchain/image.py
@@ -181,9 +181,6 @@ def _operator_image(name: str, **kwargs: Any) -> targets.OperatorImage:
     constants.COREDNS_REPOSITORY: [
         "coredns",
     ],
-    constants.COREOS_REPOSITORY: [
-        "kube-state-metrics",
-    ],
     constants.DEX_REPOSITORY: [
         "dex",
     ],
@@ -209,6 +206,9 @@ def _operator_image(name: str, **kwargs: Any) -> targets.OperatorImage:
     constants.KIWIGRID_REPOSITORY: [
         "k8s-sidecar",
     ],
+    constants.KUBE_STATE_METRICS_REPOSITORY: [
+        "kube-state-metrics",
+    ],
     constants.PROMETHEUS_ADAPTER_REPOSITORY: [
         "k8s-prometheus-adapter-amd64",
     ],

diff --git a/buildchain/buildchain/versions.py b/buildchain/buildchain/versions.py
@@ -92,8 +92,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     # Remote images
     Image(
         name="alertmanager",
-        version="v0.21.0",
-        digest="sha256:24a5204b418e8fa0214cfb628486749003b039c279c56b5bddb5b10cd100d926",
+        version="v0.22.2",
+        digest="sha256:624c1a5063c7c80635081a504c3e1b020d89809651978eb5d0b652a394f3022d",
     ),
     Image(
         name="calico-node",
@@ -122,13 +122,13 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     ),
     Image(
         name="grafana",
-        version="7.5.5",
-        digest="sha256:075819791b43f30aab18497fff217d3aec918d7d55bf873818de6a916da04d54",
+        version="8.0.1",
+        digest="sha256:1c3e2fc7896adf9e33be5d062c08066087cb556f63b0a95f8aefe92bd37a6f38",
     ),
     Image(
         name="k8s-sidecar",
-        version="1.10.7",
-        digest="sha256:18feb3906286814364b2f42eeaf82649b4847a4d0a779222a613c79c9da7ad87",
+        version="1.12.2",
+        digest="sha256:ca760f94b35eb78575b170e41d1e19e27359b29245dacfd1c42ae90452ecc08e",
     ),
     Image(
         name="kube-apiserver",
@@ -152,8 +152,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     ),
     Image(
         name="kube-state-metrics",
-        version="v1.9.8",
-        digest="sha256:47d3a12d9da6699a9d95df8aaff235305229ef08203fae3fc1f1d47b2a409f89",
+        version="v2.0.0",
+        digest="sha256:eb2f41024a583e8795213726099c6f9432f2d64ab3754cc8ab8d00bdbc328910",
     ),
     Image(
         name="nginx",
@@ -182,8 +182,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     ),
     Image(
         name="prometheus",
-        version="v2.26.0",
-        digest="sha256:38d40a760569b1c5aec4a36e8a7f11e86299e9191b9233672a5d41296d8fa74e",
+        version="v2.27.1",
+        digest="sha256:5accb68b56ba452e449a5e552411acaeabbbe0f087acf19a1157ce3dd10a8bed",
     ),
     Image(
         name="k8s-prometheus-adapter-amd64",
@@ -192,13 +192,13 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     ),
     Image(
         name="prometheus-config-reloader",
-        version="v0.47.0",
-        digest="sha256:0029252e7cf8cf38fc58795928d4e1c746b9e609432a2ee5417a9cab4633b864",
+        version="v0.48.1",
+        digest="sha256:9bed3dae8023c7a83b906c6c8abd92900697fb3806f14b7f2dbfbc37fe4b7941",
     ),
     Image(
         name="prometheus-operator",
-        version="v0.47.0",
-        digest="sha256:89a2d121b1a8f9a4a45dd20fdcf081a4468a0a0ad4e0cbe1aa7fd289e5a85cb3",
+        version="v0.48.1",
+        digest="sha256:2e7b61c86ee8b0aef4f5da8b6a4e51ecef249c9ccf4a329c5aa0c81e3fd074c1",
     ),
     # Local images
     Image(

diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: kube-state-metrics
   repository: https://prometheus-community.github.io/helm-charts
-  version: 2.13.2
+  version: 3.1.1
 - name: prometheus-node-exporter
   repository: https://prometheus-community.github.io/helm-charts
-  version: 1.17.0
+  version: 1.18.1
 - name: grafana
   repository: https://grafana.github.io/helm-charts
-  version: 6.8.3
-digest: sha256:0891efa2b27146cbbde43ec58903f634f65153a7a19b811566bfbc276bf85891
-generated: "2021-05-05T00:44:27.452086517Z"
+  version: 6.13.0
+digest: sha256:3ca182deee748d72f0ad4d2a984c45eb1d2685018dc29d06a784e93cb281f776
+generated: "2021-06-17T14:10:55.043306+02:00"
diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
@@ -6,21 +6,24 @@ annotations:
       url: https://github.com/prometheus-operator/kube-prometheus
   artifacthub.io/operator: "true"
 apiVersion: v2
-appVersion: 0.47.0
+appVersion: 0.48.1
 dependencies:
 - condition: kubeStateMetrics.enabled
   name: kube-state-metrics
   repository: https://prometheus-community.github.io/helm-charts
-  version: 2.13.*
+  version: 3.1.*
 - condition: nodeExporter.enabled
   name: prometheus-node-exporter
   repository: https://prometheus-community.github.io/helm-charts
-  version: 1.17.*
+  version: 1.18.*
 - condition: grafana.enabled
   name: grafana
   repository: https://grafana.github.io/helm-charts
-  version: 6.8.*
-description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
+  version: 6.13.*
+description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
+  and Prometheus rules combined with documentation and scripts to provide easy to
+  operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
+  Operator.
 home: https://github.com/prometheus-operator/kube-prometheus
 icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
 keywords:
@@ -44,4 +47,4 @@ sources:
 - https://github.com/prometheus-community/helm-charts
 - https://github.com/prometheus-operator/kube-prometheus
 type: application
-version: 15.4.4
+version: 16.9.1
diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md
@@ -35,7 +35,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
 
 By default this chart installs additional, dependent charts:
 
-- [kubernetes/kube-state-metrics](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics)
+- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
 - [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
 - [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
 
@@ -83,6 +83,9 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
 
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
 
+### From 15.x to 16.x
+Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier.
+
 ### From 14.x to 15.x
 Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
 
@@ -392,7 +395,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   labels:
-    app: prometheus
+    app.kubernetes.io/name: prometheus
     prometheus: prometheus-migration-prometheus
   name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0
   namespace: monitoring

diff --git a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 7.5.5
+appVersion: 8.0.1
 description: The leading tool for querying and visualizing time series and metrics.
 home: https://grafana.net
 icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@@ -19,4 +19,4 @@ name: grafana
 sources:
 - https://github.com/grafana/grafana
 type: application
-version: 6.8.3
+version: 6.13.0
diff --git a/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kube-prometheus-stack/charts/grafana/README.md
@@ -83,7 +83,7 @@ This version requires Helm >= 3.1.0.
 | `ingress.path`                            | Ingress accepted path                         | `/`                                                     |
 | `ingress.pathType`                        | Ingress type of path                          | `Prefix`                                                |
 | `ingress.hosts`                           | Ingress accepted hostnames                    | `["chart-example.local"]`                                                    |
-| `ingress.extraPaths`                      | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`                                                    |
+| `ingress.extraPaths`                      | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]`                                                    |
 | `ingress.tls`                             | Ingress TLS configuration                     | `[]`                                                    |
 | `resources`                               | CPU/Memory resource requests/limits           | `{}`                                                    |
 | `nodeSelector`                            | Node labels for pod assignment                | `{}`                                                    |
@@ -136,7 +136,7 @@ This version requires Helm >= 3.1.0.
 | `podLabels`                               | Pod labels                                    | `{}`                                                    |
 | `podPortName`                             | Name of the grafana port on the pod           | `grafana`                                               |
 | `sidecar.image.repository`                | Sidecar image repository                      | `quay.io/kiwigrid/k8s-sidecar`                          |
-| `sidecar.image.tag`                       | Sidecar image tag                             | `1.10.7`                                                |
+| `sidecar.image.tag`                       | Sidecar image tag                             | `1.12.2`                                                |
 | `sidecar.image.sha`                       | Sidecar image sha (optional)                  | `""`                                                    |
 | `sidecar.imagePullPolicy`                 | Sidecar image pull policy                     | `IfNotPresent`                                          |
 | `sidecar.resources`                       | Sidecar resources                             | `{}`                                                    |

diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl
@@ -114,3 +114,16 @@ Return the appropriate apiVersion for rbac.
 {{- print "rbac.authorization.k8s.io/v1beta1" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Looks if there's an existing secret and reuse its password. If not it generates
+new password and use it.
+*/}}
+{{- define "grafana.password" -}}
+{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
+  {{- if $secret -}}
+    {{-  index $secret "data" "admin-password" -}}
+  {{- else -}}
+    {{- (randAlphaNum 40) | b64enc | quote -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl
@@ -313,14 +313,14 @@ containers:
         containerPort: 3000
         protocol: TCP
     env:
-      {{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
+      {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
       - name: GF_SECURITY_ADMIN_USER
         valueFrom:
           secretKeyRef:
             name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
             key: {{ .Values.admin.userKey | default "admin-user" }}
       {{- end }}
-      {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }}
+      {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
       - name: GF_SECURITY_ADMIN_PASSWORD
         valueFrom:
           secretKeyRef:
@@ -352,6 +352,14 @@ containers:
       - name: GF_RENDERING_CALLBACK_URL
         value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
       {{ end }}
+      - name: GF_PATHS_DATA
+        value: {{ (get .Values "grafana.ini").paths.data }}
+      - name: GF_PATHS_LOGS
+        value: {{ (get .Values "grafana.ini").paths.logs }}
+      - name: GF_PATHS_PLUGINS
+        value: {{ (get .Values "grafana.ini").paths.plugins }}
+      - name: GF_PATHS_PROVISIONING
+        value: {{ (get .Values "grafana.ini").paths.provisioning }}
     {{- range $key, $value := .Values.envValueFrom }}
       - name: {{ $key | quote }}
         valueFrom:

diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml
@@ -14,7 +14,9 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicas }}
+  {{- end }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   selector:
     matchLabels:
@@ -34,7 +36,7 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
         checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
-{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- end }}
 {{- if .Values.envRenderSecret }}

diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "grafana.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "grafana.name" . }}
+    helm.sh/chart: {{ template "grafana.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "grafana.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+{{ toYaml .Values.autoscaling.metrics | indent 4 }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml
@@ -1,4 +1,4 @@
-{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -17,7 +17,7 @@ data:
   {{- if .Values.adminPassword }}
   admin-password: {{ .Values.adminPassword | b64enc | quote }}
   {{- else }}
-  admin-password: {{ randAlphaNum 40 | b64enc | quote }}
+  admin-password: {{ template "grafana.password" . }}
   {{- end }}
   {{- end }}
   {{- if not .Values.ldap.existingSecret }}

diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml
@@ -27,7 +27,7 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
         checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
-  {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+  {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- end }}
 {{- with .Values.podAnnotations }}