From 90c20843d7939cc2521c2591c2a47061de3c854f Mon Sep 17 00:00:00 2001 From: st Date: Tue, 25 Jun 2024 11:25:42 +0200 Subject: [PATCH 1/9] feat(base-cluster/grafana): add persistence and configuration options to grafana --- .../_grafana-config.yaml | 32 ++++++------------- .../kube-prometheus-stack/_helpers.yaml | 25 +++++++++++++++ charts/base-cluster/values.schema.json | 14 +++++++- charts/base-cluster/values.yaml | 3 ++ 4 files changed, 51 insertions(+), 23 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index 266c195cb..eb53c3146 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -13,6 +13,11 @@ securityContext: type: RuntimeDefault containerSecurityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 2 }} resources: {{- include "common.resources" .Values.monitoring.grafana | nindent 2 }} +{{- if .Values.monitoring.grafana.persistence.enabled }} +persistence: + enabled: true + size: {{ .Values.monitoring.grafana.persistence.size | default "10Gi" }} +{{- end }} serviceMonitor: interval: "30s" labels: {{- toYaml .Values.monitoring.labels | nindent 4 }} @@ -146,28 +151,11 @@ envValueFrom: optional: false {{- end }} grafana.ini: - auth: - signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} - {{- with .Values.global.authentication }} - {{- if .config.clientId }} - {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath}} - oauth_auto_login: true - disable_login_form: false - auth.generic_oauth: - enabled: true - allow_sign_up: true - api_url: {{ printf "%s%s" $issuerUrl .grafana.apiPath }} - auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }} - token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }} - client_id: {{ .config.clientId }} - client_secret: ${OIDC_CLIENT_SECRET} - name: OAuth - role_attribute_path: {{ .grafana.roleAttributePath | quote }} - scopes: openid profile email - {{- end }} - {{- end }} - server: - root_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} +{{- if $.Values.monitoring.grafana.config -}} + {{ merge $.Values.monitoring.grafana.config (include "base-cluster.grafana.config" $ | fromYaml) | toYaml | nindent 4 -}} +{{- else -}} + {{ include "base-cluster.grafana.config" $ | nindent 4 -}} +{{- end }} {{- end }} downloadDashboards: securityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 4 }} diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml index 51ce23289..153873cac 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml @@ -18,6 +18,31 @@ ingress: {{- end -}} {{- end -}} +{{- define "base-cluster.grafana.config" -}} + auth: + signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} + {{- with .Values.global.authentication }} + {{- if .config.clientId }} + {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath}} + oauth_auto_login: true + disable_login_form: false + auth.generic_oauth: + enabled: true + allow_sign_up: true + api_url: {{ printf "%s%s" $issuerUrl .grafana.apiPath }} + auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }} + token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }} + client_id: {{ .config.clientId }} + client_secret: ${OIDC_CLIENT_SECRET} + name: OAuth + role_attribute_path: {{ .grafana.roleAttributePath | quote }} + scopes: openid profile email + {{- end }} + {{- end }} + server: + root_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} +{{- end -}} + {{- define "base-cluster.prometheus-stack.containerSecurityContext" -}} capabilities: drop: diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json index 67909ecc2..94263dd99 100644 --- a/charts/base-cluster/values.schema.json +++ b/charts/base-cluster/values.schema.json @@ -798,7 +798,19 @@ "resources": { "$ref": "#/$defs/resourceRequirements" }, - "sidecar": { + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "size": { + "$ref": "#/$defs/quantity" + } + }, + "additionalProperties": false + }, + "sidecar": { "type": "object", "properties": { "resourcesPreset": { diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml index 276d4f4d0..171f2cf45 100644 --- a/charts/base-cluster/values.yaml +++ b/charts/base-cluster/values.yaml @@ -215,6 +215,9 @@ monitoring: notifiers: [] resourcesPreset: nano resources: {} + persistence: + enabled: false + config: {} sidecar: resourcesPreset: nano resources: {} From 0fc25b9cd6d67836c162e4d45c544b2a63e1f00b Mon Sep 17 00:00:00 2001 From: Sven Tasche Date: Tue, 25 Jun 2024 14:04:03 +0200 Subject: [PATCH 2/9] fix(base-cluster): add suggestion Co-authored-by: Chris Werner Rau --- .../monitoring/kube-prometheus-stack/_grafana-config.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index eb53c3146..c7a93ac06 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -151,11 +151,7 @@ envValueFrom: optional: false {{- end }} grafana.ini: -{{- if $.Values.monitoring.grafana.config -}} - {{ merge $.Values.monitoring.grafana.config (include "base-cluster.grafana.config" $ | fromYaml) | toYaml | nindent 4 -}} -{{- else -}} - {{ include "base-cluster.grafana.config" $ | nindent 4 -}} -{{- end }} + {{ merge ($.Values.monitoring.grafana.config | default (dict)) (include "base-cluster.grafana.config" $ | fromYaml) | toYaml | nindent 4 -}} {{- end }} downloadDashboards: securityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 4 }} From f09b4583394cd0bb69e738da41a0539a328e96d5 Mon Sep 17 00:00:00 2001 From: st Date: Tue, 25 Jun 2024 14:29:05 +0200 Subject: [PATCH 3/9] fix(base-cluster/grafana): add missing storageclass to grafana persistence --- .../monitoring/kube-prometheus-stack/_grafana-config.yaml | 1 + charts/base-cluster/values.schema.json | 3 +++ 2 files changed, 4 insertions(+) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index c7a93ac06..70f66d3fc 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -17,6 +17,7 @@ resources: {{- include "common.resources" .Values.monitoring.grafana | nindent 2 persistence: enabled: true size: {{ .Values.monitoring.grafana.persistence.size | default "10Gi" }} + storageClassName: {{ .Values.monitoring.grafana.persistence.storageClassName | default "default" }} {{- end }} serviceMonitor: interval: "30s" diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json index 94263dd99..fa7215235 100644 --- a/charts/base-cluster/values.schema.json +++ b/charts/base-cluster/values.schema.json @@ -806,6 +806,9 @@ }, "size": { "$ref": "#/$defs/quantity" + }, + "storageClassName": { + "type": "string" } }, "additionalProperties": false From 3f223443cec15c575a2d9b9fa422e7546da690a9 Mon Sep 17 00:00:00 2001 From: st Date: Wed, 26 Jun 2024 14:01:30 +0200 Subject: [PATCH 4/9] fix(base-cluster/grafana): refactoring of storageclass and grafana.ini --- .../_grafana-config.yaml | 28 ++++++++++++++++++- .../kube-prometheus-stack/_helpers.yaml | 25 ----------------- 2 files changed, 27 insertions(+), 26 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index 70f66d3fc..57a0a565b 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -1,3 +1,28 @@ +{{- define "base-cluster.grafana.config" -}} +auth: + signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} + {{- with .Values.global.authentication }} + {{- if .config.clientId }} + {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath}} + oauth_auto_login: true + disable_login_form: false + auth.generic_oauth: + enabled: true + allow_sign_up: true + api_url: {{ printf "%s%s" $issuerUrl .grafana.apiPath }} + auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }} + token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }} + client_id: {{ .config.clientId }} + client_secret: ${OIDC_CLIENT_SECRET} + name: OAuth + role_attribute_path: {{ .grafana.roleAttributePath | quote }} + scopes: openid profile email + {{- end }} + {{- end }} + server: + root_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} +{{- end -}} + {{- define "base-cluster.prometheus-stack.grafana.config" -}} imageRenderer: enabled: true @@ -17,7 +42,8 @@ resources: {{- include "common.resources" .Values.monitoring.grafana | nindent 2 persistence: enabled: true size: {{ .Values.monitoring.grafana.persistence.size | default "10Gi" }} - storageClassName: {{ .Values.monitoring.grafana.persistence.storageClassName | default "default" }} + {{- $storageClass := include "common.storage.class" (dict "persistence" .Values.storage.readWriteMany.persistence "global" $.Values.global) | fromYaml -}} + storageClassName: {{ $storageClass.storageClassName | default "default" | quote }} {{- end }} serviceMonitor: interval: "30s" diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml index 153873cac..51ce23289 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml @@ -18,31 +18,6 @@ ingress: {{- end -}} {{- end -}} -{{- define "base-cluster.grafana.config" -}} - auth: - signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} - {{- with .Values.global.authentication }} - {{- if .config.clientId }} - {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath}} - oauth_auto_login: true - disable_login_form: false - auth.generic_oauth: - enabled: true - allow_sign_up: true - api_url: {{ printf "%s%s" $issuerUrl .grafana.apiPath }} - auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }} - token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }} - client_id: {{ .config.clientId }} - client_secret: ${OIDC_CLIENT_SECRET} - name: OAuth - role_attribute_path: {{ .grafana.roleAttributePath | quote }} - scopes: openid profile email - {{- end }} - {{- end }} - server: - root_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} -{{- end -}} - {{- define "base-cluster.prometheus-stack.containerSecurityContext" -}} capabilities: drop: From dbc5d929eec7c3ef45348b71890d2c1c3f678a99 Mon Sep 17 00:00:00 2001 From: Sven Tasche Date: Thu, 27 Jun 2024 10:29:54 +0200 Subject: [PATCH 5/9] fix(base-cluster/grafana): refactor persistence config Co-authored-by: Chris Werner Rau --- .../monitoring/kube-prometheus-stack/_grafana-config.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index 57a0a565b..e2fbe02fc 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -39,11 +39,9 @@ securityContext: containerSecurityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 2 }} resources: {{- include "common.resources" .Values.monitoring.grafana | nindent 2 }} {{- if .Values.monitoring.grafana.persistence.enabled }} -persistence: +persistence: {{- include "common.storage.class" (dict "persistence" .Values.monitoring.grafana.persistence "global" $.Values.global) | nindent 2 }} enabled: true - size: {{ .Values.monitoring.grafana.persistence.size | default "10Gi" }} - {{- $storageClass := include "common.storage.class" (dict "persistence" .Values.storage.readWriteMany.persistence "global" $.Values.global) | fromYaml -}} - storageClassName: {{ $storageClass.storageClassName | default "default" | quote }} + size: {{ .Values.monitoring.grafana.persistence.size }} {{- end }} serviceMonitor: interval: "30s" From 9d7b0f5145d8d58fe7800db196d00df286134a97 Mon Sep 17 00:00:00 2001 From: Sven Tasche Date: Thu, 27 Jun 2024 10:31:09 +0200 Subject: [PATCH 6/9] feat(base-cluster/grafana): rename grafana.ini function Co-authored-by: Chris Werner Rau --- .../monitoring/kube-prometheus-stack/_grafana-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index e2fbe02fc..a7fb7fbb4 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -1,4 +1,4 @@ -{{- define "base-cluster.grafana.config" -}} +{{- define "base-cluster.prometheus-stack.grafana.ini" -}} auth: signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} {{- with .Values.global.authentication }} @@ -176,7 +176,7 @@ envValueFrom: optional: false {{- end }} grafana.ini: - {{ merge ($.Values.monitoring.grafana.config | default (dict)) (include "base-cluster.grafana.config" $ | fromYaml) | toYaml | nindent 4 -}} + {{ merge ($.Values.monitoring.grafana.config | default (dict)) (include "base-cluster.prometheus-stack.grafana.ini" $ | fromYaml) | toYaml | nindent 4 -}} {{- end }} downloadDashboards: securityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 4 }} From 5e5fbc2cf0f26bfedf5a63a1bce2672379021298 Mon Sep 17 00:00:00 2001 From: st Date: Thu, 27 Jun 2024 14:34:14 +0200 Subject: [PATCH 7/9] fix(base-cluster/grafana): add default size for grafana persistence --- charts/base-cluster/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml index 171f2cf45..924d1231b 100644 --- a/charts/base-cluster/values.yaml +++ b/charts/base-cluster/values.yaml @@ -217,6 +217,7 @@ monitoring: resources: {} persistence: enabled: false + size: 10Gi config: {} sidecar: resourcesPreset: nano From 5989268b3fbbd1e2de1c09a9e108f32bd59fa783 Mon Sep 17 00:00:00 2001 From: st Date: Fri, 28 Jun 2024 11:49:10 +0200 Subject: [PATCH 8/9] feat(base-cluster/grafana): refactor grafana.ini creation --- .../_grafana-config.yaml | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index a7fb7fbb4..6638b6bc6 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -1,9 +1,16 @@ -{{- define "base-cluster.prometheus-stack.grafana.ini" -}} +{{- define "base-cluster.prometheus-stack.grafana.ini.ingress" -}} + {{- $host := printf "https://%s" (include "base-cluster.grafana.host" .context) -}} +auth: + signout_redirect_url: {{ $host }} + server: + root_url: {{ $host }} +{{- end -}} + +{{- define "base-cluster.prometheus-stack.grafana.ini.oauth" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} + {{- with .Values.global.authentication -}} + {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath -}} auth: - signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} - {{- with .Values.global.authentication }} - {{- if .config.clientId }} - {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath}} oauth_auto_login: true disable_login_form: false auth.generic_oauth: @@ -17,10 +24,7 @@ auth: name: OAuth role_attribute_path: {{ .grafana.roleAttributePath | quote }} scopes: openid profile email - {{- end }} - {{- end }} - server: - root_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} + {{- end -}} {{- end -}} {{- define "base-cluster.prometheus-stack.grafana.config" -}} @@ -166,8 +170,11 @@ dashboards: {{ toYaml . | nindent 4 }} {{- end }} {{- include "base-cluster.monitoring.ingress" (dict "name" "grafana" "context" $) | nindent 0 }} +{{- $grafanaIni := .Values.monitoring.grafana.config | default (dict) }} {{- if and .Values.ingress.enabled .Values.monitoring.grafana.ingress.enabled .Values.certManager.email (or .Values.global.baseDomain .Values.monitoring.grafana.ingress.customDomain) }} - {{- if .Values.global.authentication }} + {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.ingress" (dict "context" $) | fromYaml) }} + {{- if .Values.global.authentication.config }} + {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.oauth" (dict "context" $) | fromYaml) }} envValueFrom: OIDC_CLIENT_SECRET: secretKeyRef: @@ -175,8 +182,9 @@ envValueFrom: name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "oauth-proxy" "context" $) }} optional: false {{- end }} -grafana.ini: - {{ merge ($.Values.monitoring.grafana.config | default (dict)) (include "base-cluster.prometheus-stack.grafana.ini" $ | fromYaml) | toYaml | nindent 4 -}} +{{- end }} +{{- if $grafanaIni }} +grafana.ini: {{- $grafanaIni | toYaml | nindent 2 }} {{- end }} downloadDashboards: securityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 4 }} From f0061f100379ed6490bd45f4fac0e64c837badbb Mon Sep 17 00:00:00 2001 From: Sven Tasche Date: Fri, 28 Jun 2024 14:52:53 +0200 Subject: [PATCH 9/9] fix(base-cluster/grafana): fix lintin issues Co-authored-by: Chris Werner Rau --- .../monitoring/kube-prometheus-stack/_grafana-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index 6638b6bc6..8e7686b7d 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -1,9 +1,9 @@ {{- define "base-cluster.prometheus-stack.grafana.ini.ingress" -}} {{- $host := printf "https://%s" (include "base-cluster.grafana.host" .context) -}} +server: + root_url: {{ $host }} auth: signout_redirect_url: {{ $host }} - server: - root_url: {{ $host }} {{- end -}} {{- define "base-cluster.prometheus-stack.grafana.ini.oauth" -}}