feat(base-cluster/grafana): add persistence and configuration options (…

…#999) --------- Co-authored-by: Chris Werner Rau <[email protected]>
teutonet · Jun 28, 2024 · a7cead4 · a7cead4
1 parent 1df0475
commit a7cead4
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 25 deletions.
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml
@@ -1,3 +1,32 @@
+{{- define "base-cluster.prometheus-stack.grafana.ini.ingress" -}}
+ {{- $host := printf "https://%s" (include "base-cluster.grafana.host" .context) -}}
+server:
+ root_url: {{ $host }}
+auth:
+ signout_redirect_url: {{ $host }}
+{{- end -}}
+
+{{- define "base-cluster.prometheus-stack.grafana.ini.oauth" -}}
+ {{- $_ := mustMerge . (pick .context "Values") -}}
+ {{- with .Values.global.authentication -}}
+ {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath -}}
+auth:
+ oauth_auto_login: true
+ disable_login_form: false
+ auth.generic_oauth:
+ enabled: true
+ allow_sign_up: true
+ api_url: {{ printf "%s%s" $issuerUrl .grafana.apiPath }}
+ auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }}
+ token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }}
+ client_id: {{ .config.clientId }}
+ client_secret: ${OIDC_CLIENT_SECRET}
+ name: OAuth
+ role_attribute_path: {{ .grafana.roleAttributePath | quote }}
+ scopes: openid profile email
+ {{- end -}}
+{{- end -}}
+
 {{- define "base-cluster.prometheus-stack.grafana.config" -}}
 imageRenderer:
  enabled: true
@@ -13,6 +42,11 @@ securityContext:
  type: RuntimeDefault
 containerSecurityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 2 }}
 resources: {{- include "common.resources" .Values.monitoring.grafana | nindent 2 }}
+{{- if .Values.monitoring.grafana.persistence.enabled }}
+persistence: {{- include "common.storage.class" (dict "persistence" .Values.monitoring.grafana.persistence "global" $.Values.global) | nindent 2 }}
+ enabled: true
+ size: {{ .Values.monitoring.grafana.persistence.size }}
+{{- end }}
 serviceMonitor:
  interval: "30s"
  labels: {{- toYaml .Values.monitoring.labels | nindent 4 }}
@@ -136,38 +170,21 @@ dashboards:
  {{ toYaml . | nindent 4 }}
  {{- end }}
 {{- include "base-cluster.monitoring.ingress" (dict "name" "grafana" "context" $) | nindent 0 }}
+{{- $grafanaIni := .Values.monitoring.grafana.config | default (dict) }}
 {{- if and .Values.ingress.enabled .Values.monitoring.grafana.ingress.enabled .Values.certManager.email (or .Values.global.baseDomain .Values.monitoring.grafana.ingress.customDomain) }}
- {{- if .Values.global.authentication }}
+ {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.ingress" (dict "context" $) | fromYaml) }}
+ {{- if .Values.global.authentication.config }}
+ {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.oauth" (dict "context" $) | fromYaml) }}
 envValueFrom:
  OIDC_CLIENT_SECRET:
  secretKeyRef:
  key: client-secret
  name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "oauth-proxy" "context" $) }}
  optional: false
  {{- end }}
-grafana.ini:
- auth:
- signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }}
- {{- with .Values.global.authentication }}
- {{- if .config.clientId }}
- {{- $issuerUrl := printf "https://%s%s" .config.issuerHost .config.issuerPath}}
- oauth_auto_login: true
- disable_login_form: false
- auth.generic_oauth:
- enabled: true
- allow_sign_up: true
- api_url: {{ printf "%s%s" $issuerUrl .grafana.apiPath }}
- auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }}
- token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }}
- client_id: {{ .config.clientId }}
- client_secret: ${OIDC_CLIENT_SECRET}
- name: OAuth
- role_attribute_path: {{ .grafana.roleAttributePath | quote }}
- scopes: openid profile email
- {{- end }}
- {{- end }}
- server:
- root_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }}
+{{- end }}
+{{- if $grafanaIni }}
+grafana.ini: {{- $grafanaIni | toYaml | nindent 2 }}
 {{- end }}
 downloadDashboards:
  securityContext: {{- include "base-cluster.prometheus-stack.containerSecurityContext" (dict) | nindent 4 }}

diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json
@@ -798,7 +798,22 @@
  "resources": {
  "$ref": "#/$defs/resourceRequirements"
  },
- "sidecar": {
+ "persistence": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "size": {
+ "$ref": "#/$defs/quantity"
+ },
+ "storageClassName": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false
+ },
+ "sidecar": {
  "type": "object",
  "properties": {
  "resourcesPreset": {

diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml
@@ -215,6 +215,10 @@ monitoring:
  notifiers: []
  resourcesPreset: nano
  resources: {}
+ persistence:
+ enabled: false
+ size: 10Gi
+ config: {}
  sidecar:
  resourcesPreset: nano
  resources: {}