# Source: grafana/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: grafana namespace: vynil-monitor labels: helm.sh/chart: grafana-7.3.2 app.kubernetes.io/name: grafana app.kubernetes.io/instance: grafana app.kubernetes.io/version: "10.3.3" app.kubernetes.io/managed-by: Helm spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: grafana app.kubernetes.io/instance: grafana strategy: type: RollingUpdate template: metadata: labels: app.kubernetes.io/name: grafana app.kubernetes.io/instance: grafana annotations: checksum/config: 0e9cbd0ea8e24e32f7dfca5bab17a2ba05652642f0a09a4882833ae88e4cc4a3 checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c kubectl.kubernetes.io/default-container: grafana spec: serviceAccountName: grafana automountServiceAccountToken: false securityContext: fsGroup: 472 runAsGroup: 472 runAsNonRoot: true runAsUser: 472 initContainers: - name: init-chown-data image: "docker.io/library/busybox:1.31.1" imagePullPolicy: IfNotPresent securityContext: capabilities: add: - CHOWN runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault command: - chown - -R - 472:472 - /var/lib/grafana volumeMounts: - name: storage mountPath: "/var/lib/grafana" enableServiceLinks: true containers: - name: grafana-sc-dashboard image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "grafana_dashboard" - name: FOLDER value: "/tmp/dashboards" - name: RESOURCE value: "both" - name: REQ_USERNAME valueFrom: secretKeyRef: name: grafana-admin-user key: username - name: REQ_PASSWORD valueFrom: secretKeyRef: name: grafana-admin-user key: password - name: REQ_URL value: http://localhost:3000/api/admin/provisioning/dashboards/reload - name: REQ_METHOD value: POST securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: sc-dashboard-volume mountPath: "/tmp/dashboards" - name: grafana-sc-datasources image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "grafana_datasource" - name: FOLDER value: "/etc/grafana/provisioning/datasources" - name: RESOURCE value: "both" - name: REQ_USERNAME valueFrom: secretKeyRef: name: grafana-admin-user key: username - name: REQ_PASSWORD valueFrom: secretKeyRef: name: grafana-admin-user key: password - name: REQ_URL value: http://localhost:3000/api/admin/provisioning/datasources/reload - name: REQ_METHOD value: POST securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" - name: grafana-sc-notifiers image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "grafana_notifier" - name: FOLDER value: "/etc/grafana/provisioning/notifiers" - name: RESOURCE value: "both" - name: REQ_USERNAME valueFrom: secretKeyRef: name: grafana-admin-user key: username - name: REQ_PASSWORD valueFrom: secretKeyRef: name: grafana-admin-user key: password - name: REQ_URL value: http://localhost:3000/api/admin/provisioning/notifications/reload - name: REQ_METHOD value: POST securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" - name: grafana-sc-plugins image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" imagePullPolicy: IfNotPresent env: - name: METHOD value: WATCH - name: LABEL value: "grafana_plugin" - name: FOLDER value: "/etc/grafana/provisioning/plugins" - name: RESOURCE value: "both" - name: REQ_USERNAME valueFrom: secretKeyRef: name: grafana-admin-user key: username - name: REQ_PASSWORD valueFrom: secretKeyRef: name: grafana-admin-user key: password - name: REQ_URL value: http://localhost:3000/api/admin/provisioning/plugins/reload - name: REQ_METHOD value: POST securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: sc-plugins-volume mountPath: "/etc/grafana/provisioning/plugins" - name: grafana image: "docker.io/grafana/grafana:10.3.3" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumeMounts: - name: config mountPath: "/etc/grafana/grafana.ini" subPath: grafana.ini - name: storage mountPath: "/var/lib/grafana" - name: sc-dashboard-volume mountPath: "/tmp/dashboards" - name: sc-dashboard-provider mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" subPath: provider.yaml - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" - name: sc-plugins-volume mountPath: "/etc/grafana/provisioning/plugins" - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" ports: - name: grafana containerPort: 3000 protocol: TCP - name: gossip-tcp containerPort: 9094 protocol: TCP - name: gossip-udp containerPort: 9094 protocol: UDP env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: name: grafana-admin-user key: username - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: name: grafana-admin-user key: password - name: GF_PATHS_DATA value: /var/lib/grafana/ - name: GF_PATHS_LOGS value: /var/log/grafana - name: GF_PATHS_PLUGINS value: /var/lib/grafana/plugins - name: GF_PATHS_PROVISIONING value: /etc/grafana/provisioning livenessProbe: failureThreshold: 10 httpGet: path: /api/health port: 3000 initialDelaySeconds: 60 timeoutSeconds: 30 readinessProbe: httpGet: path: /api/health port: 3000 volumes: - name: config configMap: name: grafana - name: storage persistentVolumeClaim: claimName: grafana - name: sc-dashboard-volume emptyDir: {} - name: sc-dashboard-provider configMap: name: grafana-config-dashboards - name: sc-datasources-volume emptyDir: {} - name: sc-plugins-volume emptyDir: {} - name: sc-notifiers-volume emptyDir: {}