fix

2024-01-28 10:02:31 +01:00
parent 0961759af7
commit 8a214e997c
162 changed files with 8560 additions and 0 deletions
--- a/monitor/grafana/apps_v1_Deployment_grafana.yaml
+++ b/monitor/grafana/apps_v1_Deployment_grafana.yaml
@@ -0,0 +1,298 @@
+# Source: grafana/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana
+  namespace: vynil-monitor
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: grafana
+      app.kubernetes.io/instance: grafana
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: grafana
+        app.kubernetes.io/instance: grafana
+      annotations:
+        checksum/config: 0e9cbd0ea8e24e32f7dfca5bab17a2ba05652642f0a09a4882833ae88e4cc4a3
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        kubectl.kubernetes.io/default-container: grafana
+    spec:
+      
+      serviceAccountName: grafana
+      automountServiceAccountToken: true
+      securityContext:
+        fsGroup: 472
+        runAsGroup: 472
+        runAsNonRoot: true
+        runAsUser: 472
+      initContainers:
+        - name: init-chown-data
+          image: "docker.io/library/busybox:1.31.1"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              add:
+              - CHOWN
+            runAsNonRoot: false
+            runAsUser: 0
+            seccompProfile:
+              type: RuntimeDefault
+          command:
+            - chown
+            - -R
+            - 472:472
+            - /var/lib/grafana
+          volumeMounts:
+            - name: storage
+              mountPath: "/var/lib/grafana"
+      enableServiceLinks: true
+      containers:
+        - name: grafana-sc-dashboard
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: METHOD
+              value: WATCH
+            - name: LABEL
+              value: "grafana_dashboard"
+            - name: FOLDER
+              value: "/tmp/dashboards"
+            - name: RESOURCE
+              value: "both"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: username
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - name: sc-dashboard-volume
+              mountPath: "/tmp/dashboards"
+        - name: grafana-sc-datasources
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: METHOD
+              value: WATCH
+            - name: LABEL
+              value: "grafana_datasource"
+            - name: FOLDER
+              value: "/etc/grafana/provisioning/datasources"
+            - name: RESOURCE
+              value: "both"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: username
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/datasources/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - name: sc-datasources-volume
+              mountPath: "/etc/grafana/provisioning/datasources"
+        - name: grafana-sc-notifiers
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: METHOD
+              value: WATCH
+            - name: LABEL
+              value: "grafana_notifier"
+            - name: FOLDER
+              value: "/etc/grafana/provisioning/notifiers"
+            - name: RESOURCE
+              value: "both"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: username
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/notifications/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - name: sc-notifiers-volume
+              mountPath: "/etc/grafana/provisioning/notifiers"
+        - name: grafana-sc-plugins
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: METHOD
+              value: WATCH
+            - name: LABEL
+              value: "grafana_plugin"
+            - name: FOLDER
+              value: "/etc/grafana/provisioning/plugins"
+            - name: RESOURCE
+              value: "both"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: username
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/plugins/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - name: sc-plugins-volume
+              mountPath: "/etc/grafana/provisioning/plugins"
+        - name: grafana
+          image: "docker.io/grafana/grafana:10.2.3"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - name: config
+              mountPath: "/etc/grafana/grafana.ini"
+              subPath: grafana.ini
+            - name: storage
+              mountPath: "/var/lib/grafana"
+            - name: sc-dashboard-volume
+              mountPath: "/tmp/dashboards"
+            - name: sc-dashboard-provider
+              mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
+              subPath: provider.yaml
+            - name: sc-datasources-volume
+              mountPath: "/etc/grafana/provisioning/datasources"
+            - name: sc-plugins-volume
+              mountPath: "/etc/grafana/provisioning/plugins"
+            - name: sc-notifiers-volume
+              mountPath: "/etc/grafana/provisioning/notifiers"
+          ports:
+            - name: grafana
+              containerPort: 3000
+              protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: GF_SECURITY_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: username
+            - name: GF_SECURITY_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana-admin-user
+                  key: password
+            - name: GF_PATHS_DATA
+              value: /var/lib/grafana/
+            - name: GF_PATHS_LOGS
+              value: /var/log/grafana
+            - name: GF_PATHS_PLUGINS
+              value: /var/lib/grafana/plugins
+            - name: GF_PATHS_PROVISIONING
+              value: /etc/grafana/provisioning
+          livenessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /api/health
+              port: 3000
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 3000
+      volumes:
+        - name: config
+          configMap:
+            name: grafana
+        - name: storage
+          persistentVolumeClaim:
+            claimName: grafana
+        - name: sc-dashboard-volume
+          emptyDir:
+            {}
+        - name: sc-dashboard-provider
+          configMap:
+            name: grafana-config-dashboards
+        - name: sc-datasources-volume
+          emptyDir:
+            {}
+        - name: sc-plugins-volume
+          emptyDir:
+            {}
+        - name: sc-notifiers-volume
+          emptyDir:
+            {}
--- a/monitor/grafana/config.tf
+++ b/monitor/grafana/config.tf
@@ -0,0 +1,43 @@
+resource "kubernetes_config_map_v1" "config" {
+  metadata {
+    name = "grafana"
+    namespace = var.namespace
+    labels = local.common-labels
+  }
+  data = {
+    "grafana.ini" = <<-EOF
+[analytics]
+check_for_updates = true
+[grafana_net]
+url = https://grafana.net
+[log]
+mode = console
+[paths]
+data = /var/lib/grafana/
+logs = /var/log/grafana
+plugins = /var/lib/grafana/plugins
+provisioning = /etc/grafana/provisioning
+[server]
+domain = ''
+root_url = 'https://${local.dns_name}/'
+[users]
+auto_assign_org = true
+auto_assign_org_id = 1
+[auth]
+oauth_allow_insecure_email_lookup = true
+signout_redirect_url = '${module.oauth2.sso_signout_url}'
+oauth_auto_login = true
+[auth.generic_oauth]
+enabled = true
+name = vynil
+scopes = openid profile email
+${var.issuer=="letsencrypt-prod"?";":""}tls_client_ca = /etc/local-certs/ca.crt
+client_id = '${module.oauth2.client_id}'
+client_secret = '${module.oauth2.client_secret}'
+auth_url = '${module.oauth2.sso_authorize_url}'
+api_url	= '${module.oauth2.sso_userinfo_url}'
+token_url = '${module.oauth2.sso_token_url}'
+role_attribute_path = contains(groups, '${module.application.main_group}-admin') && 'Admin' || contains(groups, '${module.application.main_group}') && 'Editor' || 'Viewer'
+  EOF
+  }
+}
--- a/monitor/grafana/datas.tf
+++ b/monitor/grafana/datas.tf
@@ -0,0 +1,112 @@
+locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
+  common-labels = {
+    "vynil.solidite.fr/owner-name" = var.instance
+    "vynil.solidite.fr/owner-namespace" = var.namespace
+    "vynil.solidite.fr/owner-category" = var.category
+    "vynil.solidite.fr/owner-component" = var.component
+    "app.kubernetes.io/managed-by" = "vynil"
+    "app.kubernetes.io/instance" = var.instance
+  }
+  pvc_spec = merge({
+    "accessModes" = [var.storage.volume.accessMode]
+    "volumeMode" = var.storage.volume.type
+    "resources" = {
+      "requests" = {
+        "storage" = "${var.storage.volume.size}"
+      }
+    }
+  }, var.storage.volume.class != "" ?{
+    "storageClassName" = var.storage.volume.class
+  }:{})
+}
+
+
+data "kubernetes_secret_v1" "authentik" {
+  metadata {
+    name      = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
+
+data "kubernetes_ingress_v1" "authentik" {
+  metadata {
+    name = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
+
+data "kustomization_overlay" "data" {
+  common_labels = local.common-labels
+  namespace = var.namespace
+  resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
+  images {
+    name = "docker.io/grafana/grafana"
+    new_name = "${var.images.grafana.registry}/${var.images.grafana.repository}"
+    new_tag = "${var.images.grafana.tag}"
+  }
+  images {
+    name = "docker.io/library/busybox"
+    new_name = "${var.images.busybox.registry}/${var.images.busybox.repository}"
+    new_tag = "${var.images.busybox.tag}"
+  }
+  images {
+    name = "quay.io/kiwigrid/k8s-sidecar"
+    new_name = "${var.images.sidecar.registry}/${var.images.sidecar.repository}"
+    new_tag = "${var.images.sidecar.tag}"
+  }
+  patches {
+    target {
+      kind = "PersistentVolumeClaim"
+      name = "grafana"
+    }
+    patch = <<-EOF
+      kind: PersistentVolumeClaim
+      apiVersion: v1
+      metadata:
+        name: grafana
+        annotations:
+          k8up.io/backup: "true"
+      spec: ${jsonencode(local.pvc_spec)}
+    EOF
+  }
+  patches {
+    target {
+      kind = "ServiceMonitor"
+      name = "grafana"
+    }
+    patch = <<-EOF
+    - op: replace
+      path: /spec/namespaceSelector/matchNames/0
+      value: "${var.namespace}"
+    EOF
+  }
+  patches {
+    target {
+      kind = "Deployment"
+      name = "grafana"
+    }
+    patch = <<-EOF
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: grafana
+        annotations:
+          configmap.reloader.stakater.com/reload: "grafana"
+      spec:
+        template:
+          spec:
+            containers:
+              - name: grafana
+                volumeMounts:
+                  - name: local-certs
+                    mountPath: "/etc/local-certs"
+            volumes:
+            - name: local-certs
+              secret:
+                secretName: "${var.instance}-cert"
+                defaultMode: 0444
+    EOF
+  }
+}
--- a/monitor/grafana/index.yaml
+++ b/monitor/grafana/index.yaml
@@ -0,0 +1,194 @@
+---
+apiVersion: vinyl.solidite.fr/v1beta1
+kind: Component
+category: monitor
+metadata:
+  name: grafana
+  description: null
+options:
+  domain_name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  storage:
+    default:
+      volume:
+        accessMode: ReadWriteOnce
+        class: ''
+        size: 10Gi
+        type: Filesystem
+    description: Configure this app storage
+    examples:
+    - volume:
+        accessMode: ReadWriteOnce
+        class: ''
+        size: 10Gi
+        type: Filesystem
+    properties:
+      volume:
+        default:
+          accessMode: ReadWriteOnce
+          class: ''
+          size: 10Gi
+          type: Filesystem
+        properties:
+          accessMode:
+            default: ReadWriteOnce
+            enum:
+            - ReadWriteOnce
+            - ReadOnlyMany
+            - ReadWriteMany
+            type: string
+          class:
+            default: ''
+            type: string
+          size:
+            default: 10Gi
+            type: string
+          type:
+            default: Filesystem
+            enum:
+            - Filesystem
+            - Block
+            type: string
+        type: object
+    type: object
+  ingress_class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  sub_domain:
+    default: grafana
+    examples:
+    - grafana
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  admin_name:
+    default: grafana_admin
+    examples:
+    - grafana_admin
+    type: string
+  app_group:
+    default: monitor
+    examples:
+    - monitor
+    type: string
+  images:
+    default:
+      busybox:
+        registry: docker.io
+        repository: library/busybox
+        tag: 1.31.1
+      grafana:
+        pullPolicy: IfNotPresent
+        registry: docker.io
+        repository: grafana/grafana
+        tag: 10.2.3
+      sidecar:
+        pullPolicy: IfNotPresent
+        registry: quay.io
+        repository: kiwigrid/k8s-sidecar
+        tag: 1.25.2
+    examples:
+    - busybox:
+        registry: docker.io
+        repository: library/busybox
+        tag: 1.31.1
+      grafana:
+        pullPolicy: IfNotPresent
+        registry: docker.io
+        repository: grafana/grafana
+        tag: 10.2.3
+      sidecar:
+        pullPolicy: IfNotPresent
+        registry: quay.io
+        repository: kiwigrid/k8s-sidecar
+        tag: 1.25.2
+    properties:
+      busybox:
+        default:
+          registry: docker.io
+          repository: library/busybox
+          tag: 1.31.1
+        properties:
+          registry:
+            default: docker.io
+            type: string
+          repository:
+            default: library/busybox
+            type: string
+          tag:
+            default: 1.31.1
+            type: string
+        type: object
+      grafana:
+        default:
+          pullPolicy: IfNotPresent
+          registry: docker.io
+          repository: grafana/grafana
+          tag: 10.2.3
+        properties:
+          pullPolicy:
+            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
+            type: string
+          registry:
+            default: docker.io
+            type: string
+          repository:
+            default: grafana/grafana
+            type: string
+          tag:
+            default: 10.2.3
+            type: string
+        type: object
+      sidecar:
+        default:
+          pullPolicy: IfNotPresent
+          registry: quay.io
+          repository: kiwigrid/k8s-sidecar
+          tag: 1.25.2
+        properties:
+          pullPolicy:
+            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
+            type: string
+          registry:
+            default: quay.io
+            type: string
+          repository:
+            default: kiwigrid/k8s-sidecar
+            type: string
+          tag:
+            default: 1.25.2
+            type: string
+        type: object
+    type: object
+dependencies: []
+providers:
+  kubernetes: true
+  authentik: true
+  kubectl: true
+  postgresql: null
+  mysql: null
+  restapi: true
+  http: true
+  gitea: null
+tfaddtype: null
--- a/monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml
+++ b/monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml
@@ -0,0 +1,28 @@
+# Source: grafana/templates/servicemonitor.yaml
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: grafana
+  namespace: vynil-monitor
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  endpoints:
+  - port: service
+    interval: 30s
+    scrapeTimeout: 30s
+    honorLabels: true
+    path: /metrics
+    scheme: http
+  jobLabel: "grafana"
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: grafana
+      app.kubernetes.io/instance: grafana
+  namespaceSelector:
+    matchNames:
+      - vynil-monitor
--- a/monitor/grafana/presentation.tf
+++ b/monitor/grafana/presentation.tf
@@ -0,0 +1,72 @@
+locals {
+  dns_name = "${var.sub_domain}.${var.domain_name}"
+  dns_names = [local.dns_name]
+  app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
+  icon              = "public/img/grafana_icon.svg"
+  request_headers = {
+    "Content-Type"  = "application/json"
+    Authorization   = "Bearer ${data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]}"
+  }
+  service           = {
+    "name"  = "grafana"
+    "port" = {
+      "number" = 80
+    }
+  }
+}
+
+module "ingress" {
+  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//ingress"
+  component         = ""
+  instance          = var.instance
+  namespace         = var.namespace
+  issuer            = var.issuer
+  ingress_class     = var.ingress_class
+  labels            = local.common-labels
+  dns_names         = local.dns_names
+  middlewares       = []
+  services          = [local.service]
+  providers = {
+    kubectl = kubectl
+  }
+}
+
+ module "application" {
+  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application"
+  component         = var.component
+  instance          = var.instance
+  app_group         = var.app_group
+  dns_name          = local.dns_name
+  icon              = local.icon
+  sub_groups        = ["admin"]
+  protocol_provider = module.oauth2.provider-id
+  providers = {
+    authentik = authentik
+  }
+}
+
+module "oauth2" {
+  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2"
+  component         = var.component
+  instance          = var.instance
+  namespace         = var.namespace
+  domain            = var.domain
+  labels            = local.common-labels
+  dns_name          = local.dns_name
+  redirect_path     = "login/generic_oauth"
+  providers = {
+    kubernetes = kubernetes
+    kubectl = kubectl
+    authentik = authentik
+  }
+}
+
+provider "restapi" {
+  uri = "http://authentik.${var.domain}-auth.svc/api/v3/"
+  headers = local.request_headers
+  create_method = "PATCH"
+  update_method = "PATCH"
+  destroy_method = "PATCH"
+  write_returns_object = true
+  id_attribute = "name"
+}
--- a/monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml
+++ b/monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml
@@ -0,0 +1,20 @@
+# Source: grafana/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: grafana
+  namespace: vynil-monitor
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: grafana
+subjects:
+- kind: ServiceAccount
+  name: grafana
+  namespace: vynil-monitor
--- a/monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml
+++ b/monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml
@@ -0,0 +1,16 @@
+# Source: grafana/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: grafana
+  namespace: vynil-monitor
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups: [""] # "" indicates the core API group
+    resources: ["configmaps", "secrets"]
+    verbs: ["get", "watch", "list"]
--- a/monitor/grafana/secret.tf
+++ b/monitor/grafana/secret.tf
@@ -0,0 +1,19 @@
+
+resource "kubectl_manifest" "grafana_secret" {
+  ignore_fields = ["metadata.annotations"]
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "grafana-admin-user"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      forceRegenerate: false
+      data:
+        username: "${var.admin_name}"
+      fields:
+      - fieldName: "password"
+        length: "32"
+  EOF
+}
--- a/monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml
+++ b/monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml
@@ -0,0 +1,26 @@
+# Source: grafana/templates/configmap-dashboard-provider.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-config-dashboards
+  namespace: vynil-monitor
+data:
+  provider.yaml: |-
+    apiVersion: 1
+    providers:
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
--- a/monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml
+++ b/monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml
@@ -0,0 +1,20 @@
+# Source: grafana/templates/pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana
+  namespace: vynil-monitor
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+  finalizers:
+    - kubernetes.io/pvc-protection
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "10Gi"
--- a/monitor/grafana/v1_ServiceAccount_grafana.yaml
+++ b/monitor/grafana/v1_ServiceAccount_grafana.yaml
@@ -0,0 +1,13 @@
+---
+# Source: grafana/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+  name: grafana
+  namespace: vynil-monitor
--- a/monitor/grafana/v1_Service_grafana.yaml
+++ b/monitor/grafana/v1_Service_grafana.yaml
@@ -0,0 +1,22 @@
+# Source: grafana/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+  namespace: vynil-monitor
+  labels:
+    helm.sh/chart: grafana-7.2.5
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/version: "10.2.3"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - name: service
+      port: 80
+      protocol: TCP
+      targetPort: 3000
+  selector:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana