Skip to content

Instantly share code, notes, and snippets.

@KhashayarDanesh
Created February 6, 2019 11:55
Show Gist options
  • Save KhashayarDanesh/ea419303905d05b8e7c3f83687626eca to your computer and use it in GitHub Desktop.
Save KhashayarDanesh/ea419303905d05b8e7c3f83687626eca to your computer and use it in GitHub Desktop.
Openshift - Grafana deployment template
apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: grafana
parameters:
- description: Externally accessible host name of Grafana
name: EXTERNAL_HOSTNAME
required: true
- name: ADMIN_PASSWORD
generate: expression
from: "[a-zA-Z0-9]{32}"
- name: VOLUME_CAPACITY
displayName: Volume Capacity
description: Volume space available for data, e.g. 2Gi, 5Gi.
value: 1Gi
required: true
objects:
- apiVersion: v1
kind: Secret
metadata:
name: grafana-credentials
namespace: monitoring
stringData:
admin-password: "${ADMIN_PASSWORD}"
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: grafana
namespace: monitoring
labels:
app: grafana
spec:
replicas: 1
template:
metadata:
labels:
app: grafana
spec:
containers:
- image: wkulhanek/grafana:latest
name: grafana
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
resources:
requests:
memory: 500Mi
cpu: 200m
limits:
memory: 2000Mi
cpu: 1500m
livenessProbe:
failureThreshold: 3
httpGet:
path: /login
port: 3000
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 7
readinessProbe:
failureThreshold: 3
httpGet:
path: /login
port: 3000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 7
env:
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-credentials
key: admin-password
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "false"
- name: GF_HTTP_DOMAIN
value: "${EXTERNAL_HOSTNAME}"
- name: GF_HTTP_ENFORCE_DOMAIN
value: "true"
- name: GF_ROOT_URL
value: "%(protocol)s://%(domain)s/"
- name: GF_PATHS_PROVISIONING
value: "/provisioning"
volumeMounts:
- mountPath: /provisioning/datasources/prometheus.yml
name: config
subPath: datasources.prometheus.yml
- mountPath: /var/lib/grafana
name: data
subPath: lib
- mountPath: /var/log/grafana
name: data
subPath: log
- mountPath: /etc/grafana
name: etcgrafana
readOnly: true
volumes:
- name: data
persistentVolumeClaim:
claimName: grafana
- name: config
configMap:
name: grafana
- emptyDir: {}
name: etcgrafana
- apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitoring
labels:
app: grafana
annotations:
prometheus.io/scrape: "true"
prometheus.io/scheme: http
spec:
ports:
- name: web
port: 3000
protocol: TCP
targetPort: 3000
selector:
app: grafana
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: grafana
namespace: monitoring
spec:
host: ${EXTERNAL_HOSTNAME}
to:
name: grafana
tls:
termination: Edge
insecureEdgeTerminationPolicy: Redirect
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "${VOLUME_CAPACITY}"
- apiVersion: v1
kind: ConfigMap
metadata:
name: grafana
namespace: monitoring
labels:
app: grafana
data:
datasources.prometheus.yml: |
# config file version
apiVersion: 1
# list of datasources to insert/update depending
# whats available in the database
datasources:
# <string, required> name of the datasource. Required
- name: Prometheus
# <string, required> datasource type. Required
type: prometheus
# <string, required> access mode. direct or proxy. Required
access: proxy
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string> url
url: http://prometheus:9090
# <string> database password, if used
password:
# <string> database user, if used
user:
# <string> database name, if used
#database:
# <bool> enable/disable basic auth
#basicAuth: true
# <string> basic auth username
#basicAuthUser: admin
# <string> basic auth password
#basicAuthPassword: foobar
# <bool> enable/disable with credentials headers
#withCredentials:
# <bool> mark as default datasource. Max one per org
isDefault: true
# <map> fields that will be converted to json and stored in json_data
#jsonData:
# graphiteVersion: "1.1"
# tlsAuth: false
# tlsAuthWithCACert: false
# <string> json object of data that will be encrypted.
#secureJsonData:
# tlsCACert: "..."
# tlsClientCert: "..."
# tlsClientKey: "..."
version: 1
# <bool> allow users to edit datasources from the UI.
editable: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment