diff --git a/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz b/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz new file mode 100644 index 000000000..c02347b58 Binary files /dev/null and b/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz differ diff --git a/assets/rancher-grafana/rancher-grafana-100.0.0+up6.6.4.tgz b/assets/rancher-grafana/rancher-grafana-100.0.0+up6.6.4.tgz deleted file mode 100644 index 1f4d7f4b1..000000000 Binary files a/assets/rancher-grafana/rancher-grafana-100.0.0+up6.6.4.tgz and /dev/null differ diff --git a/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz b/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz index 5cae3148a..629ae7694 100644 Binary files a/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz and b/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz differ diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/.helmignore b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/.helmignore rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/Chart.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml similarity index 94% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/Chart.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml index d7f140921..1b5c93f0f 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/Chart.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-grafana apiVersion: v2 -appVersion: 7.4.5 +appVersion: 7.5.8 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png @@ -25,4 +25,4 @@ name: rancher-grafana sources: - https://github.com/grafana/grafana type: application -version: 100.0.0+up6.6.4 +version: 100.0.0+up6.11.0 diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/README.md b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md similarity index 96% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/README.md rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md index 957f019ec..3d1d73e48 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/README.md +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md @@ -63,6 +63,7 @@ This version requires Helm >= 3.1.0. | `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `{}` | +| `service.enabled` | Enable grafana service | `true` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `80` | | `service.portName` | Name of the port on the service | `service` | @@ -82,7 +83,7 @@ This version requires Helm >= 3.1.0. | `ingress.path` | Ingress accepted path | `/` | | `ingress.pathType` | Ingress type of path | `Prefix` | | `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | -| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | | `ingress.tls` | Ingress TLS configuration | `[]` | | `resources` | CPU/Memory resource requests/limits | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | @@ -157,13 +158,16 @@ This version requires Helm >= 3.1.0. | `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | | `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | | `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | | `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | -| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | | `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | | `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | | `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | | `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | | `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | @@ -215,6 +219,7 @@ This version requires Helm >= 3.1.0. | `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | | `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | | `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | | `imageRenderer.service.portName` | image-renderer service port name | `'http'` | | `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | | `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | @@ -242,6 +247,9 @@ ingress: ### Example of extraVolumeMounts +Volume can be type persistentVolumeClaim or hostPath but not both at same time. +If none existingClaim or hostPath argument is givent then type is emptyDir. + ```yaml - extraVolumeMounts: - name: plugins @@ -249,6 +257,10 @@ ingress: subPath: configs/grafana/plugins existingClaim: existing-grafana-claim readOnly: false + - name: dashboards + mountPath: /var/lib/grafana/dashboards + hostPath: /usr/shared/grafana/dashboards + readOnly: false ``` ## Import dashboards diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/dashboards/custom-dashboard.json b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/dashboards/custom-dashboard.json similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/dashboards/custom-dashboard.json rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/dashboards/custom-dashboard.json diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/NOTES.txt b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/NOTES.txt similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/NOTES.txt rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/NOTES.txt diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/_helpers.tpl b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl similarity index 90% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/_helpers.tpl rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl index 76ad78876..03da0ff33 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/_helpers.tpl +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl @@ -143,3 +143,16 @@ Return the appropriate apiVersion for rbac. {{- print "rbac.authorization.k8s.io/v1beta1" -}} {{- end -}} {{- end -}} + +{{/* +Looks if there's an existing secret and reuse its password. If not it generates +new password and use it. +*/}} +{{- define "grafana.password" -}} +{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} + {{- if $secret -}} + {{- index $secret "data" "admin-password" -}} + {{- else -}} + {{- (randAlphaNum 40) | b64enc | quote -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/_pod.tpl b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl similarity index 95% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/_pod.tpl rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl index 2ba9f115c..9d19b4a32 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/_pod.tpl +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl @@ -100,7 +100,7 @@ initContainers: - name: FOLDER value: "/etc/grafana/provisioning/datasources" - name: RESOURCE - value: "both" + value: {{ quote .Values.sidecar.datasources.resource }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -135,7 +135,7 @@ initContainers: - name: FOLDER value: "/etc/grafana/provisioning/notifiers" - name: RESOURCE - value: "both" + value: {{ quote .Values.sidecar.notifiers.resource }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -184,7 +184,7 @@ containers: - name: FOLDER value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - name: RESOURCE - value: "both" + value: {{ quote .Values.sidecar.dashboards.resource }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -317,14 +317,14 @@ containers: containerPort: 3000 protocol: TCP env: - {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} key: {{ .Values.admin.userKey | default "admin-user" }} {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: @@ -356,6 +356,14 @@ containers: - name: GF_RENDERING_CALLBACK_URL value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} {{ end }} + - name: GF_PATHS_DATA + value: {{ (get .Values "grafana.ini").paths.data }} + - name: GF_PATHS_LOGS + value: {{ (get .Values "grafana.ini").paths.logs }} + - name: GF_PATHS_PLUGINS + value: {{ (get .Values "grafana.ini").paths.plugins }} + - name: GF_PATHS_PROVISIONING + value: {{ (get .Values "grafana.ini").paths.provisioning }} {{- range $key, $value := .Values.envValueFrom }} - name: {{ $key | quote }} valueFrom: @@ -483,8 +491,15 @@ volumes: {{- end }} {{- range .Values.extraVolumeMounts }} - name: {{ .name }} + {{- if .existingClaim }} persistentVolumeClaim: claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + path: {{ .hostPath }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} {{- range .Values.extraEmptyDirMounts }} - name: {{ .name }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/clusterrole.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrole.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/clusterrole.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrole.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/clusterrolebinding.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/clusterrolebinding.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrolebinding.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/configmap-dashboard-provider.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap-dashboard-provider.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/configmap-dashboard-provider.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap-dashboard-provider.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/configmap.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml similarity index 95% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/configmap.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml index de32b7ab2..c72219fb8 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/configmap.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml @@ -19,8 +19,10 @@ data: {{- range $elem, $elemVal := $value }} {{- if kindIs "invalid" $elemVal }} {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} {{- else }} - {{ $elem }} = {{ tpl (toYaml $elemVal) $ }} + {{ $elem }} = {{ $elemVal }} {{- end }} {{- end }} {{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/dashboards-json-configmap.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/dashboards-json-configmap.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/dashboards-json-configmap.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/dashboards-json-configmap.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/deployment.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml similarity index 83% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/deployment.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml index 4d77794cd..1c9ae8638 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/deployment.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml @@ -14,7 +14,9 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicas }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: @@ -34,7 +36,7 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} -{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if .Values.envRenderSecret }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/headless-service.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/headless-service.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/headless-service.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/headless-service.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml new file mode 100644 index 000000000..9c186d74a --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "grafana.name" . }} + helm.sh/chart: {{ template "grafana.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "grafana.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.autoscaling.metrics | indent 4 }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-deployment.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-deployment.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-deployment.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-deployment.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-network-policy.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-network-policy.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-network-policy.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-network-policy.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-service.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml similarity index 94% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-service.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml index f5d3eb02f..f29586c3a 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/image-renderer-service.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml @@ -1,4 +1,5 @@ {{ if .Values.imageRenderer.enabled }} +{{ if .Values.imageRenderer.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -26,3 +27,4 @@ spec: selector: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} {{ end }} +{{ end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/ingress.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/ingress.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/ingress.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/ingress.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/nginx-config.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/nginx-config.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/nginx-config.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/nginx-config.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/poddisruptionbudget.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/poddisruptionbudget.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/poddisruptionbudget.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/poddisruptionbudget.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/podsecuritypolicy.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml similarity index 71% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/podsecuritypolicy.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml index 19da50791..f7c5941ab 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/podsecuritypolicy.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml @@ -13,19 +13,8 @@ spec: privileged: false allowPrivilegeEscalation: false requiredDropCapabilities: - # Default set from Docker, without DAC_OVERRIDE or CHOWN - - FOWNER - - FSETID - - KILL - - SETGID - - SETUID - - SETPCAP - - NET_BIND_SERVICE - - NET_RAW - - SYS_CHROOT - - MKNOD - - AUDIT_WRITE - - SETFCAP + # Default set from Docker, with DAC_OVERRIDE and CHOWN + - ALL volumes: - 'configMap' - 'emptyDir' @@ -38,12 +27,20 @@ spec: hostIPC: false hostPID: false runAsUser: - rule: 'RunAsAny' + rule: 'MustRunAsNonRoot' seLinux: rule: 'RunAsAny' supplementalGroups: - rule: 'RunAsAny' + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 fsGroup: - rule: 'RunAsAny' + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 readOnlyRootFilesystem: false {{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/pvc.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/pvc.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/pvc.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/pvc.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/role.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/role.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/role.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/role.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/rolebinding.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/rolebinding.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/rolebinding.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/rolebinding.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/secret-env.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret-env.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/secret-env.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret-env.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/secret.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml similarity index 62% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/secret.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml index 4fdd817da..6d06cf584 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/secret.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} apiVersion: v1 kind: Secret metadata: @@ -6,6 +6,10 @@ metadata: namespace: {{ template "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} type: Opaque data: {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} @@ -13,7 +17,7 @@ data: {{- if .Values.adminPassword }} admin-password: {{ .Values.adminPassword | b64enc | quote }} {{- else }} - admin-password: {{ randAlphaNum 40 | b64enc | quote }} + admin-password: {{ template "grafana.password" . }} {{- end }} {{- end }} {{- if not .Values.ldap.existingSecret }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/service.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml similarity index 97% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/service.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml index 276456698..ba84ef970 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/service.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml @@ -1,3 +1,4 @@ +{{ if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -47,4 +48,4 @@ spec: {{- end }} selector: {{- include "grafana.selectorLabels" . | nindent 4 }} - +{{ end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/serviceaccount.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/serviceaccount.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/serviceaccount.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/servicemonitor.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/servicemonitor.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/servicemonitor.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/servicemonitor.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/statefulset.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml similarity index 88% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/statefulset.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml index 55c159c9f..802768645 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/statefulset.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml @@ -27,7 +27,7 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} - {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- with .Values.podAnnotations }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-configmap.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-configmap.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-configmap.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-configmap.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-podsecuritypolicy.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-podsecuritypolicy.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-podsecuritypolicy.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-podsecuritypolicy.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-role.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-role.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-role.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-role.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-rolebinding.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-rolebinding.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-rolebinding.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-rolebinding.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-serviceaccount.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-serviceaccount.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test-serviceaccount.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-serviceaccount.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test.yaml similarity index 100% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/templates/tests/test.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test.yaml diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/values.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml similarity index 96% rename from charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/values.yaml rename to charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml index 9491c1a1f..52466a9fc 100644 --- a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.6.4/values.yaml +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml @@ -38,6 +38,22 @@ serviceAccount: replicas: 1 +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 + ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} @@ -69,7 +85,7 @@ livenessProbe: image: repository: rancher/mirrored-grafana-grafana - tag: 7.4.5 + tag: 7.5.8 sha: "" pullPolicy: IfNotPresent @@ -119,7 +135,7 @@ extraLabels: {} downloadDashboardsImage: repository: rancher/mirrored-curlimages-curl - tag: 7.73.0 + tag: 7.77.0 sha: "" pullPolicy: IfNotPresent @@ -144,6 +160,7 @@ podPortName: grafana ## ref: http://kubernetes.io/docs/user-guide/services/ ## service: + enabled: true type: ClusterIP port: 80 targetPort: 3000 @@ -420,10 +437,14 @@ extraSecretMounts: [] ## Additional grafana server volume mounts # Defines additional volume mounts. extraVolumeMounts: [] - # - name: extra-volume - # mountPath: /mnt/volume + # - name: extra-volume-0 + # mountPath: /mnt/volume0 # readOnly: true # existingClaim: volume-claim + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # hostPath: /usr/shared/ ## Pass the plugins you want installed as a list. ## @@ -530,7 +551,7 @@ dashboardsConfigMaps: {} ## grafana.ini: paths: - data: /var/lib/grafana/data + data: /var/lib/grafana/ logs: /var/log/grafana plugins: /var/lib/grafana/plugins provisioning: /etc/grafana/provisioning @@ -601,7 +622,7 @@ smtp: sidecar: image: repository: rancher/mirrored-kiwigrid-k8s-sidecar - tag: 1.10.7 + tag: 1.12.2 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -629,6 +650,8 @@ sidecar: # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # search in configmap, secret or both + resource: both # If specified, the sidecar will look for annotation with this name to create folder and put graph here. # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. folderAnnotation: null @@ -658,10 +681,8 @@ sidecar: # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null - - ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment - ## This can be useful for database passwords, etc. Value is templated. - envFromSecret: "" + # search in configmap, secret or both + resource: both notifiers: enabled: false # label that the configmaps with notifiers are marked with @@ -670,6 +691,8 @@ sidecar: # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # search in configmap, secret or both + resource: both ## Override the deployment namespace ## @@ -688,7 +711,7 @@ imageRenderer: # image-renderer Image repository repository: rancher/mirrored-grafana-grafana-image-renderer # image-renderer Image tag - tag: 2.0.1 + tag: 3.0.1 # image-renderer Image sha (optional) sha: "" # image-renderer ImagePullPolicy @@ -707,6 +730,8 @@ imageRenderer: # image-renderer deployment priority class priorityClassName: '' service: + # Enable the image-renderer service + enabled: true # image-renderer service port name portName: 'http' # image-renderer service port used by both service and deployment diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml index 6f950a023..77df89c48 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-grafana apiVersion: v2 -appVersion: 7.4.5 +appVersion: 7.5.8 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png @@ -25,4 +25,4 @@ name: grafana sources: - https://github.com/grafana/grafana type: application -version: 6.6.4 +version: 6.11.0 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md index 957f019ec..3d1d73e48 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md @@ -63,6 +63,7 @@ This version requires Helm >= 3.1.0. | `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `{}` | +| `service.enabled` | Enable grafana service | `true` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `80` | | `service.portName` | Name of the port on the service | `service` | @@ -82,7 +83,7 @@ This version requires Helm >= 3.1.0. | `ingress.path` | Ingress accepted path | `/` | | `ingress.pathType` | Ingress type of path | `Prefix` | | `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | -| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | | `ingress.tls` | Ingress TLS configuration | `[]` | | `resources` | CPU/Memory resource requests/limits | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | @@ -157,13 +158,16 @@ This version requires Helm >= 3.1.0. | `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | | `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | | `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | | `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | -| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | | `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | | `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | | `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | | `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | | `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | @@ -215,6 +219,7 @@ This version requires Helm >= 3.1.0. | `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | | `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | | `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | | `imageRenderer.service.portName` | image-renderer service port name | `'http'` | | `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | | `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | @@ -242,6 +247,9 @@ ingress: ### Example of extraVolumeMounts +Volume can be type persistentVolumeClaim or hostPath but not both at same time. +If none existingClaim or hostPath argument is givent then type is emptyDir. + ```yaml - extraVolumeMounts: - name: plugins @@ -249,6 +257,10 @@ ingress: subPath: configs/grafana/plugins existingClaim: existing-grafana-claim readOnly: false + - name: dashboards + mountPath: /var/lib/grafana/dashboards + hostPath: /usr/shared/grafana/dashboards + readOnly: false ``` ## Import dashboards diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl index 76ad78876..03da0ff33 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl @@ -143,3 +143,16 @@ Return the appropriate apiVersion for rbac. {{- print "rbac.authorization.k8s.io/v1beta1" -}} {{- end -}} {{- end -}} + +{{/* +Looks if there's an existing secret and reuse its password. If not it generates +new password and use it. +*/}} +{{- define "grafana.password" -}} +{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} + {{- if $secret -}} + {{- index $secret "data" "admin-password" -}} + {{- else -}} + {{- (randAlphaNum 40) | b64enc | quote -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl index 2ba9f115c..9d19b4a32 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl @@ -100,7 +100,7 @@ initContainers: - name: FOLDER value: "/etc/grafana/provisioning/datasources" - name: RESOURCE - value: "both" + value: {{ quote .Values.sidecar.datasources.resource }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -135,7 +135,7 @@ initContainers: - name: FOLDER value: "/etc/grafana/provisioning/notifiers" - name: RESOURCE - value: "both" + value: {{ quote .Values.sidecar.notifiers.resource }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -184,7 +184,7 @@ containers: - name: FOLDER value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - name: RESOURCE - value: "both" + value: {{ quote .Values.sidecar.dashboards.resource }} {{- if .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" @@ -317,14 +317,14 @@ containers: containerPort: 3000 protocol: TCP env: - {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} key: {{ .Values.admin.userKey | default "admin-user" }} {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: @@ -356,6 +356,14 @@ containers: - name: GF_RENDERING_CALLBACK_URL value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} {{ end }} + - name: GF_PATHS_DATA + value: {{ (get .Values "grafana.ini").paths.data }} + - name: GF_PATHS_LOGS + value: {{ (get .Values "grafana.ini").paths.logs }} + - name: GF_PATHS_PLUGINS + value: {{ (get .Values "grafana.ini").paths.plugins }} + - name: GF_PATHS_PROVISIONING + value: {{ (get .Values "grafana.ini").paths.provisioning }} {{- range $key, $value := .Values.envValueFrom }} - name: {{ $key | quote }} valueFrom: @@ -483,8 +491,15 @@ volumes: {{- end }} {{- range .Values.extraVolumeMounts }} - name: {{ .name }} + {{- if .existingClaim }} persistentVolumeClaim: claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + path: {{ .hostPath }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} {{- range .Values.extraEmptyDirMounts }} - name: {{ .name }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml index de32b7ab2..c72219fb8 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml @@ -19,8 +19,10 @@ data: {{- range $elem, $elemVal := $value }} {{- if kindIs "invalid" $elemVal }} {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} {{- else }} - {{ $elem }} = {{ tpl (toYaml $elemVal) $ }} + {{ $elem }} = {{ $elemVal }} {{- end }} {{- end }} {{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml index 4d77794cd..1c9ae8638 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml @@ -14,7 +14,9 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicas }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: @@ -34,7 +36,7 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} -{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if .Values.envRenderSecret }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml new file mode 100644 index 000000000..9c186d74a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "grafana.name" . }} + helm.sh/chart: {{ template "grafana.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "grafana.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.autoscaling.metrics | indent 4 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml index f5d3eb02f..f29586c3a 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml @@ -1,4 +1,5 @@ {{ if .Values.imageRenderer.enabled }} +{{ if .Values.imageRenderer.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -26,3 +27,4 @@ spec: selector: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} {{ end }} +{{ end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml index 19da50791..f7c5941ab 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml @@ -13,19 +13,8 @@ spec: privileged: false allowPrivilegeEscalation: false requiredDropCapabilities: - # Default set from Docker, without DAC_OVERRIDE or CHOWN - - FOWNER - - FSETID - - KILL - - SETGID - - SETUID - - SETPCAP - - NET_BIND_SERVICE - - NET_RAW - - SYS_CHROOT - - MKNOD - - AUDIT_WRITE - - SETFCAP + # Default set from Docker, with DAC_OVERRIDE and CHOWN + - ALL volumes: - 'configMap' - 'emptyDir' @@ -38,12 +27,20 @@ spec: hostIPC: false hostPID: false runAsUser: - rule: 'RunAsAny' + rule: 'MustRunAsNonRoot' seLinux: rule: 'RunAsAny' supplementalGroups: - rule: 'RunAsAny' + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 fsGroup: - rule: 'RunAsAny' + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 readOnlyRootFilesystem: false {{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml index 4fdd817da..6d06cf584 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} apiVersion: v1 kind: Secret metadata: @@ -6,6 +6,10 @@ metadata: namespace: {{ template "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} type: Opaque data: {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} @@ -13,7 +17,7 @@ data: {{- if .Values.adminPassword }} admin-password: {{ .Values.adminPassword | b64enc | quote }} {{- else }} - admin-password: {{ randAlphaNum 40 | b64enc | quote }} + admin-password: {{ template "grafana.password" . }} {{- end }} {{- end }} {{- if not .Values.ldap.existingSecret }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml index 276456698..ba84ef970 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml @@ -1,3 +1,4 @@ +{{ if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -47,4 +48,4 @@ spec: {{- end }} selector: {{- include "grafana.selectorLabels" . | nindent 4 }} - +{{ end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml index 55c159c9f..802768645 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml @@ -27,7 +27,7 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} - {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- with .Values.podAnnotations }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml index 9491c1a1f..52466a9fc 100644 --- a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml @@ -38,6 +38,22 @@ serviceAccount: replicas: 1 +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 + ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} @@ -69,7 +85,7 @@ livenessProbe: image: repository: rancher/mirrored-grafana-grafana - tag: 7.4.5 + tag: 7.5.8 sha: "" pullPolicy: IfNotPresent @@ -119,7 +135,7 @@ extraLabels: {} downloadDashboardsImage: repository: rancher/mirrored-curlimages-curl - tag: 7.73.0 + tag: 7.77.0 sha: "" pullPolicy: IfNotPresent @@ -144,6 +160,7 @@ podPortName: grafana ## ref: http://kubernetes.io/docs/user-guide/services/ ## service: + enabled: true type: ClusterIP port: 80 targetPort: 3000 @@ -420,10 +437,14 @@ extraSecretMounts: [] ## Additional grafana server volume mounts # Defines additional volume mounts. extraVolumeMounts: [] - # - name: extra-volume - # mountPath: /mnt/volume + # - name: extra-volume-0 + # mountPath: /mnt/volume0 # readOnly: true # existingClaim: volume-claim + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # hostPath: /usr/shared/ ## Pass the plugins you want installed as a list. ## @@ -530,7 +551,7 @@ dashboardsConfigMaps: {} ## grafana.ini: paths: - data: /var/lib/grafana/data + data: /var/lib/grafana/ logs: /var/log/grafana plugins: /var/lib/grafana/plugins provisioning: /etc/grafana/provisioning @@ -601,7 +622,7 @@ smtp: sidecar: image: repository: rancher/mirrored-kiwigrid-k8s-sidecar - tag: 1.10.7 + tag: 1.12.2 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -629,6 +650,8 @@ sidecar: # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # search in configmap, secret or both + resource: both # If specified, the sidecar will look for annotation with this name to create folder and put graph here. # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. folderAnnotation: null @@ -658,10 +681,8 @@ sidecar: # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null - - ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment - ## This can be useful for database passwords, etc. Value is templated. - envFromSecret: "" + # search in configmap, secret or both + resource: both notifiers: enabled: false # label that the configmaps with notifiers are marked with @@ -670,6 +691,8 @@ sidecar: # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # search in configmap, secret or both + resource: both ## Override the deployment namespace ## @@ -688,7 +711,7 @@ imageRenderer: # image-renderer Image repository repository: rancher/mirrored-grafana-grafana-image-renderer # image-renderer Image tag - tag: 2.0.1 + tag: 3.0.1 # image-renderer Image sha (optional) sha: "" # image-renderer ImagePullPolicy @@ -707,6 +730,8 @@ imageRenderer: # image-renderer deployment priority class priorityClassName: '' service: + # Enable the image-renderer service + enabled: true # image-renderer service port name portName: 'http' # image-renderer service port used by both service and deployment diff --git a/index.yaml b/index.yaml index 9b174a711..0f42086e0 100755 --- a/index.yaml +++ b/index.yaml @@ -1684,10 +1684,10 @@ entries: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-grafana apiVersion: v2 - appVersion: 7.4.5 - created: "2021-06-23T08:47:16.868264-07:00" + appVersion: 7.5.8 + created: "2021-06-25T17:45:08.728864-07:00" description: The leading tool for querying and visualizing time series and metrics. - digest: cf3211c911960f7b8eff1d5757e765d7f86e099822b796ed8b1286981a76f025 + digest: e7d034ec2026d9fc0706a52570add8465d4daa2b0d78dc8fe3d3902a1ce5dad0 home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png kubeVersion: ^1.8.0-0 @@ -1707,8 +1707,8 @@ entries: - https://github.com/grafana/grafana type: application urls: - - assets/rancher-grafana/rancher-grafana-100.0.0+up6.6.4.tgz - version: 100.0.0+up6.6.4 + - assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz + version: 100.0.0+up6.11.0 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux