jorgeguberte · January 27, 2023 19:01
diff --git a/deploy-prometheus-grafana.yaml b/deploy-prometheus-grafana.yaml
 #                                      #
 #                                      #
 #                                      #
 #                                      #
 #       Instalação do Prometheus       #
 #                                      #
 #                                      #
 #                                      #
 #                                      #
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:    
    helm.sh/chart: kube-state-metrics-4.13.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: kube-state-metrics
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/instance: prometheus
    app.kubernetes.io/version: "2.5.0"
  name: prometheus-kube-state-metrics
  namespace: default
 imagePullSecrets:
  []
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    component: "node-exporter"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-node-exporter
  namespace: default
  annotations:
    {}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    component: "server"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-server
  namespace: default
  annotations:
    {}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  labels:
    component: "server"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-server
  namespace: default
 data:
  allow-snippet-annotations: "false"
  alerting_rules.yml: |
    {}
  alerts: |
    {}
  prometheus.yml: |
    global:
      evaluation_interval: 1m
      scrape_interval: 10s
      scrape_timeout: 10s
    rule_files:
    - /etc/config/recording_rules.yml
    - /etc/config/alerting_rules.yml
    - /etc/config/rules
    - /etc/config/alerts
    scrape_configs:
    - job_name: prometheus
      static_configs:
      - targets:
        - localhost:9090
    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
      job_name: kubernetes-apiservers
      kubernetes_sd_configs:
      - role: endpoints
      relabel_configs:
      - action: keep
        regex: default;kubernetes;https
        source_labels:
        - __meta_kubernetes_namespace
        - __meta_kubernetes_service_name
        - __meta_kubernetes_endpoint_port_name
      scheme: https
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        insecure_skip_verify: true
    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
      job_name: kubernetes-nodes
      kubernetes_sd_configs:
      - role: node
      relabel_configs:
      - action: labelmap
        regex: __meta_kubernetes_node_label_(.+)
      - replacement: kubernetes.default.svc:443
        target_label: __address__
      - regex: (.+)
        replacement: /api/v1/nodes/$1/proxy/metrics
        source_labels:
        - __meta_kubernetes_node_name
        target_label: __metrics_path__
      scheme: https
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        insecure_skip_verify: true
    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
      job_name: kubernetes-nodes-cadvisor
      kubernetes_sd_configs:
      - role: node
      relabel_configs:
      - action: labelmap
        regex: __meta_kubernetes_node_label_(.+)
      - replacement: kubernetes.default.svc:443
        target_label: __address__
      - regex: (.+)
        replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
        source_labels:
        - __meta_kubernetes_node_name
        target_label: __metrics_path__
      scheme: https
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        insecure_skip_verify: true
    - honor_labels: true
      job_name: kubernetes-service-endpoints
      kubernetes_sd_configs:
      - role: endpoints
      relabel_configs:
      - action: keep
        regex: true
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scrape
      - action: drop
        regex: true
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
      - action: replace
        regex: (https?)
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scheme
        target_label: __scheme__
      - action: replace
        regex: (.+)
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_path
        target_label: __metrics_path__
      - action: replace
        regex: (.+?)(?::\d+)?;(\d+)
        replacement: $1:$2
        source_labels:
        - __address__
        - __meta_kubernetes_service_annotation_prometheus_io_port
        target_label: __address__
      - action: labelmap
        regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
        replacement: __param_$1
      - action: labelmap
        regex: __meta_kubernetes_service_label_(.+)
      - action: replace
        source_labels:
        - __meta_kubernetes_namespace
        target_label: namespace
      - action: replace
        source_labels:
        - __meta_kubernetes_service_name
        target_label: service
      - action: replace
        source_labels:
        - __meta_kubernetes_pod_node_name
        target_label: node
    - honor_labels: true
      job_name: kubernetes-service-endpoints-slow
      kubernetes_sd_configs:
      - role: endpoints
      relabel_configs:
      - action: keep
        regex: true
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
      - action: replace
        regex: (https?)
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scheme
        target_label: __scheme__
      - action: replace
        regex: (.+)
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_path
        target_label: __metrics_path__
      - action: replace
        regex: (.+?)(?::\d+)?;(\d+)
        replacement: $1:$2
        source_labels:
        - __address__
        - __meta_kubernetes_service_annotation_prometheus_io_port
        target_label: __address__
      - action: labelmap
        regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
        replacement: __param_$1
      - action: labelmap
        regex: __meta_kubernetes_service_label_(.+)
      - action: replace
        source_labels:
        - __meta_kubernetes_namespace
        target_label: namespace
      - action: replace
        source_labels:
        - __meta_kubernetes_service_name
        target_label: service
      - action: replace
        source_labels:
        - __meta_kubernetes_pod_node_name
        target_label: node
      scrape_interval: 5m
      scrape_timeout: 30s
    - honor_labels: true
      job_name: prometheus-pushgateway
      kubernetes_sd_configs:
      - role: service
      relabel_configs:
      - action: keep
        regex: pushgateway
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_probe
    - honor_labels: true
      job_name: kubernetes-services
      kubernetes_sd_configs:
      - role: service
      metrics_path: /probe
      params:
        module:
        - http_2xx
      relabel_configs:
      - action: keep
        regex: true
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_probe
      - source_labels:
        - __address__
        target_label: __param_target
      - replacement: blackbox
        target_label: __address__
      - source_labels:
        - __param_target
        target_label: instance
      - action: labelmap
        regex: __meta_kubernetes_service_label_(.+)
      - source_labels:
        - __meta_kubernetes_namespace
        target_label: namespace
      - source_labels:
        - __meta_kubernetes_service_name
        target_label: service
    - honor_labels: true
      job_name: kubernetes-pods
      kubernetes_sd_configs:
      - role: pod
      relabel_configs:
      - action: keep
        regex: true
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_scrape
      - action: drop
        regex: true
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
      - action: replace
        regex: (https?)
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_scheme
        target_label: __scheme__
      - action: replace
        regex: (.+)
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_path
        target_label: __metrics_path__
      - action: replace
        regex: (.+?)(?::\d+)?;(\d+)
        replacement: $1:$2
        source_labels:
        - __address__
        - __meta_kubernetes_pod_annotation_prometheus_io_port
        target_label: __address__
      - action: labelmap
        regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
        replacement: __param_$1
      - action: labelmap
        regex: __meta_kubernetes_pod_label_(.+)
      - action: replace
        source_labels:
        - __meta_kubernetes_namespace
        target_label: namespace
      - action: replace
        source_labels:
        - __meta_kubernetes_pod_name
        target_label: pod
      - action: drop
        regex: Pending|Succeeded|Failed|Completed
        source_labels:
        - __meta_kubernetes_pod_phase
    - honor_labels: true
      job_name: kubernetes-pods-slow
      kubernetes_sd_configs:
      - role: pod
      relabel_configs:
      - action: keep
        regex: true
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
      - action: replace
        regex: (https?)
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_scheme
        target_label: __scheme__
      - action: replace
        regex: (.+)
        source_labels:
        - __meta_kubernetes_pod_annotation_prometheus_io_path
        target_label: __metrics_path__
      - action: replace
        regex: (.+?)(?::\d+)?;(\d+)
        replacement: $1:$2
        source_labels:
        - __address__
        - __meta_kubernetes_pod_annotation_prometheus_io_port
        target_label: __address__
      - action: labelmap
        regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
        replacement: __param_$1
      - action: labelmap
        regex: __meta_kubernetes_pod_label_(.+)
      - action: replace
        source_labels:
        - __meta_kubernetes_namespace
        target_label: namespace
      - action: replace
        source_labels:
        - __meta_kubernetes_pod_name
        target_label: pod
      - action: drop
        regex: Pending|Succeeded|Failed|Completed
        source_labels:
        - __meta_kubernetes_pod_phase
      scrape_interval: 5m
      scrape_timeout: 30s
  recording_rules.yml: |
    {}
  rules: |
    {}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:    
    helm.sh/chart: kube-state-metrics-4.13.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: kube-state-metrics
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/instance: prometheus
    app.kubernetes.io/version: "2.5.0"
  name: prometheus-kube-state-metrics
 rules:

 - apiGroups: ["certificates.k8s.io"]
  resources:
  - certificatesigningrequests
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - configmaps
  verbs: ["list", "watch"]

 - apiGroups: ["batch"]
  resources:
  - cronjobs
  verbs: ["list", "watch"]

 - apiGroups: ["extensions", "apps"]
  resources:
  - daemonsets
  verbs: ["list", "watch"]

 - apiGroups: ["extensions", "apps"]
  resources:
  - deployments
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - endpoints
  verbs: ["list", "watch"]

 - apiGroups: ["autoscaling"]
  resources:
  - horizontalpodautoscalers
  verbs: ["list", "watch"]

 - apiGroups: ["extensions", "networking.k8s.io"]
  resources:
  - ingresses
  verbs: ["list", "watch"]

 - apiGroups: ["batch"]
  resources:
  - jobs
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - limitranges
  verbs: ["list", "watch"]

 - apiGroups: ["admissionregistration.k8s.io"]
  resources:
    - mutatingwebhookconfigurations
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - namespaces
  verbs: ["list", "watch"]

 - apiGroups: ["networking.k8s.io"]
  resources:
  - networkpolicies
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - nodes
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - persistentvolumeclaims
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - persistentvolumes
  verbs: ["list", "watch"]

 - apiGroups: ["policy"]
  resources:
    - poddisruptionbudgets
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - pods
  verbs: ["list", "watch"]

 - apiGroups: ["extensions", "apps"]
  resources:
  - replicasets
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - replicationcontrollers
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - resourcequotas
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - secrets
  verbs: ["list", "watch"]

 - apiGroups: [""]
  resources:
  - services
  verbs: ["list", "watch"]

 - apiGroups: ["apps"]
  resources:
  - statefulsets
  verbs: ["list", "watch"]

 - apiGroups: ["storage.k8s.io"]
  resources:
    - storageclasses
  verbs: ["list", "watch"]

 - apiGroups: ["admissionregistration.k8s.io"]
  resources:
    - validatingwebhookconfigurations
  verbs: ["list", "watch"]

 - apiGroups: ["storage.k8s.io"]
  resources:
    - volumeattachments
  verbs: ["list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    component: "server"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-server
 rules:
  - apiGroups:
      - ""
    resources:
      - nodes
      - nodes/proxy
      - nodes/metrics
      - services
      - endpoints
      - pods
      - ingresses
      - configmaps
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "extensions"
      - "networking.k8s.io"
    resources:
      - ingresses/status
      - ingresses
    verbs:
      - get
      - list
      - watch
  - nonResourceURLs:
      - "/metrics"
    verbs:
      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:    
    helm.sh/chart: kube-state-metrics-4.13.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: kube-state-metrics
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/instance: prometheus
    app.kubernetes.io/version: "2.5.0"
  name: prometheus-kube-state-metrics
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus-kube-state-metrics
 subjects:
 - kind: ServiceAccount
  name: prometheus-kube-state-metrics
  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    component: "server"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-server
 subjects:
  - kind: ServiceAccount
    name: prometheus-server
    namespace: default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus-server
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: prometheus-kube-state-metrics
  namespace: default
  labels:    
    helm.sh/chart: kube-state-metrics-4.13.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: kube-state-metrics
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/instance: prometheus
    app.kubernetes.io/version: "2.5.0"
  annotations:
    prometheus.io/scrape: 'true'
 spec:
  type: "ClusterIP"
  ports:
  - name: "http"
    protocol: TCP
    port: 8080
    targetPort: 8080
  
  selector:    
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/instance: prometheus
 ---
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
    prometheus.io/scrape: "true"
  labels:
    component: "node-exporter"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-node-exporter
  namespace: default
 spec:
  ports:
    - name: metrics
      port: 9100
      protocol: TCP
      targetPort: 9100
  selector:
    component: "node-exporter"
    app: prometheus
    release: prometheus
  type: "ClusterIP"
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    component: "server"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-server
  namespace: default
 spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 9090
  selector:
    component: "server"
    app: prometheus
    release: prometheus
  sessionAffinity: None
  type: "LoadBalancer"
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  labels:
    component: "node-exporter"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-node-exporter
  namespace: default
 spec:
  selector:
    matchLabels:
      component: "node-exporter"
      app: prometheus
      release: prometheus
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        component: "node-exporter"
        app: prometheus
        release: prometheus
        chart: prometheus-15.16.1
        heritage: Helm
    spec:
      serviceAccountName: prometheus-node-exporter
      containers:
        - name: prometheus-node-exporter
          image: "quay.io/prometheus/node-exporter:v1.3.1"
          imagePullPolicy: "IfNotPresent"
          args:
            - --path.procfs=/host/proc
            - --path.sysfs=/host/sys
            - --path.rootfs=/host/root
            - --web.listen-address=:9100
          ports:
            - name: metrics
              containerPort: 9100
              hostPort: 9100
          resources:
            {}
          securityContext:
            allowPrivilegeEscalation: false          
          volumeMounts:
            - name: proc
              mountPath: /host/proc
              readOnly:  true
            - name: sys
              mountPath: /host/sys
              readOnly: true
            - name: root
              mountPath: /host/root
              mountPropagation: HostToContainer
              readOnly: true
      hostNetwork: true
      hostPID: true
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsNonRoot: true
        runAsUser: 65534
      volumes:
        - name: proc
          hostPath:
            path: /proc
        - name: sys
          hostPath:
            path: /sys
        - name: root
          hostPath:
            path: /
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: prometheus-kube-state-metrics
  namespace: default
  labels:    
    helm.sh/chart: kube-state-metrics-4.13.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
    app.kubernetes.io/part-of: kube-state-metrics
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/instance: prometheus
    app.kubernetes.io/version: "2.5.0"
 spec:
  selector:
    matchLabels:      
      app.kubernetes.io/name: kube-state-metrics
      app.kubernetes.io/instance: prometheus
  replicas: 1
  template:
    metadata:
      labels:        
        helm.sh/chart: kube-state-metrics-4.13.0
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: metrics
        app.kubernetes.io/part-of: kube-state-metrics
        app.kubernetes.io/name: kube-state-metrics
        app.kubernetes.io/instance: prometheus
        app.kubernetes.io/version: "2.5.0"
    spec:
      hostNetwork: false
      serviceAccountName: prometheus-kube-state-metrics
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsUser: 65534
      containers:
      - name: kube-state-metrics
        args:
        - --port=8080
        - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments
        - --telemetry-port=8081
        imagePullPolicy: IfNotPresent
        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.5.0"
        ports:
        - containerPort: 8080
          name: "http"
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    component: "server"
    app: prometheus
    release: prometheus
    chart: prometheus-15.16.1
    heritage: Helm
  name: prometheus-server
  namespace: default
 spec:
  selector:
    matchLabels:
      component: "server"
      app: prometheus
      release: prometheus
  replicas: 1
  template:
    metadata:
      labels:
        component: "server"
        app: prometheus
        release: prometheus
        chart: prometheus-15.16.1
        heritage: Helm
    spec:
      enableServiceLinks: true
      serviceAccountName: prometheus-server
      containers:
        - name: prometheus-server-configmap-reload
          image: "jimmidyson/configmap-reload:v0.5.0"
          imagePullPolicy: "IfNotPresent"
          securityContext:
            {}
          args:
            - --volume-dir=/etc/config
            - --webhook-url=http://127.0.0.1:9090/-/reload
          resources:
            {}
          volumeMounts:
            - name: config-volume
              mountPath: /etc/config
              readOnly: true

        - name: prometheus-server
          image: "quay.io/prometheus/prometheus:v2.39.1"
          imagePullPolicy: "IfNotPresent"
          args:
            - --storage.tsdb.retention.time=15d
            - --config.file=/etc/config/prometheus.yml
            - --storage.tsdb.path=/data
            - --web.console.libraries=/etc/prometheus/console_libraries
            - --web.console.templates=/etc/prometheus/consoles
            - --web.enable-lifecycle
          ports:
            - containerPort: 9090
          readinessProbe:
            httpGet:
              path: /-/ready
              port: 9090
              scheme: HTTP
            initialDelaySeconds: 30
            periodSeconds: 5
            timeoutSeconds: 4
            failureThreshold: 3
            successThreshold: 1
          livenessProbe:
            httpGet:
              path: /-/healthy
              port: 9090
              scheme: HTTP
            initialDelaySeconds: 30
            periodSeconds: 15
            timeoutSeconds: 10
            failureThreshold: 3
            successThreshold: 1
          resources:
            {}
          volumeMounts:
            - name: config-volume
              mountPath: /etc/config
            - name: storage-volume
              mountPath: /data
              subPath: ""
      dnsPolicy: ClusterFirst
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsNonRoot: true
        runAsUser: 65534
      terminationGracePeriodSeconds: 300
      volumes:
        - name: config-volume
          configMap:
            name: prometheus-server
        - name: storage-volume
          emptyDir:
            {}
 ---
 #                                      #
 #                                      #
 #                                      #
 #                                      #
 #       Instalação do Grafana          #
 #                                      #
 #                                      #
 #                                      #
 #                                      #

 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: grafana-test
  annotations:
    "helm.sh/hook": test-success
    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 spec:
  allowPrivilegeEscalation: true
  privileged: false
  hostNetwork: false
  hostIPC: false
  hostPID: false
  fsGroup:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  volumes:
  - configMap
  - downwardAPI
  - emptyDir
  - projected
  - csi
  - secret
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
  name: grafana-test
  namespace: default
  annotations:
    "helm.sh/hook": test-success
    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: grafana-test
  namespace: default
  annotations:
    "helm.sh/hook": test-success
    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 data:
  run.sh: |-
    @test "Test Health" {
      url="http://grafana/api/health"

      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
      [ "$code" == "200" ]
    }
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: grafana-test
  namespace: default
  annotations:
    "helm.sh/hook": test-success
    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:      ['policy']
  resources:      ['podsecuritypolicies']
  verbs:          ['use']
  resourceNames:  [grafana-test]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: grafana-test
  namespace: default
  annotations:
    "helm.sh/hook": test-success
    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: grafana-test
 subjects:
 - kind: ServiceAccount
  name: grafana-test
  namespace: default
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: grafana-test
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test-success
    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
  namespace: default
 spec:
  serviceAccountName: grafana-test
  containers:
    - name: grafana-test
      image: "bats/bats:v1.4.1"
      imagePullPolicy: "IfNotPresent"
      command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
      volumeMounts:
        - mountPath: /tests
          name: tests
          readOnly: true
  volumes:
  - name: tests
    configMap:
      name: grafana-test
  restartPolicy: Never
 MANIFEST:
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: grafana
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
 spec:
  privileged: false
  allowPrivilegeEscalation: false
  requiredDropCapabilities:
      - ALL
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'csi'
    - 'secret'
    - 'downwardAPI'
    - 'persistentVolumeClaim'
  hostNetwork: false
  hostIPC: false
  hostPID: false
  runAsUser:
    rule: 'RunAsAny'
  seLinux:
    rule: 'RunAsAny'
  supplementalGroups:
    rule: 'MustRunAs'
    ranges:
      - min: 1
        max: 65535
  fsGroup:
    rule: 'MustRunAs'
    ranges:
      - min: 1
        max: 65535
  readOnlyRootFilesystem: false
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
  name: grafana
  namespace: default
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: grafana
  namespace: default
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 type: Opaque
 data:
  admin-user: "YWRtaW4="
  admin-password: "elJSYW15bFVHT2ZrRzNSeW1aaUdNeHljYkNJdWFhMHBQMFdlVFVmNA=="
  ldap-toml: ""
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: grafana
  namespace: default
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 data:
  grafana.ini: |
    [analytics]
    check_for_updates = true
    [grafana_net]
    url = https://grafana.net
    [log]
    mode = console
    [paths]
    data = /var/lib/grafana/
    logs = /var/log/grafana
    plugins = /var/lib/grafana/plugins
    provisioning = /etc/grafana/provisioning
    [server]
    domain = ''
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
  name: grafana-clusterrole
 rules: []
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: grafana-clusterrolebinding
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 subjects:
  - kind: ServiceAccount
    name: grafana
    namespace: default
 roleRef:
  kind: ClusterRole
  name: grafana-clusterrole
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: grafana
  namespace: default
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:      ['extensions']
  resources:      ['podsecuritypolicies']
  verbs:          ['use']
  resourceNames:  [grafana]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: grafana
  namespace: default
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: grafana
 subjects:
 - kind: ServiceAccount
  name: grafana
  namespace: default
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: grafana
  namespace: default
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 spec:
  type: LoadBalancer
  ports:
    - name: service
      port: 80
      protocol: TCP
      targetPort: 3000
  selector:
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: grafana
  namespace: default
  labels:
    helm.sh/chart: grafana-6.42.3
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
    app.kubernetes.io/version: "9.2.0"
    app.kubernetes.io/managed-by: Helm
 spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/name: grafana
      app.kubernetes.io/instance: grafana
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: grafana
        app.kubernetes.io/instance: grafana
      annotations:
        checksum/config: a8c8847238aeaa0d1355146b6c8e756ecb7e07efbbb41ac75aa2161d64b187c4
        checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
        checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
        checksum/secret: 15caba8a376b523cef17172a7980899691cf78da1b509babef4d6f289612feb3
    spec:      
      serviceAccountName: grafana
      automountServiceAccountToken: true
      securityContext:
        fsGroup: 472
        runAsGroup: 472
        runAsUser: 472
      enableServiceLinks: true
      containers:
        - name: grafana
          image: "grafana/grafana:9.2.0"
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: config
              mountPath: "/etc/grafana/grafana.ini"
              subPath: grafana.ini
            - name: storage
              mountPath: "/var/lib/grafana"
          ports:
            - name: grafana
              containerPort: 3000
              protocol: TCP
          env:
            - name: GF_SECURITY_ADMIN_USER
              valueFrom:
                secretKeyRef:
                  name: grafana
                  key: admin-user
            - name: GF_SECURITY_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: grafana
                  key: admin-password
            - name: GF_PATHS_DATA
              value: /var/lib/grafana/
            - name: GF_PATHS_LOGS
              value: /var/log/grafana
            - name: GF_PATHS_PLUGINS
              value: /var/lib/grafana/plugins
            - name: GF_PATHS_PROVISIONING
              value: /etc/grafana/provisioning
          livenessProbe:
            failureThreshold: 10
            httpGet:
              path: /api/health
              port: 3000
            initialDelaySeconds: 60
            timeoutSeconds: 30
          readinessProbe:
            httpGet:
              path: /api/health
              port: 3000
      volumes:
        - name: config
          configMap:
            name: grafana
        - name: storage
          emptyDir: {}
No results found