feat(drycc-addons):add grafana

Author: EamonZhang

addons/grafana/10/README.md

@@ -0,0 +1,27 @@
+annotations:
+  category: Analytics
+apiVersion: v2
+appVersion: 9.1.7
+dependencies:
+  - name: common
+    repository: oci://registry.drycc.cc/charts
+    tags:
+      - drycc-common
+    version: ~1.1.2
+description: Grafana is an open source metric analytics and visualization suite for visualizing time series data that supports various types of data sources.
+engine: gotpl
+home: https://github.com/drycc/charts/tree/master/drycc/grafana
+icon: https://drycc.com/assets/stacks/grafana/img/grafana-stack-220x234.png
+keywords:
+  - analytics
+  - monitoring
+  - metrics
+  - logs
+maintainers:
+  - name: Bitnami
+    url: https://github.com/drycc/charts
+name: grafana
+sources:
+  - https://github.com/drycc/containers/tree/main/drycc/grafana
+  - https://grafana.com/
+version: 8.2.11

addons/grafana/10/charts/grafana/Chart.yaml

@@ -0,0 +1,12 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "type": "object",
+  "properties": {
+    "imagePullPolicy": {
+      "type": "string",
+      "enum": ["Always", "IfNotPresent", "Never"],
+      "default": "IfNotPresent",
+      "title": "Image pull policy"
+    }
+  }
+}

addons/grafana/10/charts/grafana/create-instance-schema.json

@@ -0,0 +1,34 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **
+
+1. Get the application URL by running these commands:
+
+{{- if .Values.ingress.enabled }}
+    {{ ternary "https" "http" .Values.ingress.tls }}://{{ .Values.ingress.hostname }}{{ .Values.ingress.path }}
+{{- else if contains "NodePort" .Values.service.type }}
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+    echo http://$SERVICE_IP:{{ .Values.service.ports.grafana }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+    echo "Browse to http://127.0.0.1:8080"
+    kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.ports.grafana }} &
+{{- end }}
+
+2. Get the admin credentials:
+
+    echo "User: {{ .Values.admin.user }}"
+    echo "Password: $(kubectl get secret {{ include "grafana.adminSecretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.{{ include "grafana.adminSecretPasswordKey" . }}}" | base64 -d)"
+
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.imageRenderer.image }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
+{{ include "grafana.validateValues" . }}
+{{ include "grafana.validateValues.database" . }}

addons/grafana/10/charts/grafana/templates/NOTES.txt

@@ -0,0 +1,236 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the proper Grafana image name
+*/}}
+{{- define "grafana.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper Grafana Image Renderer image name
+*/}}
+{{- define "grafana.imageRenderer.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.imageRenderer.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "grafana.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.imageRenderer.image) "global" .Values.global) -}}
+{{- end }}
+
+{{/*
+Return  the proper Storage Class
+*/}}
+{{- define "grafana.storageClass" -}}
+{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the Grafana admin credentials secret
+*/}}
+{{- define "grafana.adminSecretName" -}}
+{{- if .Values.admin.existingSecret -}}
+    {{- printf "%s" (tpl .Values.admin.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-admin" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Grafana admin password key
+*/}}
+{{- define "grafana.adminSecretPasswordKey" -}}
+{{- if and .Values.admin.existingSecret .Values.admin.existingSecretPasswordKey -}}
+    {{- printf "%s" (tpl .Values.admin.existingSecretPasswordKey $) -}}
+{{- else -}}
+    {{- printf "GF_SECURITY_ADMIN_PASSWORD" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created
+*/}}
+{{- define "grafana.createAdminSecret" -}}
+{{- if not .Values.admin.existingSecret }}
+    {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Grafana SMTP credentials secret
+*/}}
+{{- define "grafana.smtpSecretName" -}}
+{{- if .Values.smtp.existingSecret }}
+    {{- printf "%s" (tpl .Values.smtp.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-smtp" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Grafana SMTP user key
+*/}}
+{{- define "grafana.smtpSecretUserKey" -}}
+{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretUserKey -}}
+    {{- printf "%s" (tpl .Values.smtp.existingSecretUserKey $) -}}
+{{- else -}}
+    {{- printf "GF_SMTP_USER" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Grafana SMTP password key
+*/}}
+{{- define "grafana.smtpSecretPasswordKey" -}}
+{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretPasswordKey -}}
+    {{- printf "%s" (tpl .Values.smtp.existingSecretPasswordKey $) -}}
+{{- else -}}
+    {{- printf "GF_SMTP_PASSWORD" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created
+*/}}
+{{- define "grafana.createSMTPSecret" -}}
+{{- if and .Values.smtp.enabled (not .Values.smtp.existingSecret) }}
+    {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns the proper service account name depending if an explicit service account name is set
+in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create
+is true or default otherwise.
+*/}}
+{{- define "grafana.serviceAccountName" -}}
+    {{- if .Values.serviceAccount.create -}}
+        {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+    {{- else -}}
+        {{ default "default" .Values.serviceAccount.name }}
+    {{- end -}}
+{{- end -}}
+
+{{/*
+Validate values for Grafana.
+*/}}
+{{- define "grafana.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "grafana.validateValues.configmapsOrSecrets" .) -}}
+{{- $messages := append $messages (include "grafana.validateValues.ldap.configuration" .) -}}
+{{- $messages := append $messages (include "grafana.validateValues.ldap.configmapsecret" .) -}}
+{{- $messages := append $messages (include "grafana.validateValues.ldap.tls" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Grafana - A ConfigMap or Secret name must be provided when loading a custom grafana.ini file */}}
+{{- define "grafana.validateValues.configmapsOrSecrets" -}}
+{{- if and .Values.config.useGrafanaIniFile (not .Values.config.grafanaIniSecret) (not .Values.config.grafanaIniConfigMap) -}}
+grafana: config.useGrafanaIniFile config.grafanaIniSecret and config.grafanaIniConfigMap
+        You enabled config.useGrafanaIniFile but did not specify config.grafanaIniSecret nor config.grafanaIniConfigMap
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Grafana - A custom ldap.toml file must be provided when enabling LDAP */}}
+{{- define "grafana.validateValues.ldap.configuration" -}}
+{{- if and .Values.ldap.enabled (empty .Values.ldap.uri) (empty .Values.ldap.basedn) (empty .Values.ldap.configuration) (empty .Values.ldap.configMapName) (empty .Values.ldap.secretName) -}}
+grafana: ldap.enabled ldap.uri ldap.basedn ldap.configuration ldap.configMapName and ldap.secretName
+        You must provide the uri and basedn of your LDAP Sever (--set ldap.uri="aaa" --set ldap.basedn="bbb")
+        or the  content of your custom ldap.toml file when enabling LDAP (--set ldap.configuration="xxx")
+        As an alternative, you can set the name of an existing ConfigMap (--set ldap.configMapName="yyy") or
+        an an existing Secret (--set ldap.secretName="zzz") containging the custom ldap.toml file.
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Grafana - Only a ConfigMap or Secret name must be provided when loading a custom ldap.toml file */}}
+{{- define "grafana.validateValues.ldap.configmapsecret" -}}
+{{- if and .Values.ldap.enabled (not (empty .Values.ldap.configMapName)) (not (empty .Values.ldap.secretName)) -}}
+grafana: ldap.enabled ldap.configMapName and ldap.secretName
+        You cannot load a custom ldap.toml file both from a ConfigMap and a Secret simultaneously
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Grafana - LDAP TLS validation */}}
+{{- define "grafana.validateValues.ldap.tls" -}}
+{{- if and .Values.ldap.enabled .Values.ldap.tls.enabled (empty .Values.ldap.tls.certificatesSecret) (or (not (empty .Values.ldap.tls.CAFilename)) (not (empty .Values.ldap.tls.certFilename)) (not (empty .Values.ldap.tls.certKeyFilename))) -}}
+grafana: ldap.enabled ldap.tls.enabled ldap.tls.certificatesSecret ldap.tls.CAFilename ldap.tls.certFilename and ldap.tls.certKeyFilename
+        You must set ldap.tls.certificatesSecret if you want to specify any certificate for LDAP TLS connection
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return LDAP configuration generated from ldap properties.
+*/}}
+{{- define "grafana.ldap.config" -}}
+{{- $hostPort := get (urlParse (required "You must set ldap.uri" .Values.ldap.uri)) "host" -}}
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = {{ index (splitList ":" $hostPort) 0 | quote }}
+# Default port is 389 or 636 if use_ssl = true
+port = {{ index (splitList ":" $hostPort) 1 | default 389 }}
+# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
+{{- if .Values.ldap.tls.enabled }}
+use_ssl = {{ .Values.ldap.tls.enabled }}
+ssl_skip_verify = {{ .Values.ldap.tls.skipVerify }}
+# If set to true, use LDAP with STARTTLS instead of LDAPS
+start_tls = {{ .Values.ldap.tls.startTls }}
+{{- if .Values.ldap.tls.CAFilename }}
+# set to the path to your root CA certificate or leave unset to use system defaults
+root_ca_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.CAFilename | quote }}
+{{- end }}
+{{- if .Values.ldap.tls.certFilename }}
+# Authentication against LDAP servers requiring client certificates
+client_cert = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.certFilename | quote }}
+client_key = {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath (required "ldap.tls.certKeyFilename is required when ldap.tls.certFilename is defined" .Values.ldap.tls.certKeyFilename) | quote }}
+{{- end }}
+{{- end }}
+{{- if .Values.ldap.binddn }}
+# Search user bind dn
+bind_dn = {{ .Values.ldap.binddn | quote }}
+{{- end }}
+{{- if .Values.ldap.bindpw }}
+# Search user bind password
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+bind_password = {{ .Values.ldap.bindpw | quote }}
+{{- end }}
+
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
+{{- if .Values.ldap.searchFilter }}
+search_filter = {{ .Values.ldap.searchFilter | quote }}
+{{- else if .Values.ldap.searchAttribute }}
+search_filter = "({{ .Values.ldap.searchAttribute }}=%s)"
+{{- end }}
+# An array of base dns to search through
+search_base_dns = [{{ (required "You must set ldap.basedn" .Values.ldap.basedn) | quote }}]
+
+{{ .Values.ldap.extraConfiguration }}
+{{- end -}}
+
+{{/* Validate values of Grafana - Requirements to use an external database */}}
+{{- define "grafana.validateValues.database" -}}
+{{- $replicaCount := int .Values.grafana.replicaCount }}
+{{- if gt $replicaCount 1 -}}
+grafana: replicaCount
+        Using more than one replica requires using an external database to share data between Grafana instances.
+        By default Grafana uses an internal sqlite3 per instance but you can configure an external MySQL or PostgreSQL.
+        Please, ensure you provide a configuration file configuring the external database to share data between replicas.
+{{- end -}}
+{{- end -}}

addons/grafana/10/charts/grafana/templates/_helpers.tpl

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}-envvars
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+    app.kubernetes.io/component: grafana
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | quote }}
+  {{- if .Values.imageRenderer.enabled }}
+  {{- $domain := .Values.clusterDomain }}
+  {{- $namespace := .Release.Namespace }}
+  GF_RENDERING_SERVER_URL: "http://{{ include "common.names.fullname" . }}-image-renderer.{{ $namespace }}.svc.{{ $domain }}:{{ .Values.imageRenderer.service.ports.imageRenderer }}/render"
+  GF_RENDERING_CALLBACK_URL: "http://{{ include "common.names.fullname" . }}.{{ $namespace }}.svc.{{ $domain }}:{{ .Values.service.ports.grafana }}/"
+  {{- end }}
+  {{- if .Values.plugins }}
+  GF_INSTALL_PLUGINS: {{ .Values.plugins | quote }}
+  {{- else }}
+  GF_INSTALL_PLUGINS: ""
+  {{- end }}
+  GF_PATHS_PLUGINS: "/opt/drycc/grafana/data/plugins"
+  GF_AUTH_LDAP_ENABLED: {{ .Values.ldap.enabled | quote }}
+  GF_AUTH_LDAP_CONFIG_FILE: "/opt/drycc/grafana/conf/ldap.toml"
+  GF_AUTH_LDAP_ALLOW_SIGN_UP: {{ .Values.ldap.allowSignUp | quote }}
+  GF_PATHS_PROVISIONING: "/opt/drycc/grafana/conf/provisioning"
+  GF_PATHS_CONFIG: "/opt/drycc/grafana/conf/grafana.ini"
+  GF_PATHS_DATA: "/opt/drycc/grafana/data"
+  GF_PATHS_LOGS: "/opt/drycc/grafana/logs"

addons/grafana/10/charts/grafana/templates/configmap.yaml

@@ -0,0 +1,41 @@
+{{- if and .Values.dashboardsProvider.enabled (not .Values.dashboardsProvider.configMapName) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}-provider
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+    app.kubernetes.io/component: grafana
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  default-provider.yaml: |-
+    apiVersion: 1
+
+    providers:
+      # <string> an unique provider name
+    - name: 'default-provider'
+      # <int> org id. will default to orgId 1 if not specified
+      orgId: 1
+      # <string, required> name of the dashboard folder. Required
+      folder: dashboards
+      # <string> folder UID. will be automatically generated if not specified
+      folderUid: ''
+      # <string, required> provider type. Required
+      type: file
+      # <bool> disable dashboard deletion
+      disableDeletion: false
+      # <bool> enable dashboard editing
+      editable: true
+      # <int> how often Grafana will scan for changed dashboards
+      updateIntervalSeconds: 10
+      options:
+        # <string, required> path to dashboard files on disk. Required
+        path: /opt/drycc/grafana/dashboards
+        # <bool> enable folders creation for dashboards
+        #foldersFromFilesStructure: true
+{{- end }}