Skip to content

Instantly share code, notes, and snippets.

@lazzarello

lazzarello/deployment.yaml

Created November 8, 2022 20:06
Show Gist options
  • Save lazzarello/3c0ff52effc4ece0686a48ddc6a3d37d to your computer and use it in GitHub Desktop.
Save lazzarello/3c0ff52effc4ece0686a48ddc6a3d37d to your computer and use it in GitHub Desktop.
Download ZIP
Grafana with SSO
Raw
deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
labels:
app: grafana
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- grafana
topologyKey: "kubernetes.io/hostname"
nodeSelector:
node.kubernetes.io/instancegroup: general
securityContext:
fsGroup: 472
runAsNonRoot: true
runAsUser: 472
containers:
- image: grafana
name: grafana
imagePullPolicy: IfNotPresent
env:
# The following env variables set up basic auth twith the default admin user and admin password.
- name: GF_SERVER_ROOT_URL
value: ""
- name: GF_AUTH_BASIC_ENABLED
value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "false"
- name: GF_AUTH_OAUTH_AUTO_LOGIN
value: "false"
- name: GF_AUTH_DISABLE_LOGIN_FORM
value: "false"
- name: GF_DASHBOARDS_MIN_REFRESH_INTERVAL
value: "1s"
- name: GF_DATAPROXY_LOGGING
value: "true"
- name: GF_DATAPROXY_TIMEOUT
value: "10m"
- name: GF_METRICS_ENABLED
value: "true"
- name: GF_PANELS_DISABLE_SANITIZE_HTML
value: "true"
- name: GF_SESSION_PROVIDER
value: redis
- name: GF_SESSION_PROVIDER_CONFIG
valueFrom:
secretKeyRef:
name: grafana
key: GF_SESSION_PROVIDER_CONFIG
- name: GF_DATABASE_TYPE
value: postgres
- name: GF_DATABASE_NAME
value: "grafana-dev"
- name: GF_DATABASE_HOST
valueFrom:
secretKeyRef:
name: grafana
key: GF_DATABASE_HOST
- name: GF_DATABASE_USER
valueFrom:
secretKeyRef:
name: grafana
key: GF_DATABASE_USER
- name: GF_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: grafana
key: GF_DATABASE_PASSWORD
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana
key: GF_SECURITY_ADMIN_PASSWORD
# Infinity Azure AD OAuth things
- name: GF_AUTH_AZUREAD_NAME
value: "Azure AD"
- name: GF_AUTH_AZUREAD_ENABLED
value: "true"
- name: GF_AUTH_AZUREAD_ALLOW_SIGN_UP
value: "true"
- name: GF_AUTH_AZUREAD_CLIENT_ID
value: ""
- name: GF_AUTH_AZUREAD_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: grafana
key: GF_AUTH_AZUREAD_CLIENT_SECRET
- name: GF_AUTH_AZUREAD_SCOPES
value: "openid email profile"
- name: GF_AUTH_AZUREAD_AUTH_URL
value: "https://login.microsoftonline.us/uuid/oauth2/v2.0/authorize"
- name: GF_AUTH_AZUREAD_TOKEN_URL
value: "https://login.microsoftonline.us/uuid/oauth2/v2.0/token"
- name: GF_AUTH_AZUREAD_ALLOWED_DOMAINS
value: ""
- name: GF_AUTH_AZUREAD_ALLOWED_GROUPS
value: ""
# infinity oauth things
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
value: "true"
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
value: "grafana-oauth"
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: grafana
key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
value: "openid email name"
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
value: "https://adfs/adfs/oauth2/authorize/"
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
value: "https://adfs/adfs/oauth2/token/"
- name: GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS
value: ""
- name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP
value: "true"
- name: GF_USERS_ALLOW_SIGN_UP
value: "false"
- name: GF_USERS_AUTO_ASSIGN_ORG_ROLE
value: "Editor"
- name: GF_SMTP_ENABLED
value: "true"
- name: GF_SMTP_HOST
value: ""
- name: GF_SMTP_USER
value: ""
- name: GF_SMTP_PASSWORD
value: ""
readinessProbe:
httpGet:
path: /api/health
port: 3000
timeoutSeconds: 3
---
apiVersion: v1
kind: Secret
metadata:
name: grafana
type: Opaque
data:
GF_DATABASE_USER:
GF_DATABASE_PASSWORD:
GF_DATABASE_HOST:
GF_SESSION_PROVIDER_CONFIG:
GF_SECURITY_ADMIN_PASSWORD:
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
GF_AUTH_AZUREAD_CLIENT_SECRET:
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment