auricom-home-cluster/cluster/apps/monitoring/grafana/helm-release.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: grafana
  namespace: monitoring
spec:
  interval: 15m
  chart:
    spec:
      chart: grafana
      version: 6.38.0
      sourceRef:
        kind: HelmRepository
        name: grafana-charts
        namespace: flux-system
      interval: 15m
  install:
    createNamespace: true
    remediation:
      retries: 5
  upgrade:
    remediation:
      retries: 5
  values:
    env:
      GF_EXPLORE_ENABLED: true
      GF_PANELS_DISABLE_SANITIZE_HTML: true
      GF_LOG_FILTERS: rendering:debug
      GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
      GF_SECURITY_ALLOW_EMBEDDING: true
      GF_SECURITY_COOKIE_SAMESITE: grafana
    admin:
      existingSecret: grafana-admin-creds
    grafana.ini:
      auth:
        signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
        oauth_auto_login: false
      auth.generic_oauth:
        enabled: true
        name: Authelia
        client_id: grafana
        client_secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}"
        scopes: "openid profile email groups"
        empty_scopes: false
        auth_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
        token_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token"
        api_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo"
        login_attribute_path: preferred_username
        groups_attribute_path: groups
        name_attribute_path: name
        use_pkce: true
      auth.generic_oauth.group_mapping:
        role_attribute_path: |
          contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'people') && 'Viewer'
        org_id: 1
      auth.basic:
        disable_login_form: false
      auth.anonymous:
        enabled: true
        org_name: HomeOps
        org_id: 1
        org_role: Viewer
      server:
        root_url: "https://grafana.${SECRET_CLUSTER_DOMAIN}"
      paths:
        data: /var/lib/grafana/data
        logs: /var/log/grafana
        plugins: /var/lib/grafana/plugins
        provisioning: /etc/grafana/provisioning
      analytics:
        check_for_updates: false
      log:
        mode: console
      grafana_net:
        url: https://grafana.net
    dashboardProviders:
      dashboardproviders.yaml:
        apiVersion: 1
        providers:
          - name: "default"
            orgId: 1
            folder: ""
            type: file
            disableDeletion: false
            editable: true
            options:
              path: /var/lib/grafana/dashboards/default
    datasources:
      datasources.yaml:
        apiVersion: 1
        # list of datasources that should be deleted from the database
        deleteDatasources:
          - name: Loki
            orgId: 1
        datasources:
          - name: Prometheus
            type: prometheus
            access: proxy
            url: http://thanos-query.monitoring.svc.cluster.local:9090
            isDefault: true
          # - name: Loki
          #   type: loki
          #   access: proxy
          #   url: http://loki-gateway.monitoring.svc.cluster.local:80
    dashboards:
      default:
        home-assistant:
          url: https://raw.githubusercontent.com/auricom/home-ops/main/cluster/apps/monitoring/grafana/dashboards/home-assistant.json
          datasource: Prometheus
        homelab-temperatures:
          url: https://raw.githubusercontent.com/auricom/home-ops/main/cluster/apps/monitoring/grafana/dashboards/homelab-temperatures.json
          datasource: Prometheus
        truenas:
          url: https://raw.githubusercontent.com/auricom/home-ops/main/cluster/apps/monitoring/grafana/dashboards/truenas.json
          datasource: Prometheus
    sidecar:
      dashboards:
        enabled: true
        searchNamespace: ALL
        # folderAnnotation: grafana_folder
        # provider:
        #   foldersFromFilesStructure: true
      datasources:
        enabled: true
        searchNamespace: ALL
    plugins:
      - natel-discrete-panel
      - pr0ps-trackmap-panel
      - grafana-piechart-panel
      - vonage-status-panel
      - grafana-worldmap-panel
      - grafana-clock-panel
    serviceMonitor:
      enabled: true
    ingress:
      enabled: true
      ingressClassName: "nginx"
      annotations:
        nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
        nginx.ingress.kubernetes.io/affinity: "cookie"
        nginx.ingress.kubernetes.io/session-cookie-name: "grafana"
        nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
        nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
      hosts:
        - &host "grafana.${SECRET_CLUSTER_DOMAIN}"
      tls:
        - hosts:
            - *host
    persistence:
      enabled: false
    affinity:
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values: ["grafana"]
              topologyKey: kubernetes.io/hostname