apiVersion: apps/v1 kind: Deployment metadata: name: grafana namespace: grafana labels: app: grafana spec: selector: matchLabels: app: grafana template: metadata: labels: app: grafana spec: securityContext: fsGroup: 472 supplementalGroups: - 0 containers: - name: grafana image: grafana/grafana:latest imagePullPolicy: IfNotPresent ports: - containerPort: 3000 name: http-grafana protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /robots.txt port: 3000 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 2 livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 3000 timeoutSeconds: 1 env: - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT value: "false" - name: GF_AUTH_GENERIC_OAUTH_SCOPES value: "openid profile email groups" - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH value: "contains(groups, 'grafana_admin') && 'Admin' || 'Viewer'" - name: GF_SERVER_ROOT_URL value: "https://obs.prod.panic.haus/" - name: GF_SERVER_DOMAIN value: "obs.prod.panic.haus" resources: requests: cpu: 250m memory: 750Mi volumeMounts: - mountPath: /var/lib/grafana name: grafana-pv - name: grafana-datasources mountPath: /etc/grafana/provisioning/datasources/datasources.yaml subPath: datasources.yaml volumes: - name: grafana-pv persistentVolumeClaim: claimName: grafana-pvc - name: grafana-datasources configMap: name: grafana-datasources