Skip to content

Commit

Permalink
Fix/chown grafana (#21)
Browse files Browse the repository at this point in the history
* chore: block chown for initcontainers of grafana

* chore: made app-readme more specific regarding values.yaml
  • Loading branch information
puffitos authored Oct 16, 2023
1 parent d173077 commit 564f5a4
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 28 deletions.
37 changes: 22 additions & 15 deletions app-readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -171,22 +171,29 @@ To monitor additional Prometheus targets with `ServiceMonitors` and/or `Alertman

### helm values

Change at least the kube-prometheus-stack selectors to target the namespaces of your project:

```yaml
alertmanagerConfigNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-q8bp8
podMonitorNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-q8bp8
probeNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-q8bp8
ruleNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-q8bp8
serviceMonitorNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-q8bp8
kube-prometheus-stack:
alertmanager:
alertmanagerSpec:
alertmanagerConfigNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-xxxxx
prometheus:
prometheusSpec:
podMonitorNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-xxxxx
probeNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-xxxxx
ruleNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-xxxxx
serviceMonitorNamespaceSelector:
matchLabels:
field.cattle.io/projectId: p-xxxxx
```

</details>
22 changes: 9 additions & 13 deletions values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,19 @@ caas:
nameOverride: ""
# overrides the default namespace for caas related resources
namespaceOverride: ""
#
#
# patch job to set securityContect in Prometheus/Alertmanager statefulset
patchjob:
enabled: false
image:
repository: mtr.devops.telekom.de/caas/kubectl
tag: latest
pullPolicy: IfNotPresent
pullPolicy: IfNotPresent
# minimal permissions for pod
podSecurityContext:
fsGroup: 1000
supplementalGroups:
- 1000
- 1000
# resources for kubectl job
resources:
requests:
Expand All @@ -47,7 +47,7 @@ caas:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL
privileged: false
runAsUser: 1000
runAsGroup: 1000
Expand Down Expand Up @@ -432,7 +432,7 @@ kube-prometheus-stack:
securityContext:
fsGroup: 2000
supplementalGroups:
- 1000
- 1000
volumes: []
volumeMounts: []
global:
Expand Down Expand Up @@ -531,6 +531,8 @@ kube-prometheus-stack:
image:
repository: mtr.devops.telekom.de/kubeprometheusstack/grafana
tag: 10.1.4
initChownData:
enabled: false
namespaceOverride: ""
nameOverride: project-monitoring-grafana
rbac:
Expand All @@ -552,7 +554,7 @@ kube-prometheus-stack:
runAsUser: 472
runAsGroup: 472
supplementalGroups:
- 472
- 472
sidecar:
image:
repository: mtr.devops.telekom.de/kubeprometheusstack/k8s-sidecar
Expand Down Expand Up @@ -711,12 +713,6 @@ kube-prometheus-stack:
#podMonitorNamespaceSelector:
# matchLabels:
# "field.cattle.io/projectId": *projectId
# probeNamespaceSelector:
# matchExpressions:
# - key: release
# operator: NotIn
# values:
# - rancher-monitoring
#probeNamespaceSelector:
# matchLabels:
# "field.cattle.io/projectId": *projectId
Expand Down Expand Up @@ -754,7 +750,7 @@ kube-prometheus-stack:
securityContext:
fsGroup: 2000
supplementalGroups:
- 1000
- 1000
serviceMonitorSelector:
matchExpressions:
- key: release
Expand Down

0 comments on commit 564f5a4

Please sign in to comment.