apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: grafana-pvc
  namespace: sysadmin
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 10Gi
    limits:
      storage: 10Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: grafana-configmap
  namespace: sysadmin
data:
  defaults.ini: |
    instance_name = grafana

    [security]
    admin_user = admin
    admin_password = ${HTTP_SECRET}

    [database]
    type: postgres
    host: postgres.databases
    user: postgres
    password: ${POSTGRES_PASSWORD}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: grafana
  namespace: sysadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      ms: grafana
  template:
    metadata:
      labels:
        ms: grafana
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "3000"
    spec:
      securityContext:
        fsGroup: 472
        supplementalGroups:
          - 0
      containers:
        - name: grafana
          image: grafana/grafana:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3000
              name: http-grafana
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /robots.txt
              port: 3000
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 2
          livenessProbe:
            failureThreshold: 3
            initialDelaySeconds: 30
            periodSeconds: 10
            successThreshold: 1
            tcpSocket:
              port: 3000
            timeoutSeconds: 1
          volumeMounts:
            - name: grafana-pv
              mountPath: /var/lib/grafana
            - name: grafana-config
              mountPath: /etc/grafana/grafana.ini
              subPath: defaults.ini
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_PASSWORD
            - name: HTTP_SECRET
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: HTTP_SECRET
      volumes:
        - name: grafana-pv
          persistentVolumeClaim:
            claimName: grafana-pvc
        - name: grafana-config
          configMap:
            name: grafana-configmap
---
apiVersion: v1
kind: Service
metadata:
  name: grafana
  namespace: sysadmin
spec:
  type: ClusterIP
  selector:
    ms: grafana
  ports:
    - port: 3000
      targetPort: 3000
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: grafana
  namespace: sysadmin
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`grafana.nocodelytics.com`)
      kind: Rule
      services:
        - name: grafana
          port: 3000
  tls:
    certResolver: letsencrypt
    domains:
      - main: grafana.nocodelytics.com