infrastructure/grafana.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: sysadmin
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: grafana-pvc
  namespace: sysadmin
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 10Gi
    limits:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: grafana
  namespace: sysadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      ms: grafana
  template:
    metadata:
      labels:
        ms: grafana
    spec:
      securityContext:
        fsGroup: 472
        supplementalGroups:
          - 0
      containers:
        - name: grafana
          image: grafana/grafana:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3000
              name: http-grafana
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /robots.txt
              port: 3000
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 2
          livenessProbe:
            failureThreshold: 3
            initialDelaySeconds: 30
            periodSeconds: 10
            successThreshold: 1
            tcpSocket:
              port: 3000
            timeoutSeconds: 1
          volumeMounts:
            - mountPath: /var/lib/grafana
              name: grafana-pv
      volumes:
        - name: grafana-pv
          persistentVolumeClaim:
            claimName: grafana-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: grafana
  namespace: sysadmin
spec:
  type: NodePort
  selector:
    ms: grafana
  ports:
    - port: 3000
      targetPort: 3000
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  namespace: sysadmin
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: florian@nocodelytics.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: traefik
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  namespace: sysadmin
  name: grafana
spec:
  secretName: grafana-net-tls
  issuerRef:
    name: letsencrypt-prod
    kind: Issuer
  commonName: grafana.nocodelytics.com
  dnsNames:
    - grafana.nocodelytics.com
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: sysadmin
  name: grafana-nginx-ingress
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: default-https-redirect@kubernetescrd
spec:
  rules:
    - host: grafana.nocodelytics.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: ssl-redirect
                port:
                  name: use-annotation
          - path: /
            pathType: Prefix
            backend:
              service:
                name: grafana
                port:
                  number: 3000
  tls:
    - hosts:
        - grafana.nocodelytics.com
      secretName: grafana-net-tls