Skip to content

Commit

Permalink
add rbac namespace for grafana
Browse files Browse the repository at this point in the history
  • Loading branch information
@momentmaker
momentmaker committed Feb 26, 2024
1 parent 51e768f commit 37184db
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 105 deletions.
105 changes: 0 additions & 105 deletions charts/chainlink-cluster/devspace.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,111 +300,6 @@ deployments:
# monitoring.coreos.com/v1 PodMonitor for each node
prometheusMonitor: true

# for tracing
opentelemetry-collector:
enabled: true
mode: deployment
image:
repository: otel/opentelemetry-collector
tag: 0.81.2
command:
name: otelcol
extraVolumes:
- name: trace-data
emptyDir: {}
extraVolumeMounts:
- name: trace-data
mountPath: /tracing
podSecurityContext:
fsGroup: 10001
securityContext:
runAsNonRoot: true
runAsUser: 10001
runAsGroup: 10001
config:
receivers:
otlp:
protocols:
grpc:
endpoint: "0.0.0.0:4317"
http:
endpoint: "0.0.0.0:3100"
exporters:
file:
path: /tracing/trace-data.json
otlp:
endpoint: tempo:4317
tls:
insecure: true
service:
telemetry:
logs:
level: "debug"
pipelines:
traces:
receivers: [otlp]
exporters: [file, otlp]

tempo:
enabled: true
image:
tag: "1.7.2"
server:
http_listen_port: 3200
# default storage path: /var/tempo/
readinessProbe:
httpGet:
path: /ready
port: 3200
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /ready
port: 3200
initialDelaySeconds: 20
periodSeconds: 10
securityContext:
runAsNonRoot: true
runAsUser: 10001
runAsGroup: 10001
tempo:
storage:
trace:
backend: local # backend configuration to use
wal:
path: /tmp/tempo/wal # where to store the the wal locally
local:
path: /tmp/tempo/blocks

grafana:
enabled: true
image:
tag: 7.3.2
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Tempo
type: tempo
access: proxy
orgId: 1
url: http://tempo:3200
basicAuth: false
isDefault: true
version: 1
editable: false
uid: tempo
jsonData:
httpMethod: GET
serviceMap:
datasourceUid: prometheus
env:
GF_AUTH_ANONYMOUS_ENABLED: "true"
GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
GF_AUTH_DISABLE_LOGIN_FORM: "true"
GF_FEATURE_TOGGLES_ENABLE: "traceqlEditor"

networkPolicy:
ingress:
# Should be a comma separated list of CIDR blocks. To include
Expand Down
51 changes: 51 additions & 0 deletions charts/chainlink-cluster/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,8 @@ grafana:
enabled: true
image:
tag: 7.3.2
rbac:
namespaced: true
datasources:
datasources.yaml:
apiVersion: 1
Expand Down Expand Up @@ -402,6 +404,55 @@ affinity:

networkPolicies:
enabled: true
customPolicies:
grafanaToTempoEgress:
podSelector:
matchLabels:
app: grafana
egress:
- to:
- podSelector:
matchLabels:
app: tempo
ports:
- protocol: TCP
port: 3100
tempoIngressFromGrafana:
podSelector:
matchLabels:
app: tempo
ingress:
- from:
- podSelector:
matchLabels:
app: grafana
ports:
- protocol: TCP
port: 3100
chainlinkToOtelCollectorEgress:
podSelector:
matchLabels:
app: chainlink
egress:
- to:
- podSelector:
matchLabels:
app: otel-collector
ports:
- protocol: TCP
port: 4317
otelCollectorToTempoEgress:
podSelector:
matchLabels:
app: otel-collector
egress:
- to:
- podSelector:
matchLabels:
app: tempo
ports:
- protocol: TCP
port: 3100

# Configure the default network policy.
networkPolicyDefault:
Expand Down

0 comments on commit 37184db

Please sign in to comment.