Grafana
Usage example¶
Example
apiVersion: aiven.io/v1alpha1
kind: Grafana
metadata:
name: my-grafana
spec:
authSecretRef:
name: aiven-token
key: token
connInfoSecretTarget:
name: grafana-secret
prefix: MY_SECRET_PREFIX_
annotations:
foo: bar
labels:
baz: egg
project: my-aiven-project
cloudName: google-europe-west1
plan: startup-1
maintenanceWindowDow: sunday
maintenanceWindowTime: 11:00:00
userConfig:
public_access:
grafana: true
ip_filter:
- network: 0.0.0.0
description: whatever
- network: 10.20.0.0/16
Info
To create this resource, a Secret
containing Aiven token must be created first.
Apply the resource with:
Verify the newly created Grafana
:
The output is similar to the following:
To view the details of the Secret
, use the following command:
You can use the jq to quickly decode the Secret
:
The output is similar to the following:
{
"GRAFANA_HOST": "<secret>",
"GRAFANA_PORT": "<secret>",
"GRAFANA_USER": "<secret>",
"GRAFANA_PASSWORD": "<secret>",
"GRAFANA_URI": "<secret>",
"GRAFANA_HOSTS": "<secret>",
}
Grafana¶
Grafana is the Schema for the grafanas API.
Exposes secret keys
GRAFANA_HOST
, GRAFANA_PORT
, GRAFANA_USER
, GRAFANA_PASSWORD
, GRAFANA_URI
, GRAFANA_HOSTS
.
Required
apiVersion
(string). Valueaiven.io/v1alpha1
.kind
(string). ValueGrafana
.metadata
(object). Data that identifies the object, including aname
string and optionalnamespace
.spec
(object). GrafanaSpec defines the desired state of Grafana. See below for nested schema.
spec¶
Appears on Grafana
.
GrafanaSpec defines the desired state of Grafana.
Required
plan
(string, MaxLength: 128). Subscription plan.project
(string, Immutable, Pattern:^[a-zA-Z0-9_-]+$
, MaxLength: 63). Identifies the project this resource belongs to.
Optional
authSecretRef
(object). Authentication reference to Aiven token in a secret. See below for nested schema.cloudName
(string, MaxLength: 256). Cloud the service runs in.connInfoSecretTarget
(object). Secret configuration. See below for nested schema.connInfoSecretTargetDisabled
(boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.disk_space
(string, Pattern:(?i)^[1-9][0-9]*(GiB|G)?$
). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. The removal of this field does not change the value.maintenanceWindowDow
(string, Enum:monday
,tuesday
,wednesday
,thursday
,friday
,saturday
,sunday
). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.maintenanceWindowTime
(string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.projectVPCRef
(object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.projectVpcId
(string, MaxLength: 36). Identifier of the VPC the service should be in, if any.serviceIntegrations
(array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.tags
(object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.technicalEmails
(array of objects, MaxItems: 10). Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability. See below for nested schema.terminationProtection
(boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.userConfig
(object). Cassandra specific user configuration options. See below for nested schema.
authSecretRef¶
Appears on spec
.
Authentication reference to Aiven token in a secret.
Required
connInfoSecretTarget¶
Appears on spec
.
Secret configuration.
Required
name
(string, Immutable). Name of the secret resource to be created. By default, it is equal to the resource name.
Optional
annotations
(object, AdditionalProperties: string). Annotations added to the secret.labels
(object, AdditionalProperties: string). Labels added to the secret.prefix
(string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g.KAFKA_
,REDIS_
, etc.
projectVPCRef¶
Appears on spec
.
ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.
Required
name
(string, MinLength: 1).
Optional
namespace
(string, MinLength: 1).
serviceIntegrations¶
Appears on spec
.
Service integrations to specify when creating a service. Not applied after initial service creation.
Required
integrationType
(string, Enum:read_replica
).sourceServiceName
(string, MinLength: 1, MaxLength: 64).
technicalEmails¶
Appears on spec
.
Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability.
Required
email
(string). Email address.
userConfig¶
Appears on spec
.
Cassandra specific user configuration options.
Optional
additional_backup_regions
(array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.alerting_enabled
(boolean). DEPRECATED: setting has no effect with Grafana 11 and onward. Enable or disable Grafana legacy alerting functionality. This should not be enabled with unified_alerting_enabled.alerting_error_or_timeout
(string, Enum:alerting
,keep_state
). Default error or timeout setting for new alerting rules.alerting_max_annotations_to_keep
(integer, Minimum: 0, Maximum: 1000000). Max number of alert annotations that Grafana stores. 0 (default) keeps all alert annotations.alerting_nodata_or_nullvalues
(string, Enum:alerting
,keep_state
,no_data
,ok
). Default value for 'no data or null values' for new alerting rules.allow_embedding
(boolean). Allow embedding Grafana dashboards with iframe/frame/object/embed tags. Disabled by default to limit impact of clickjacking.auth_azuread
(object). Azure AD OAuth integration. See below for nested schema.auth_basic_enabled
(boolean). Enable or disable basic authentication form, used by Grafana built-in login.auth_generic_oauth
(object). Generic OAuth integration. See below for nested schema.auth_github
(object). Github Auth integration. See below for nested schema.auth_gitlab
(object). GitLab Auth integration. See below for nested schema.auth_google
(object). Google Auth integration. See below for nested schema.cookie_samesite
(string, Enum:lax
,none
,strict
). Cookie SameSite attribute:strict
prevents sending cookie for cross-site requests, effectively disabling direct linking from other sites to Grafana.lax
is the default value.custom_domain
(string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.dashboard_previews_enabled
(boolean). Enable browsing of dashboards in grid (pictures) mode. This feature is new in Grafana 9 and is quite resource intensive. It may cause low-end plans to work more slowly while the dashboard previews are rendering.dashboards_min_refresh_interval
(string, Pattern:^[0-9]+(ms|s|m|h|d)$
, MaxLength: 16). Signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, 1h.dashboards_versions_to_keep
(integer, Minimum: 1, Maximum: 100). Dashboard versions to keep per dashboard.dataproxy_send_user_header
(boolean). SendX-Grafana-User
header to data source.dataproxy_timeout
(integer, Minimum: 15, Maximum: 90). Timeout for data proxy requests in seconds.date_formats
(object). Grafana date format specifications. See below for nested schema.disable_gravatar
(boolean). Set to true to disable gravatar. Defaults to false (gravatar is enabled).editors_can_admin
(boolean). Editors can manage folders, teams and dashboards created by them.external_image_storage
(object). External image store settings. See below for nested schema.google_analytics_ua_id
(string, Pattern:^(G|UA|YT|MO)-[a-zA-Z0-9-]+$
, MaxLength: 64). Google Analytics ID.ip_filter
(array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g.10.20.0.0/16
. See below for nested schema.metrics_enabled
(boolean). Enable Grafana's /metrics endpoint.oauth_allow_insecure_email_lookup
(boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP.private_access
(object). Allow access to selected service ports from private networks. See below for nested schema.privatelink_access
(object). Allow access to selected service components through Privatelink. See below for nested schema.project_to_fork_from
(string, Immutable, Pattern:^[a-z][-a-z0-9]{0,63}$|^$
, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.public_access
(object). Allow access to selected service ports from the public Internet. See below for nested schema.recovery_basebackup_name
(string, Pattern:^[a-zA-Z0-9-_:.]+$
, MaxLength: 128). Name of the basebackup to restore in forked service.service_log
(boolean). Store logs for the service so that they are available in the HTTP API and console.service_to_fork_from
(string, Immutable, Pattern:^[a-z][-a-z0-9]{0,63}$|^$
, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.smtp_server
(object). SMTP server settings. See below for nested schema.static_ips
(boolean). Use static public IP addresses.unified_alerting_enabled
(boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/ for more details.user_auto_assign_org
(boolean). Auto-assign new users on signup to main organization. Defaults to false.user_auto_assign_org_role
(string, Enum:Admin
,Editor
,Viewer
). Set role for new signups. Defaults to Viewer.viewers_can_edit
(boolean). Users with view-only permission can edit but not save dashboards.wal
(boolean). Setting to enable/disable Write-Ahead Logging. The default value is false (disabled).
auth_azuread¶
Appears on spec.userConfig
.
Azure AD OAuth integration.
Required
auth_url
(string, MaxLength: 2048). Authorization URL.client_id
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.token_url
(string, MaxLength: 2048). Token URL.
Optional
allow_sign_up
(boolean). Automatically sign-up users on successful sign-in.allowed_domains
(array of strings, MaxItems: 50). Allowed domains.allowed_groups
(array of strings, MaxItems: 50). Require users to belong to one of given groups.
auth_generic_oauth¶
Appears on spec.userConfig
.
Generic OAuth integration.
Required
api_url
(string, MaxLength: 2048). API URL.auth_url
(string, MaxLength: 2048). Authorization URL.client_id
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.token_url
(string, MaxLength: 2048). Token URL.
Optional
allow_sign_up
(boolean). Automatically sign-up users on successful sign-in.allowed_domains
(array of strings, MaxItems: 50). Allowed domains.allowed_organizations
(array of strings, MaxItems: 50). Require user to be member of one of the listed organizations.auto_login
(boolean). Allow users to bypass the login screen and automatically log in.name
(string, Pattern:^[a-zA-Z0-9_\- ]+$
, MaxLength: 128). Name of the OAuth integration.scopes
(array of strings, MaxItems: 50). OAuth scopes.use_refresh_token
(boolean). Set to true to use refresh token and check access token expiration.
auth_github¶
Appears on spec.userConfig
.
Github Auth integration.
Required
client_id
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.
Optional
allow_sign_up
(boolean). Automatically sign-up users on successful sign-in.allowed_organizations
(array of strings, MaxItems: 50). Require users to belong to one of given organizations.auto_login
(boolean). Allow users to bypass the login screen and automatically log in.skip_org_role_sync
(boolean). Stop automatically syncing user roles.team_ids
(array of integers, MaxItems: 50). Require users to belong to one of given team IDs.
auth_gitlab¶
Appears on spec.userConfig
.
GitLab Auth integration.
Required
allowed_groups
(array of strings, MaxItems: 50). Require users to belong to one of given groups.client_id
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.
Optional
allow_sign_up
(boolean). Automatically sign-up users on successful sign-in.api_url
(string, MaxLength: 2048). This only needs to be set when using self hosted GitLab.auth_url
(string, MaxLength: 2048). This only needs to be set when using self hosted GitLab.token_url
(string, MaxLength: 2048). This only needs to be set when using self hosted GitLab.
auth_google¶
Appears on spec.userConfig
.
Google Auth integration.
Required
allowed_domains
(array of strings, MaxItems: 64). Domains allowed to sign-in to this Grafana.client_id
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
(string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.
Optional
allow_sign_up
(boolean). Automatically sign-up users on successful sign-in.
date_formats¶
Appears on spec.userConfig
.
Grafana date format specifications.
Optional
default_timezone
(string, MaxLength: 64). Default time zone for user preferences. Valuebrowser
uses browser local time zone.full_date
(string, MaxLength: 128). Moment.js style format string for cases where full date is shown.interval_day
(string, MaxLength: 128). Moment.js style format string used when a time requiring day accuracy is shown.interval_hour
(string, MaxLength: 128). Moment.js style format string used when a time requiring hour accuracy is shown.interval_minute
(string, MaxLength: 128). Moment.js style format string used when a time requiring minute accuracy is shown.interval_month
(string, MaxLength: 128). Moment.js style format string used when a time requiring month accuracy is shown.interval_second
(string, MaxLength: 128). Moment.js style format string used when a time requiring second accuracy is shown.interval_year
(string, MaxLength: 128). Moment.js style format string used when a time requiring year accuracy is shown.
external_image_storage¶
Appears on spec.userConfig
.
External image store settings.
Required
access_key
(string, Pattern:^[A-Z0-9]+$
, MaxLength: 4096). S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions.bucket_url
(string, MaxLength: 2048). Bucket URL for S3.provider
(string, Enum:s3
). External image store provider.secret_key
(string, Pattern:^[A-Za-z0-9/+=]+$
, MaxLength: 4096). S3 secret key.
ip_filter¶
Appears on spec.userConfig
.
CIDR address block, either as a string, or in a dict with an optional description field.
Required
network
(string, MaxLength: 43). CIDR address block.
Optional
description
(string, MaxLength: 1024). Description for IP filter list entry.
private_access¶
Appears on spec.userConfig
.
Allow access to selected service ports from private networks.
Required
grafana
(boolean). Allow clients to connect to grafana with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.
privatelink_access¶
Appears on spec.userConfig
.
Allow access to selected service components through Privatelink.
Required
grafana
(boolean). Enable grafana.
public_access¶
Appears on spec.userConfig
.
Allow access to selected service ports from the public Internet.
Required
grafana
(boolean). Allow clients to connect to grafana from the public internet for service nodes that are in a project VPC or another type of private network.
smtp_server¶
Appears on spec.userConfig
.
SMTP server settings.
Required
from_address
(string, MaxLength: 319). Address used for sending emails.host
(string, MaxLength: 255). Server hostname or IP.port
(integer, Minimum: 1, Maximum: 65535). SMTP server port.
Optional
from_name
(string, Pattern:^[^\x00-\x1F]+$
, MaxLength: 128). Name used in outgoing emails, defaults to Grafana.password
(string, Pattern:^[^\x00-\x1F]+$
, MaxLength: 255). Password for SMTP authentication.skip_verify
(boolean). Skip verifying server certificate. Defaults to false.starttls_policy
(string, Enum:MandatoryStartTLS
,NoStartTLS
,OpportunisticStartTLS
). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS.username
(string, Pattern:^[^\x00-\x1F]+$
, MaxLength: 255). Username for SMTP authentication.