----
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: grafana
- layeringDefinition:
- abstract: false
- layer: global
- storagePolicy: cleartext
- substitutions:
- # Chart source
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .charts.osh_infra.grafana
- dest:
- path: .source
-
- # Images
- - src:
- schema: pegleg/SoftwareVersions/v1
- name: software-versions
- path: .images.osh_infra.grafana
- dest:
- path: .values.images.tags
-
- # Endpoints
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.oslo_db
- dest:
- path: .values.endpoints.oslo_db
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.oslo_db
- dest:
- path: .values.endpoints.oslo_db_session
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.grafana
- dest:
- path: .values.endpoints.grafana
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.monitoring
- dest:
- path: .values.endpoints.monitoring
- - src:
- schema: pegleg/EndpointCatalogue/v1
- name: osh_infra_endpoints
- path: .osh_infra.ldap
- dest:
- path: .values.endpoints.ldap
- # Accounts
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.admin
- dest:
- path: .values.endpoints.grafana.auth.admin
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db
- dest:
- path: .values.endpoints.oslo_db.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db.database
- dest:
- path: .values.endpoints.oslo_db.path
- pattern: DB_NAME
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db_session
- dest:
- path: .values.endpoints.oslo_db_session.auth.user
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.grafana.oslo_db_session.database
- dest:
- path: .values.endpoints.oslo_db_session.path
- pattern: DB_NAME
-
- # Secrets
- - dest:
- path: .values.endpoints.grafana.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_grafana_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_grafana_oslo_db_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_session.auth.user.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_grafana_oslo_db_session_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_oslo_db_admin_password
- path: .
- - dest:
- path: .values.endpoints.oslo_db_session.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_infra_oslo_db_admin_password
- path: .
-
- # LDAP Configuration Details
- - src:
- schema: pegleg/AccountCatalogue/v1
- name: osh_infra_service_accounts
- path: .osh_infra.ldap.admin.bind
- dest:
- path: .values.endpoints.ldap.auth.admin.bind_dn
- - dest:
- path: .values.endpoints.ldap.auth.admin.password
- src:
- schema: deckhand/Passphrase/v1
- name: osh_keystone_ldap_password
- path: .
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.subdomain
- dest:
- path: .values.conf.ldap.config.base_dns.search
- pattern: SUBDOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.domain
- dest:
- path: .values.conf.ldap.config.base_dns.search
- pattern: DOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.subdomain
- dest:
- path: .values.conf.ldap.config.base_dns.group_search
- pattern: SUBDOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.domain
- dest:
- path: .values.conf.ldap.config.base_dns.group_search
- pattern: DOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.common_name
- dest:
- path: .values.conf.ldap.config.filters.group_search
- pattern: COMMON_NAME
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.subdomain
- dest:
- path: .values.conf.ldap.config.filters.group_search
- pattern: SUBDOMAIN
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .ldap.domain
- dest:
- path: .values.conf.ldap.config.filters.group_search
- pattern: DOMAIN
-data:
- chart_name: grafana
- release: grafana
- namespace: osh-infra
- wait:
- timeout: 900
- labels:
- release_group: airship-grafana
- install:
- no_hooks: false
- upgrade:
- no_hooks: false
- pre:
- delete:
- - type: job
- labels:
- release_group: airship-grafana
- post:
- create: []
- values:
- labels:
- grafana:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- conf:
- ldap:
- config:
- base_dns:
- search: "DC=SUBDOMAIN,DC=DOMAIN,DC=com"
- group_search: "OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com"
- filters:
- search: "(sAMAccountName=%s)"
- group_search: "(memberof=CN=COMMON_NAME,OU=Application,OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com)"
- template: |
- verbose_logging = true
- [[servers]]
- host = "{{ tuple "ldap" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
- port = {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- use_ssl = false
- start_tls = false
- ssl_skip_verify = false
- bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
- bind_password = '{{ .Values.endpoints.ldap.auth.admin.password }}'
- search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
- search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
- group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
- [servers.attributes]
- username = "sAMAccountName"
- surname = "sn"
- member_of = "memberof"
- email = "mail"
- [[servers.group_mappings]]
- group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
- org_role = "Admin"
- [[servers.group_mappings]]
- group_dn = "*"
- org_role = "Viewer"
- pod:
- replicas:
- grafana: 2
- dependencies:
- - osh-infra-helm-toolkit
-...