title |
---|
Grafana |
??? example ```yaml apiVersion: aiven.io/v1alpha1 kind: Grafana metadata: name: my-grafana spec: authSecretRef: name: aiven-token key: token
connInfoSecretTarget:
name: grafana-secret
prefix: MY_SECRET_PREFIX_
annotations:
foo: bar
labels:
baz: egg
project: my-aiven-project
cloudName: google-europe-west1
plan: startup-1
maintenanceWindowDow: sunday
maintenanceWindowTime: 11:00:00
userConfig:
public_access:
grafana: true
ip_filter:
- network: 0.0.0.0
description: whatever
- network: 10.20.0.0/16
```
Grafana is the Schema for the grafanas API.
!!! Info "Exposes secret keys"
`GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`.
Required
apiVersion
{: name='apiVersion-property'} (string). Valueaiven.io/v1alpha1
.kind
{: name='kind-property'} (string). ValueGrafana
.metadata
{: name='metadata-property'} (object). Data that identifies the object, including aname
string and optionalnamespace
.spec
{: name='spec-property'} (object). GrafanaSpec defines the desired state of Grafana. See below for nested schema.
Appears on Grafana
.
GrafanaSpec defines the desired state of Grafana.
Required
plan
{: name='spec.plan-property'} (string, MaxLength: 128). Subscription plan.project
{: name='spec.project-property'} (string, Immutable, MaxLength: 63, Format:^[a-zA-Z0-9_-]+$
). Identifies the project this resource belongs to.
Optional
authSecretRef
{: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for nested schema.cloudName
{: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in.connInfoSecretTarget
{: name='spec.connInfoSecretTarget-property'} (object). Secret configuration. See below for nested schema.connInfoSecretTargetDisabled
{: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.disk_space
{: name='spec.disk_space-property'} (string, Format:^[1-9][0-9]*(GiB|G)*
). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.maintenanceWindowDow
{: name='spec.maintenanceWindowDow-property'} (string, Enum:monday
,tuesday
,wednesday
,thursday
,friday
,saturday
,sunday
). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.maintenanceWindowTime
{: name='spec.maintenanceWindowTime-property'} (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.projectVPCRef
{: name='spec.projectVPCRef-property'} (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.projectVpcId
{: name='spec.projectVpcId-property'} (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.serviceIntegrations
{: name='spec.serviceIntegrations-property'} (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.tags
{: name='spec.tags-property'} (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.technicalEmails
{: name='spec.technicalEmails-property'} (array of objects, MaxItems: 10). Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability. See below for nested schema.terminationProtection
{: name='spec.terminationProtection-property'} (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.userConfig
{: name='spec.userConfig-property'} (object). Cassandra specific user configuration options. See below for nested schema.
Appears on spec
.
Authentication reference to Aiven token in a secret.
Required
key
{: name='spec.authSecretRef.key-property'} (string, MinLength: 1).name
{: name='spec.authSecretRef.name-property'} (string, MinLength: 1).
Appears on spec
.
Secret configuration.
Required
name
{: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name.
Optional
annotations
{: name='spec.connInfoSecretTarget.annotations-property'} (object, AdditionalProperties: string). Annotations added to the secret.labels
{: name='spec.connInfoSecretTarget.labels-property'} (object, AdditionalProperties: string). Labels added to the secret.prefix
{: name='spec.connInfoSecretTarget.prefix-property'} (string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g.KAFKA_
,REDIS_
, etc.
Appears on spec
.
ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.
Required
name
{: name='spec.projectVPCRef.name-property'} (string, MinLength: 1).
Optional
namespace
{: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1).
Appears on spec
.
Service integrations to specify when creating a service. Not applied after initial service creation.
Required
integrationType
{: name='spec.serviceIntegrations.integrationType-property'} (string, Enum:read_replica
).sourceServiceName
{: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64).
Appears on spec
.
Defines the email addresses that will receive alerts about upcoming maintenance updates or warnings about service instability.
Required
email
{: name='spec.technicalEmails.email-property'} (string, Format:^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$
). Email address.
Appears on spec
.
Cassandra specific user configuration options.
Optional
additional_backup_regions
{: name='spec.userConfig.additional_backup_regions-property'} (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.alerting_enabled
{: name='spec.userConfig.alerting_enabled-property'} (boolean). Enable or disable Grafana legacy alerting functionality. This should not be enabled with unified_alerting_enabled.alerting_error_or_timeout
{: name='spec.userConfig.alerting_error_or_timeout-property'} (string, Enum:alerting
,keep_state
). Default error or timeout setting for new alerting rules.alerting_max_annotations_to_keep
{: name='spec.userConfig.alerting_max_annotations_to_keep-property'} (integer, Minimum: 0, Maximum: 1000000). Max number of alert annotations that Grafana stores. 0 (default) keeps all alert annotations.alerting_nodata_or_nullvalues
{: name='spec.userConfig.alerting_nodata_or_nullvalues-property'} (string, Enum:alerting
,no_data
,keep_state
,ok
). Default value for 'no data or null values' for new alerting rules.allow_embedding
{: name='spec.userConfig.allow_embedding-property'} (boolean). Allow embedding Grafana dashboards with iframe/frame/object/embed tags. Disabled by default to limit impact of clickjacking.auth_azuread
{: name='spec.userConfig.auth_azuread-property'} (object). Azure AD OAuth integration. See below for nested schema.auth_basic_enabled
{: name='spec.userConfig.auth_basic_enabled-property'} (boolean). Enable or disable basic authentication form, used by Grafana built-in login.auth_generic_oauth
{: name='spec.userConfig.auth_generic_oauth-property'} (object). Generic OAuth integration. See below for nested schema.auth_github
{: name='spec.userConfig.auth_github-property'} (object). Github Auth integration. See below for nested schema.auth_gitlab
{: name='spec.userConfig.auth_gitlab-property'} (object). GitLab Auth integration. See below for nested schema.auth_google
{: name='spec.userConfig.auth_google-property'} (object). Google Auth integration. See below for nested schema.cookie_samesite
{: name='spec.userConfig.cookie_samesite-property'} (string, Enum:lax
,strict
,none
). Cookie SameSite attribute:strict
prevents sending cookie for cross-site requests, effectively disabling direct linking from other sites to Grafana.lax
is the default value.custom_domain
{: name='spec.userConfig.custom_domain-property'} (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.dashboard_previews_enabled
{: name='spec.userConfig.dashboard_previews_enabled-property'} (boolean). This feature is new in Grafana 9 and is quite resource intensive. It may cause low-end plans to work more slowly while the dashboard previews are rendering.dashboards_min_refresh_interval
{: name='spec.userConfig.dashboards_min_refresh_interval-property'} (string, Pattern:^[0-9]+(ms|s|m|h|d)$
, MaxLength: 16). Signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, 1h.dashboards_versions_to_keep
{: name='spec.userConfig.dashboards_versions_to_keep-property'} (integer, Minimum: 1, Maximum: 100). Dashboard versions to keep per dashboard.dataproxy_send_user_header
{: name='spec.userConfig.dataproxy_send_user_header-property'} (boolean). SendX-Grafana-User
header to data source.dataproxy_timeout
{: name='spec.userConfig.dataproxy_timeout-property'} (integer, Minimum: 15, Maximum: 90). Timeout for data proxy requests in seconds.date_formats
{: name='spec.userConfig.date_formats-property'} (object). Grafana date format specifications. See below for nested schema.disable_gravatar
{: name='spec.userConfig.disable_gravatar-property'} (boolean). Set to true to disable gravatar. Defaults to false (gravatar is enabled).editors_can_admin
{: name='spec.userConfig.editors_can_admin-property'} (boolean). Editors can manage folders, teams and dashboards created by them.external_image_storage
{: name='spec.userConfig.external_image_storage-property'} (object). External image store settings. See below for nested schema.google_analytics_ua_id
{: name='spec.userConfig.google_analytics_ua_id-property'} (string, Pattern:^(G|UA|YT|MO)-[a-zA-Z0-9-]+$
, MaxLength: 64). Google Analytics ID.ip_filter
{: name='spec.userConfig.ip_filter-property'} (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g.10.20.0.0/16
. See below for nested schema.metrics_enabled
{: name='spec.userConfig.metrics_enabled-property'} (boolean). Enable Grafana /metrics endpoint.oauth_allow_insecure_email_lookup
{: name='spec.userConfig.oauth_allow_insecure_email_lookup-property'} (boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP.private_access
{: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for nested schema.privatelink_access
{: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for nested schema.project_to_fork_from
{: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern:^[a-z][-a-z0-9]{0,63}$|^$
, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.public_access
{: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for nested schema.recovery_basebackup_name
{: name='spec.userConfig.recovery_basebackup_name-property'} (string, Pattern:^[a-zA-Z0-9-_:.]+$
, MaxLength: 128). Name of the basebackup to restore in forked service.service_log
{: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console.service_to_fork_from
{: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern:^[a-z][-a-z0-9]{0,63}$|^$
, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.smtp_server
{: name='spec.userConfig.smtp_server-property'} (object). SMTP server settings. See below for nested schema.static_ips
{: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses.unified_alerting_enabled
{: name='spec.userConfig.unified_alerting_enabled-property'} (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details.user_auto_assign_org
{: name='spec.userConfig.user_auto_assign_org-property'} (boolean). Auto-assign new users on signup to main organization. Defaults to false.user_auto_assign_org_role
{: name='spec.userConfig.user_auto_assign_org_role-property'} (string, Enum:Viewer
,Admin
,Editor
). Set role for new signups. Defaults to Viewer.viewers_can_edit
{: name='spec.userConfig.viewers_can_edit-property'} (boolean). Users with view-only permission can edit but not save dashboards.
Appears on spec.userConfig
.
Azure AD OAuth integration.
Required
auth_url
{: name='spec.userConfig.auth_azuread.auth_url-property'} (string, MaxLength: 2048). Authorization URL.client_id
{: name='spec.userConfig.auth_azuread.client_id-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
{: name='spec.userConfig.auth_azuread.client_secret-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.token_url
{: name='spec.userConfig.auth_azuread.token_url-property'} (string, MaxLength: 2048). Token URL.
Optional
allow_sign_up
{: name='spec.userConfig.auth_azuread.allow_sign_up-property'} (boolean). Automatically sign-up users on successful sign-in.allowed_domains
{: name='spec.userConfig.auth_azuread.allowed_domains-property'} (array of strings, MaxItems: 50). Allowed domains.allowed_groups
{: name='spec.userConfig.auth_azuread.allowed_groups-property'} (array of strings, MaxItems: 50). Require users to belong to one of given groups.
Appears on spec.userConfig
.
Generic OAuth integration.
Required
api_url
{: name='spec.userConfig.auth_generic_oauth.api_url-property'} (string, MaxLength: 2048). API URL.auth_url
{: name='spec.userConfig.auth_generic_oauth.auth_url-property'} (string, MaxLength: 2048). Authorization URL.client_id
{: name='spec.userConfig.auth_generic_oauth.client_id-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
{: name='spec.userConfig.auth_generic_oauth.client_secret-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.token_url
{: name='spec.userConfig.auth_generic_oauth.token_url-property'} (string, MaxLength: 2048). Token URL.
Optional
allow_sign_up
{: name='spec.userConfig.auth_generic_oauth.allow_sign_up-property'} (boolean). Automatically sign-up users on successful sign-in.allowed_domains
{: name='spec.userConfig.auth_generic_oauth.allowed_domains-property'} (array of strings, MaxItems: 50). Allowed domains.allowed_organizations
{: name='spec.userConfig.auth_generic_oauth.allowed_organizations-property'} (array of strings, MaxItems: 50). Require user to be member of one of the listed organizations.auto_login
{: name='spec.userConfig.auth_generic_oauth.auto_login-property'} (boolean). Allow users to bypass the login screen and automatically log in.name
{: name='spec.userConfig.auth_generic_oauth.name-property'} (string, Pattern:^[a-zA-Z0-9_\- ]+$
, MaxLength: 128). Name of the OAuth integration.scopes
{: name='spec.userConfig.auth_generic_oauth.scopes-property'} (array of strings, MaxItems: 50). OAuth scopes.
Appears on spec.userConfig
.
Github Auth integration.
Required
client_id
{: name='spec.userConfig.auth_github.client_id-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
{: name='spec.userConfig.auth_github.client_secret-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.
Optional
allow_sign_up
{: name='spec.userConfig.auth_github.allow_sign_up-property'} (boolean). Automatically sign-up users on successful sign-in.allowed_organizations
{: name='spec.userConfig.auth_github.allowed_organizations-property'} (array of strings, MaxItems: 50). Require users to belong to one of given organizations.auto_login
{: name='spec.userConfig.auth_github.auto_login-property'} (boolean). Allow users to bypass the login screen and automatically log in.skip_org_role_sync
{: name='spec.userConfig.auth_github.skip_org_role_sync-property'} (boolean). Stop automatically syncing user roles.team_ids
{: name='spec.userConfig.auth_github.team_ids-property'} (array of integers, MaxItems: 50). Require users to belong to one of given team IDs.
Appears on spec.userConfig
.
GitLab Auth integration.
Required
allowed_groups
{: name='spec.userConfig.auth_gitlab.allowed_groups-property'} (array of strings, MaxItems: 50). Require users to belong to one of given groups.client_id
{: name='spec.userConfig.auth_gitlab.client_id-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
{: name='spec.userConfig.auth_gitlab.client_secret-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.
Optional
allow_sign_up
{: name='spec.userConfig.auth_gitlab.allow_sign_up-property'} (boolean). Automatically sign-up users on successful sign-in.api_url
{: name='spec.userConfig.auth_gitlab.api_url-property'} (string, MaxLength: 2048). API URL. This only needs to be set when using self hosted GitLab.auth_url
{: name='spec.userConfig.auth_gitlab.auth_url-property'} (string, MaxLength: 2048). Authorization URL. This only needs to be set when using self hosted GitLab.token_url
{: name='spec.userConfig.auth_gitlab.token_url-property'} (string, MaxLength: 2048). Token URL. This only needs to be set when using self hosted GitLab.
Appears on spec.userConfig
.
Google Auth integration.
Required
allowed_domains
{: name='spec.userConfig.auth_google.allowed_domains-property'} (array of strings, MaxItems: 64). Domains allowed to sign-in to this Grafana.client_id
{: name='spec.userConfig.auth_google.client_id-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client ID from provider.client_secret
{: name='spec.userConfig.auth_google.client_secret-property'} (string, Pattern:^[\040-\176]+$
, MaxLength: 1024). Client secret from provider.
Optional
allow_sign_up
{: name='spec.userConfig.auth_google.allow_sign_up-property'} (boolean). Automatically sign-up users on successful sign-in.
Appears on spec.userConfig
.
Grafana date format specifications.
Optional
default_timezone
{: name='spec.userConfig.date_formats.default_timezone-property'} (string, MaxLength: 64). Default time zone for user preferences. Valuebrowser
uses browser local time zone.full_date
{: name='spec.userConfig.date_formats.full_date-property'} (string, MaxLength: 128). Moment.js style format string for cases where full date is shown.interval_day
{: name='spec.userConfig.date_formats.interval_day-property'} (string, MaxLength: 128). Moment.js style format string used when a time requiring day accuracy is shown.interval_hour
{: name='spec.userConfig.date_formats.interval_hour-property'} (string, MaxLength: 128). Moment.js style format string used when a time requiring hour accuracy is shown.interval_minute
{: name='spec.userConfig.date_formats.interval_minute-property'} (string, MaxLength: 128). Moment.js style format string used when a time requiring minute accuracy is shown.interval_month
{: name='spec.userConfig.date_formats.interval_month-property'} (string, MaxLength: 128). Moment.js style format string used when a time requiring month accuracy is shown.interval_second
{: name='spec.userConfig.date_formats.interval_second-property'} (string, MaxLength: 128). Moment.js style format string used when a time requiring second accuracy is shown.interval_year
{: name='spec.userConfig.date_formats.interval_year-property'} (string, MaxLength: 128). Moment.js style format string used when a time requiring year accuracy is shown.
Appears on spec.userConfig
.
External image store settings.
Required
access_key
{: name='spec.userConfig.external_image_storage.access_key-property'} (string, Pattern:^[A-Z0-9]+$
, MaxLength: 4096). S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions.bucket_url
{: name='spec.userConfig.external_image_storage.bucket_url-property'} (string, MaxLength: 2048). Bucket URL for S3.provider
{: name='spec.userConfig.external_image_storage.provider-property'} (string, Enum:s3
). Provider type.secret_key
{: name='spec.userConfig.external_image_storage.secret_key-property'} (string, Pattern:^[A-Za-z0-9/+=]+$
, MaxLength: 4096). S3 secret key.
Appears on spec.userConfig
.
Allow incoming connections from CIDR address block, e.g. 10.20.0.0/16
.
Required
network
{: name='spec.userConfig.ip_filter.network-property'} (string, MaxLength: 43). CIDR address block.
Optional
description
{: name='spec.userConfig.ip_filter.description-property'} (string, MaxLength: 1024). Description for IP filter list entry.
Appears on spec.userConfig
.
Allow access to selected service ports from private networks.
Required
grafana
{: name='spec.userConfig.private_access.grafana-property'} (boolean). Allow clients to connect to grafana with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.
Appears on spec.userConfig
.
Allow access to selected service components through Privatelink.
Required
grafana
{: name='spec.userConfig.privatelink_access.grafana-property'} (boolean). Enable grafana.
Appears on spec.userConfig
.
Allow access to selected service ports from the public Internet.
Required
grafana
{: name='spec.userConfig.public_access.grafana-property'} (boolean). Allow clients to connect to grafana from the public internet for service nodes that are in a project VPC or another type of private network.
Appears on spec.userConfig
.
SMTP server settings.
Required
from_address
{: name='spec.userConfig.smtp_server.from_address-property'} (string, MaxLength: 319). Address used for sending emails.host
{: name='spec.userConfig.smtp_server.host-property'} (string, MaxLength: 255). Server hostname or IP.port
{: name='spec.userConfig.smtp_server.port-property'} (integer, Minimum: 1, Maximum: 65535). SMTP server port.
Optional
from_name
{: name='spec.userConfig.smtp_server.from_name-property'} (string, Pattern:^[^\x00-\x1F]+$
, MaxLength: 128). Name used in outgoing emails, defaults to Grafana.password
{: name='spec.userConfig.smtp_server.password-property'} (string, Pattern:^[^\x00-\x1F]+$
, MaxLength: 255). Password for SMTP authentication.skip_verify
{: name='spec.userConfig.smtp_server.skip_verify-property'} (boolean). Skip verifying server certificate. Defaults to false.starttls_policy
{: name='spec.userConfig.smtp_server.starttls_policy-property'} (string, Enum:OpportunisticStartTLS
,MandatoryStartTLS
,NoStartTLS
). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS.username
{: name='spec.userConfig.smtp_server.username-property'} (string, Pattern:^[^\x00-\x1F]+$
, MaxLength: 255). Username for SMTP authentication.