# Container Mom Grafana Multi-Tenant Configuration # This chart provides observability dashboard capabilities with customer isolation # Override values for the grafana chart grafana: # Container Mom branded configuration adminUser: admin adminPassword: "${GRAFANA_ADMIN_PASSWORD}" # Multi-tenant configuration env: GF_AUTH_DISABLE_LOGIN_FORM: "false" GF_AUTH_GENERIC_OAUTH_ENABLED: "true" GF_AUTH_GENERIC_OAUTH_NAME: "Container Mom SSO" GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true" GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "${GRAFANA_OAUTH_CLIENT_ID}" GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "${GRAFANA_OAUTH_CLIENT_SECRET}" GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email" GF_AUTH_GENERIC_OAUTH_AUTH_URL: "${GRAFANA_OAUTH_AUTH_URL}" GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "${GRAFANA_OAUTH_TOKEN_URL}" GF_AUTH_GENERIC_OAUTH_API_URL: "${GRAFANA_OAUTH_API_URL}" GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || 'Viewer'" GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true" GF_USERS_ALLOW_ORG_CREATE: "false" GF_USERS_AUTO_ASSIGN_ORG: "false" # Data source configuration for multi-tenancy datasources: datasources.yaml: apiVersion: 1 datasources: - name: Prometheus-Hub type: prometheus url: http://prometheus-server.monitoring.svc.cluster.local access: proxy isDefault: true jsonData: timeInterval: "30s" editable: false # Persistence for dashboards and data persistence: enabled: true size: 10Gi storageClassName: "standard" # Service configuration service: type: ClusterIP port: 80 targetPort: 3000 # Ingress configuration for Kubernetes ingress: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: "true" hosts: - grafana.container.mom tls: - secretName: grafana-tls hosts: - grafana.container.mom # Container Mom branding grafana.ini: server: root_url: "https://grafana.container.mom" analytics: reporting_enabled: false check_for_updates: false auth: disable_login_form: false oauth_auto_login: false auth.generic_oauth: enabled: true name: "Container Mom SSO" allow_sign_up: true auto_login: false users: allow_org_create: false auto_assign_org: false # Dashboard provisioning dashboardProviders: dashboardproviders.yaml: apiVersion: 1 providers: - name: 'container-mom-dashboards' orgId: 1 folder: 'Container Mom' type: file disableDeletion: true updateIntervalSeconds: 10 allowUiUpdates: false options: path: /var/lib/grafana/dashboards/container-mom dashboardsConfigMaps: container-mom-dashboards: "grafana-container-mom-dashboards" # Side car containers for dashboard provisioning sidecar: dashboards: enabled: true label: grafana_dashboard folder: /tmp/dashboards # Resource configuration resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi # Pod annotations podAnnotations: container.mom/component: "observability" container.mom/service: "grafana" # Multi-tenant organization configuration multiTenancy: enabled: true # Customer organization mappings will be created via init job organizations: - name: "Default" id: 1 role: "Admin" # Additional orgs will be dynamically created for each customer # Container Mom specific configuration containerMom: # Theme colors to match Container Mom branding theme: primaryColor: "#2E7D7B" secondaryColor: "#F4A460" # OAuth configuration placeholder oauth: enabled: true provider: "generic_oauth" # Values will be injected from secrets # Customer isolation configuration customerIsolation: enabled: true namespacePrefix: "customer-" # Global labels commonLabels: app.kubernetes.io/part-of: "container-mom" app.kubernetes.io/component: "observability" # Namespace configuration namespace: container-mom-monitoring