ingress_whitelist_source_range: Optional[str]
tls_secret_name: Optional[str]
image_pull_policy: str
+ security_context: bool
@validator("log_level")
def validate_log_level(cls, v):
def _build_datasources_files(self):
files_builder = FilesV3Builder()
+ prometheus_user = self.prometheus_client.user
+ prometheus_password = self.prometheus_client.password
+ enable_basic_auth = all([prometheus_user, prometheus_password])
+ kwargs = {
+ "prometheus_host": self.prometheus_client.hostname,
+ "prometheus_port": self.prometheus_client.port,
+ "enable_basic_auth": enable_basic_auth,
+ "user": "",
+ "password": "",
+ }
+ if enable_basic_auth:
+ kwargs["user"] = f"basic_auth_user: {prometheus_user}"
+ kwargs[
+ "password"
+ ] = f"secure_json_data:\n basicAuthPassword: {prometheus_password}"
files_builder.add_file(
"datasource_prometheus.yaml",
Template(Path("templates/default_datasources.yaml").read_text()).substitute(
- prometheus_host=self.prometheus_client.hostname,
- prometheus_port=self.prometheus_client.port,
+ **kwargs
),
)
return files_builder.build()
self.grafana_cluster.set_initial_password(admin_initial_password)
# Create Builder for the PodSpec
- pod_spec_builder = PodSpecV3Builder()
+ pod_spec_builder = PodSpecV3Builder(
+ enable_security_context=config.security_context
+ )
# Add secrets to the pod
grafana_secret_name = f"{self.app.name}-admin-secret"
# Build Container
container_builder = ContainerV3Builder(
- self.app.name, image_info, config.image_pull_policy
+ self.app.name,
+ image_info,
+ config.image_pull_policy,
+ run_as_non_root=config.security_context,
)
container_builder.add_port(name=self.app.name, port=config.port)
container_builder.add_http_readiness_probe(