+ # Add secrets to the pod
+ grafana_secret_name = f"{self.app.name}-admin-secret"
+ pod_spec_builder.add_secret(
+ grafana_secret_name,
+ {
+ "admin-password": admin_initial_password,
+ "mysql-url": mysql_config.mysql_uri or self.mysql_client.get_uri(),
+ "prometheus-user": self.prometheus_client.user,
+ "prometheus-password": self.prometheus_client.password,
+ },
+ )
+
+ # Build Container
+ container_builder = ContainerV3Builder(
+ self.app.name,
+ image_info,
+ config.image_pull_policy,
+ run_as_non_root=config.security_context,
+ )
+ container_builder.add_port(name=self.app.name, port=config.port)
+ container_builder.add_http_readiness_probe(
+ "/api/health",
+ config.port,
+ initial_delay_seconds=10,
+ period_seconds=10,
+ timeout_seconds=5,
+ failure_threshold=3,
+ )
+ container_builder.add_http_liveness_probe(
+ "/api/health",
+ config.port,
+ initial_delay_seconds=60,
+ timeout_seconds=30,
+ failure_threshold=10,
+ )
+ container_builder.add_volume_config(
+ "dashboards",
+ "/etc/grafana/provisioning/dashboards/",
+ self._build_dashboard_files(config),
+ )
+ container_builder.add_volume_config(
+ "datasources",
+ "/etc/grafana/provisioning/datasources/",
+ self._build_datasources_files(),
+ )
+ container_builder.add_envs(
+ {
+ "GF_SERVER_HTTP_PORT": config.port,
+ "GF_LOG_LEVEL": config.log_level,
+ "GF_SECURITY_ADMIN_USER": config.admin_user,
+ }
+ )
+ container_builder.add_secret_envs(
+ secret_name=grafana_secret_name,
+ envs={
+ "GF_SECURITY_ADMIN_PASSWORD": "admin-password",
+ "GF_DATABASE_URL": "mysql-url",
+ "PROMETHEUS_USER": "prometheus-user",
+ "PROMETHEUS_PASSWORD": "prometheus-password",
+ },
+ )
+ container = container_builder.build()
+ pod_spec_builder.add_container(container)
+
+ # Add Pod restart policy
+ restart_policy = PodRestartPolicy()
+ restart_policy.add_secrets(secret_names=(grafana_secret_name,))
+ pod_spec_builder.set_restart_policy(restart_policy)
+
+ # Add ingress resources to pod spec if site url exists
+ if config.site_url:
+ parsed = urlparse(config.site_url)
+ annotations = {
+ "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
+ str(config.max_file_size) + "m"
+ if config.max_file_size > 0
+ else config.max_file_size
+ )
+ }
+ if config.ingress_class:
+ annotations["kubernetes.io/ingress.class"] = config.ingress_class
+ ingress_resource_builder = IngressResourceV3Builder(
+ f"{self.app.name}-ingress", annotations
+ )