I am deploying grafana to kubernetes using a custom helm chart. A custom grafana.ini file is copied to the docker image when it is built, the grafana.ini file contains the RDS instance connection config and various custom auth settings. This is not ideal when I bring more than one environment into the mix, as each build will require a different grafana.ini file, and I want to use the same base docker image. It's also not secure.
I have three kubernetes clusters, dev, preprod and prod. The crucial differences will be the RDS configuration.
What is the best way of binding a grafana.ini file to a certain build of grafana, based on the environment. Can I use some kind of parametised configMap?
I am using helmfile to deploy the helm chart, so I am familiar with the concept of having seperate values.yaml files for each environment and setting an environment variable to target the right one.
You can mount a configmap as volume in the pod.
An example:
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
env: prod
app: metis
client: ueuropea
name: metis-clients-configmap
data:
clients_db_config.yaml: |
default-tenant:
DB_HOST: dbhost
DB_USERNAME: user
DB_PASSWORD: pass
DB_NAME: dbname
DB_PORT: 3306
Deployment:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
env: dev
app: metis
name: metis-rules-evaluator-dev
spec:
progressDeadlineSeconds: 3600
replicas: 0
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
metadata:
labels:
env: dev
app: metis
client: ueuropea
mode: rules-evaluator
spec:
containers:
- image: metis
name: metis
imagePullPolicy: Always
resources:
requests:
memory: "1024Mi"
cpu: "3000m"
limits:
memory: "16384Mi"
cpu: "4000m"
volumeMounts:
- name: config-vol
mountPath: /usr/src/metis/config/
volumes:
- name: config-vol
configMap:
name: metis-clients-configmap
terminationGracePeriodSeconds: 150
restartPolicy: Always
In this example the configmap data will be mounted on path: /usr/src/metis/config/
and will create the file clients_db_config.yaml
which can also be a .ini