treasuremap/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml

---
schema: armada/Chart/v1
metadata:
  schema: metadata/Document/v1
  name: grafana
  layeringDefinition:
    abstract: false
    layer: global
  storagePolicy: cleartext
  substitutions:
    # Chart source
    - src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .charts.osh_infra.grafana
      dest:
        path: .source

    # Images
    - src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .images.osh_infra.grafana
      dest:
        path: .values.images.tags

    # Endpoints
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: osh_infra_endpoints
        path: .osh_infra.oslo_db
      dest:
        path: .values.endpoints.oslo_db
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: osh_infra_endpoints
        path: .osh_infra.oslo_db
      dest:
        path: .values.endpoints.oslo_db_session
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: osh_infra_endpoints
        path: .osh_infra.grafana
      dest:
        path: .values.endpoints.grafana
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: osh_infra_endpoints
        path: .osh_infra.monitoring
      dest:
        path: .values.endpoints.monitoring
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: osh_infra_endpoints
        path: .osh_infra.ldap
      dest:
        path: .values.endpoints.ldap
    # Accounts
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.grafana.admin
      dest:
        path: .values.endpoints.grafana.auth.admin
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.grafana.oslo_db
      dest:
        path: .values.endpoints.oslo_db.auth.user
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.grafana.oslo_db.database
      dest:
        path: .values.endpoints.oslo_db.path
        pattern: DB_NAME
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.grafana.oslo_db_session
      dest:
        path: .values.endpoints.oslo_db_session.auth.user
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.grafana.oslo_db_session.database
      dest:
        path: .values.endpoints.oslo_db_session.path
        pattern: DB_NAME
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.prometheus.admin
      dest:
        path: .values.endpoints.monitoring.auth.user

    # Secrets
    - dest:
        path: .values.endpoints.grafana.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_infra_grafana_admin_password
        path: .
    - dest:
        path: .values.endpoints.oslo_db.auth.user.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_infra_grafana_oslo_db_password
        path: .
    - dest:
        path: .values.endpoints.oslo_db_session.auth.user.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_infra_grafana_oslo_db_session_password
        path: .
    - dest:
        path: .values.endpoints.oslo_db.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_infra_oslo_db_admin_password
        path: .
    - dest:
        path: .values.endpoints.oslo_db_session.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_infra_oslo_db_admin_password
        path: .
    - dest:
        path: .values.endpoints.monitoring.auth.user.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_infra_prometheus_admin_password
        path: .

    # LDAP Configuration Details
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: osh_infra_service_accounts
        path: .osh_infra.ldap.admin.bind
      dest:
        path: .values.endpoints.ldap.auth.admin.bind_dn
    - dest:
        path: .values.endpoints.ldap.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: osh_keystone_ldap_password
        path: .
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.subdomain
      dest:
        path:  .values.conf.ldap.config.base_dns.search
        pattern: SUBDOMAIN
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.domain
      dest:
        path:  .values.conf.ldap.config.base_dns.search
        pattern: DOMAIN
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.subdomain
      dest:
        path:  .values.conf.ldap.config.base_dns.group_search
        pattern: SUBDOMAIN
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.domain
      dest:
        path:  .values.conf.ldap.config.base_dns.group_search
        pattern: DOMAIN
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.common_name
      dest:
        path:  .values.conf.ldap.config.filters.group_search
        pattern: COMMON_NAME
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.subdomain
      dest:
        path:  .values.conf.ldap.config.filters.group_search
        pattern: SUBDOMAIN
    - src:
        schema: pegleg/CommonAddresses/v1
        name: common-addresses
        path: .ldap.domain
      dest:
        path:  .values.conf.ldap.config.filters.group_search
        pattern: DOMAIN
data:
  chart_name: grafana
  release: grafana
  namespace: osh-infra
  wait:
    timeout: 900
    labels:
      release_group: airship-grafana
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
    pre:
      delete:
        - type: job
          labels:
            release_group: airship-grafana
    post:
      create: []
  values:
    labels:
      grafana:
        node_selector_key: openstack-control-plane
        node_selector_value: enabled
      job:
        node_selector_key: openstack-control-plane
        node_selector_value: enabled
    conf:
      provisioning:
        datasources:
          monitoring:
            url: http://prom-metrics.osh-infra.svc.cluster.local:80/
      ldap:
        config:
          base_dns:
            search: "DC=SUBDOMAIN,DC=DOMAIN,DC=com"
            group_search: "OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com"
          filters:
            search: "(sAMAccountName=%s)"
            group_search: "(memberof=CN=COMMON_NAME,OU=Application,OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com)"
        template: |
          verbose_logging = true
          [[servers]]
          host = "{{ tuple "ldap" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
          port = {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
          use_ssl = false
          start_tls = false
          ssl_skip_verify = false
          bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
          bind_password = '{{ .Values.endpoints.ldap.auth.admin.password }}'
          search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
          search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
          group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
          [servers.attributes]
          username = "sAMAccountName"
          surname = "sn"
          member_of = "memberof"
          email = "mail"
          [[servers.group_mappings]]
          group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
          org_role = "Admin"
          [[servers.group_mappings]]
          group_dn = "*"
          org_role = "Viewer"          
    pod:
      replicas:
        grafana: 2
  dependencies:
    - osh-infra-helm-toolkit
...