Erich Blume
d05d2fbaff
## Summary Mikado chain to upgrade Grafana from 11.4.0 (Helm chart) to 12.x with: - Home-built Nix container image (`forge.ops.eblu.me/eblume/grafana`) - Kustomize manifests replacing the Helm chart - Single-source ArgoCD app ## Chain Goal: `upgrade-grafana` Leaves: `build-grafana-container`, `kustomize-grafana-deployment` Track with: `mise run docs-mikado upgrade-grafana` ## Test plan - [ ] Container builds successfully via Nix - [ ] Container pushed to registry - [ ] Kustomize manifests produce equivalent resources to current Helm - [ ] Pod runs, UI loads, OIDC works, datasources healthy - [ ] `mise run services-check` passes Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/260
1.1 KiB
1.1 KiB
| title | modified | tags | ||
|---|---|---|---|---|
| Kustomize Grafana Deployment | 2026-02-23 |
|
Kustomize Grafana Deployment
Grafana is deployed via plain Kustomize manifests in argocd/manifests/grafana/, replacing the previous Helm chart.
Manifest Structure
| File | Purpose |
|---|---|
kustomization.yaml |
Resource list |
deployment.yaml |
Grafana container + k8s-sidecar for dashboards |
service.yaml |
ClusterIP on port 80 → 3000 |
pvc.yaml |
1Gi SQLite storage |
configmap.yaml |
grafana.ini and datasource provisioning |
serviceaccount.yaml |
Service account |
rbac.yaml |
ClusterRole/RoleBinding for sidecar ConfigMap access |
Key Details
- PVC name must remain
grafana— changing it would create a new volume and lose the SQLite DB - Sidecar watches ConfigMaps with label
grafana_dashboard=1and reloads dashboards via the Grafana API - Secrets come from ExternalSecrets (
grafana-admin,grafana-authentik-oauth,grafana-teslamate-datasource) managed by thegrafana-configArgoCD app
Related
- upgrade-grafana — Migration context
- grafana — Service reference card