Erich Blume f05e5cccdf Review Grafana: replace Helm upgrade plan with C2 Mikado chain (#258 )

## Summary
- Delete the old 3-phase Helm chart upgrade plan (predates Mikado system)
- Create C2 Mikado chain with goal card `upgrade-grafana` and two leaf prereqs:
  - `kustomize-grafana-deployment` — convert Helm to kustomize manifests
  - `build-grafana-container` — home-built Grafana 12.x image (no upstream containers)
- Record first-ever Grafana review: currently at v11.4.0 on Helm chart 8.8.2
- Update service-versions.yaml, how-to index, and plans index

## Service Review Findings
- Grafana is healthy and synced in ArgoCD
- Running v11.4.0, latest upstream is 12.3.3
- Breaking changes for 12.x are low-risk (React panels only, UIDs compliant)
- PVC is disposable — dashboards and datasources are all config-provisioned

## Deployment and Testing
- [ ] No deployment needed — documentation-only change
- [ ] `docs-check-links` passes
- [ ] `docs-check-index` passes

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/258

2026-02-23 15:06:00 -08:00

4 KiB

Raw Blame History

title

modified

How-To Guides

Task-oriented instructions for common BlumeOps operations. These guides assume you already understand the basic concepts - see tutorials if you're learning.

Deployment

Guide	Description
deploy-k8s-service	Deploy a new service to Kubernetes via ArgoCD
add-ansible-role	Add a new Ansible role for indri services
create-release-artifact-workflow	Build artifacts and publish to Forgejo packages
build-container-image	Build and release a custom container image via Dagger

Configuration

Guide	Description
update-tailscale-acls	Update Tailscale access control policies
gandi-operations	Manage DNS records and cycle the Gandi API token
use-pypi-proxy	Configure pip and publish packages to devpi
expose-service-publicly	Expose a service to the public internet via Fly.io + Tailscale
update-documentation	Publish docs via build-blumeops workflow
update-tooling-dependencies	Monthly update cycle for pre-commit, Fly, mise, and workflow deps

Knowledge Base

Guide	Description
review-documentation	Periodically review and maintain documentation
review-services	Periodically review services for version freshness
agent-change-process	C0/C1/C2 change classification and Mikado method for agents

Operations

Guide	Description
connect-to-postgres	Connect to PostgreSQL as a superuser via psql
restart-indri	Safely shut down and restart indri
manage-flyio-proxy	Deploy, shutoff, and troubleshoot the public proxy
restore-1password-backup	Recover 1Password credentials from borgmatic backup
troubleshooting	Diagnose and fix common issues

Plans

Migration and transition plans for upcoming infrastructure changes.

Plan	Description
plans	Index of all plans
completed	Completed plans archive
migrate-forgejo-from-brew	Transition Forgejo from Homebrew to source-built binary
add-unifi-pulumi-stack	Add Pulumi IaC for UniFi Express 7 (abandoned)
segment-home-network	Manual three-network segmentation for UniFi Express 7
adopt-dagger-ci	Adopt Dagger as CI/CD build engine
upstream-fork-strategy	Stacked-branch forking strategy for upstream projects
adopt-oidc-provider	Deploy OIDC identity provider for SSO across services
upgrade-grafana	Upgrade Grafana to 12.x with kustomize and home-built container
operationalize-reolink-camera	Cloud-free NVR with Frigate and ring buffer recording

Ringtail

Guide	Description
manage-lockfile	Update or lock NixOS flake inputs via Dagger

Zot

Mikado chain for hardening the zot registry. Track progress with mise run docs-mikado harden-zot-registry.

Authentik

Mikado chain for deploying Authentik. Track progress with mise run docs-mikado deploy-authentik.

Grafana

Mikado chain for upgrading Grafana to 12.x with kustomize and home-built containers. Track progress with mise run docs-mikado upgrade-grafana.

Forgejo Runner

Mikado chain for upgrading the k8s forgejo-runner daemon from v6.3.1 to v12.x. Track progress with mise run docs-mikado upgrade-k8s-runner.

4 KiB Raw Blame History