Drycc (pronounced DAY-iss) Workflow is an open source Platform as a Service (PaaS) that adds a developer-friendly layer to any Kubernetes cluster, making it easy to deploy and manage applications on your own servers.
For more information about the Drycc Workflow, please visit the main project page at https://github.com/drycc/workflow.
We welcome your input! If you have feedback, please submit an issue. If you'd like to participate in development, please read the "Development" section below and submit a pull request.
Grafana is a graphing application built for time series data. It natively supports prometheus and provides great dashboarding support. This project is focused on provided a grafana installation that can be run within a kubernetes installation. The grafana application is agnostic to Workflow and can be installed as a stand alone system with the monitoring suite.
| ENV Var | Default Value | Description |
|---|---|---|
| APP_MODE | development | Has two possible values (production or development). |
| DATA_PATH | /var/lib/grafana | Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used). |
| LOG_PATH | /var/log | Directory where grafana can store logs. |
| SERVER_PROTOCOL | http | Protocol (http or https). |
| BIND_ADDRESS | "" |
The ip address to bind to, empty will bind to all interfaces |
| BIND_PORT | 3000 | The http port to use |
| DOMAIN | localhost | The public facing domain name used to access grafana from a browser |
| ENFORCE_DOMAIN | false | Redirect to correct domain if host header does not match domain. Prevents DNS rebinding attacks |
| ROOT_URL | "%(protocol)s://%(domain)s:%(http_port)s/" |
The full public facing url |
| ROUTER_LOGGING | false | Log web requests |
| STATIC_ROOT_PATH | public | the path relative working path |
| ENABLE_GZIP | false | enable gzip |
| CERT_FILE | no default | https certs |
| CERT_KEY | no default | https certs key |
| DATABASE_TYPE | no default | Potential values: mysql, postgres, sqlite3 |
| DATABASE_HOST | no default | Address to external database host |
| DATABASE_NAME | no default | Name of database to store information |
| DATABASE_USER | no default | User to log into the database with |
| DATABASE_PASSWORD | no default | Database password |
| DATABASE_SSL_MODE | no default | For "postgres" only, either "disable", "require" or "verify-full" |
| DATABASE_PATH | no default | For "sqlite3" only, path relative to data_path setting |
| SESSION_PROVIDER | file | Either "memory", "file", "valkey", "mysql", "postgres", default is "file" |
| SESSION_PROVIDER_CONFIG | no default | Provider config options memory: not have any config yetfile: session dir path, is relative to grafana data_pathmysql: user:password@tcp(127.0.0.1:3306)/database_namepostgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable |
| SESSION_COOKIE_NAME | grafana_sess | Session cookie name |
| SESSION_LIFE_TIME | 86400 | Session life time, default is 86400 |
| GRAFANA_REPORTING | false | Server reporting, sends usage counters to stats.grafana.org every 24 hours. No ip addresses are being tracked, only simple counters to track running instances, dashboard and error counts. It is very helpful to us. Change this option to false to disable reporting. |
| GOOGLE_ANALYTICS_UA_ID | no default | Google Analytics universal tracking code, only enabled if you specify an id here |
| DEFAULT_USER | admin | default admin user, created on startup |
| DEFAULT_USER_PASSWORD | admin | default admin password, can be changed before first start of grafana, or in profile settings |
| SECRET_KEY | SW2YcwTIb9zpOOhoPsMm | used for signing |
| LOGIN_REMEMBER_DAYS | 7 | Auto-login remember days |
| COOKIE_USERNAME | grafana_user | |
| COOKIE_REMEMBER_NAME | grafana_remember | |
| DISABLE_GRAVATAR | false | disable gravatar profile images |
| DATASOURCE_PROXY_WHITELIST | no default | data source proxy whitelist (ip_or_domain:port seperated by spaces) |
| ALLOW_SIGN_UP | true | allow user signup / registration |
| ALLOW_ORG_CREATE | true | Allow non admin users to create organizations |
| AUTO_ASSIGN_ORG | true | Set to true to automatically assign new users to the default organization (id 1) |
| AUTO_ASSIGN_ORG_ROLE | Viewer | Default role new users will be automatically assigned (if disabled above is set to true) |
| LOGIN_HINT | email or username | Background text for the user field on the login page |
| ANON_ACCESS | false | enable anonymous access |
| ORG_NAME | Main Org. | specify organization name that should be used for unauthenticated users |
| UNAUTHED_USER_ORG_ROLE | Viewer | specify role for unauthenticated users |
| GITHUB_AUTH | no default | Enable Github Auth (true/false) |
| GITHUB_AUTH_ALLOW_SIGN_UP | false | Allow signup with github auth |
| GITHUB_AUTH_CLIENT_ID | no default | Github Client Auth |
| GITHUB_AUTH_CLIENT_SECRET | no default | Github Auth client secret |
| GITHUB_AUTH_SCOPES | user:email,read:org | Github Auth Scopes |
| GITHUB_AUTH_URL | https://github.com/login/oauth/authorize | Github authorization URL |
| GITHUB_AUTH_TOKEN_URL | https://github.com/login/oauth/access_token | Github Auth Token URL |
| GITHUB_AUTH_API_URL | https://api.github.com/user | Github Auth API URL |
| GITHUB_AUTH_TEAM_IDS | "" | Team IDs to use for Github Auth |
| GITHUB_AUTH_ALLOWED_ORGS | "" | Allowed ORGs for Github Auth |
| GOOGLE_AUTH | no default | Enable Google Auth for login (true/false) |
| GOOGLE_AUTH_ALLOW_SIGN_UP | false | Allow people to sign up using Google Auth |
| GOOGLE_AUTH_CLIENT_ID | no default | Google Auth Client ID |
| GOOGLE_AUTH_CLIENT_SECRET | no default | Google Auth Client Secret |
| GOOGLE_AUTH_SCOPES | https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email |
Google Auth Scopes |
| GOOGLE_AUTH_URL | https://accounts.google.com/o/oauth2/auth | Google Auth URL |
| GOOGLE_AUTH_TOKEN_URL | https://accounts.google.com/o/oauth2/token | Google Auth Token URL |
| GOOGLE_AUTH_API_URL | https://www.googleapis.com/oauth2/v1/userinfo | Google Auth API URL |
| GOOGLE_AUTH_ALLOWED_DOMAINS | "" | Google Auth allowed domains |
| AUTH_PROXY | no default | If enabled use an authorization proxy |
| AUTH_HEADER_NAME | X-WEBAUTH-USER | Header to use for authorization |
| AUTH_HEADER_PROPERTY | username | Property to use in Authorization Header |
| AUTH_AUTO_SIGN_UP | true | Auto Signup user with data passed from Authorization Header |
| BASIC_AUTH | true | Enable Basic Auth |
| LDAP_AUTH | no default | Enable LDAP Auth |
| LDAP_AUTH_CONFIG_FILE | /etc/grafana/ldap.toml | Config file to use for LDAP Auth |
| SMTP | no default | Enable SMTP/Emailing |
| SMTP_HOST | no default | SMTP Host |
| SMTP_USER | no default | User for SMTP |
| SMTP_PASSWORD | no default | Password for SMTP |
| SMTP_CERT_FILE | no default | Cert file for SMTP HTTPS |
| SMTP_KEY_FILE | no default | Key file for SMTP HTTPS |
| SMTP_SKIP_VERIFY | false | Skip HTTPS verify |
| SMTP_FROM_ADDRESS | admin@grafana.localhost | From address to use when sending emails |
| WELCOME_EMAIL | false | Send welcome email on sign up |
| LOG_MODE | console | Either "console", "file", default is "console" Use comma to separate multiple modes, e.g. "console, file" |
| BUFFER_LENGTH | 10000 | Buffer length of channel, keep it as it is if you don't know what it is. |
| LOG_LEVEL | Info | Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" |
| LOG_LEVEL_CONSOLE | Info | For "console" mode only |
| LOG_LEVEL_FILE | Info | For "file" mode only |
| LOG_ROTATE | true | This enables automated log rotate(switch of following options), default is true |
| LOG_MAX_LINES | 1000000 | Max line number of single file |
| LOG_MAX_LINES_SHIFT | 28 | Max size shift of single file, default is 28 means 1 << 28, 256MB |
| LOG_DAILY_ROTATE | true | Segment log daily, default is true |
| LOG_MAX_DAYS | 7 | Expired days of log file(delete after max days) |
| DASHBOARD_JSON | true | Poll a location for json files that contain dashboards |
| DASHBOARD_JSON_PATH | /usr/share/grafana/dashboards | Location to scan for json dashboards |
| PLUGINS_PATH | /var/lib/grafana/plugins | Path to where grafana can install plugins |
| GF_INSTALL_PLUGINS | no default | Pass the plugins as a comma seperated list |
The provided Makefile has various targets to help support building and publishing new images into a kubernetes cluster.
There are a few key environment variables you should be aware of when interacting with the make targets.
BUILD_TAG- The tag provided to the podman image when it is built (defaults to the git-sha)SHORT_NAME- The name of the image (defaults tografana)DRYCC_REGISTRY- This is the registry you are using (defaultregistry.drycc.cc)IMAGE_PREFIX- This is the account for the registry you are using (defaultdrycc)
make build- Build container imagemake push- Push container image to a registrymake upgrade- Replaces the running grafana instance with a new one
The typical workflow will look something like this - DRYCC_REGISTRY= IMAGE_PREFIX=foouser make build push upgrade