apiVersion: v1 kind: PersistentVolumeClaim metadata: name: grafana labels: app.kubernetes.io/name: grafana app.kubernetes.io/component: grafana spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: v1 kind: Service metadata: name: grafana labels: app.kubernetes.io/name: grafana app.kubernetes.io/component: grafana spec: ports: - port: 3000 name: grafana selector: app.kubernetes.io/name: grafana app.kubernetes.io/component: grafana clusterIP: None --- apiVersion: apps/v1 kind: StatefulSet metadata: name: grafana labels: app.kubernetes.io/name: grafana app.kubernetes.io/component: grafana spec: serviceName: grafana selector: matchLabels: app.kubernetes.io/name: grafana app.kubernetes.io/component: grafana template: metadata: labels: app.kubernetes.io/name: grafana app.kubernetes.io/component: grafana spec: containers: - name: grafana image: docker.io/grafana/grafana:10.2.3 ports: - containerPort: 3000 name: http readinessProbe: &probe httpGet: port: http path: /api/health periodSeconds: 60 startupProbe: <<: *probe periodSeconds: 1 successThreshold: 1 failureThreshold: 30 timeoutSeconds: 1 securityContext: runAsNonRoot: true readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/grafana name: config readOnly: true - mountPath: /run/secrets/grafana name: secrets readOnly: true - mountPath: /var/lib/grafana name: grafana subPath: data securityContext: fsGroup: 472 runAsNonRoot: true volumes: - name: config configMap: name: grafana - name: grafana persistentVolumeClaim: claimName: grafana - name: secrets secret: secretName: grafana