diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 25561ad..19afb5f 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -21,3 +21,56 @@ helmCharts: includeCRDs: true releaseName: prometheus valuesInline: {} +- name: grafana + repo: https://grafana.github.io/helm-charts + version: "6.29.1" + releaseName: grafana + valuesInline: + admin: + existingSecret: grafana-credentials + # Seems to launch a failing container, disabling for now: + testFramework: + enabled: false + persistence: + enabled: false + # Note: datasources are patched in overlays to correct the URLs. + # Including here is required for the helm chart to mount the configmap + # volume. + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - isDefault: true + name: Prometheus + type: prometheus + url: http://prometheus-server + dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default + dashboards: + default: + postgresql: + gnetId: 9628 + revision: 7 + datasource: Prometheus + node: + gnetId: 1860 + revision: 26 + datasource: Prometheus + nginx-ingress: + gnetId: 9614 + revision: 1 + datasource: Prometheus + kubernetes-apiserver: + gnetId: 12006 + revision: 1 + datasource: Prometheus diff --git a/deploy/dev/deploy-grafana.yaml b/deploy/dev/deploy-grafana.yaml new file mode 100644 index 0000000..73b3715 --- /dev/null +++ b/deploy/dev/deploy-grafana.yaml @@ -0,0 +1,31 @@ +--- +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_TYPE + value: postgres +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_HOST + value: dev-db +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_PORT + value: "5432" +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_USER + value: postgres +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_PASSWORD + value: testme +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_NAME + value: grafana diff --git a/deploy/dev/grafana-datasources.yaml b/deploy/dev/grafana-datasources.yaml new file mode 100644 index 0000000..578e352 --- /dev/null +++ b/deploy/dev/grafana-datasources.yaml @@ -0,0 +1,6 @@ +apiVersion: 1 +datasources: +- isDefault: true + name: Prometheus + type: prometheus + url: http://dev-prometheus-server diff --git a/deploy/dev/grafana.ini b/deploy/dev/grafana.ini new file mode 100644 index 0000000..3e911b1 --- /dev/null +++ b/deploy/dev/grafana.ini @@ -0,0 +1,15 @@ +[analytics] +reporting_enabled = false +check_for_updates = false +check_for_plugin_updates = false +enable_feedback_links = false +[grafana_net] +url = https://grafana.net +[log] +mode = console +; level = debug +[paths] +data = /var/lib/grafana/ +logs = /var/log/grafana +plugins = /var/lib/grafana/plugins +provisioning = /etc/grafana/provisioning diff --git a/deploy/dev/kustomization.yaml b/deploy/dev/kustomization.yaml index 366016d..553e71c 100644 --- a/deploy/dev/kustomization.yaml +++ b/deploy/dev/kustomization.yaml @@ -21,6 +21,17 @@ configMapGenerator: behavior: merge files: - prometheus.yml=prometheus.yaml +- name: grafana + behavior: merge + files: + - grafana.ini + - datasources.yaml=grafana-datasources.yaml + +secretGenerator: +- name: grafana-credentials + literals: + - admin-user=rob + - admin-password=testme patches: # Patch the ingress-nginx deployment to allow it to use a service with a @@ -29,3 +40,9 @@ patches: kind: Deployment name: ingress-nginx-controller path: deploy-ingress-nginx.yaml + +# Patch Grafana deployment to inject PostgreSQL credentials: +- target: + kind: Deployment + name: grafana + path: deploy-grafana.yaml diff --git a/deploy/prod/deploy-grafana.yaml b/deploy/prod/deploy-grafana.yaml new file mode 100644 index 0000000..954d5d7 --- /dev/null +++ b/deploy/prod/deploy-grafana.yaml @@ -0,0 +1,36 @@ +--- +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_TYPE + value: postgres +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_HOST + value: prod-db +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_PORT + value: "5432" +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_USER + value: grafana +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_PASSWORD + value: ${GRAFANA_POSTGRESQL_PASSWORD} +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_NAME + value: grafana +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GF_DATABASE_SSL_MODE + value: require diff --git a/deploy/prod/grafana-datasources.yaml b/deploy/prod/grafana-datasources.yaml new file mode 100644 index 0000000..10c1260 --- /dev/null +++ b/deploy/prod/grafana-datasources.yaml @@ -0,0 +1,7 @@ +apiVersion: 1 +datasources: +- isDefault: true + name: Prometheus + type: prometheus + url: http://prod-prometheus-server + diff --git a/deploy/prod/grafana.ini b/deploy/prod/grafana.ini new file mode 100644 index 0000000..3e911b1 --- /dev/null +++ b/deploy/prod/grafana.ini @@ -0,0 +1,15 @@ +[analytics] +reporting_enabled = false +check_for_updates = false +check_for_plugin_updates = false +enable_feedback_links = false +[grafana_net] +url = https://grafana.net +[log] +mode = console +; level = debug +[paths] +data = /var/lib/grafana/ +logs = /var/log/grafana +plugins = /var/lib/grafana/plugins +provisioning = /etc/grafana/provisioning diff --git a/deploy/prod/kustomization.yaml b/deploy/prod/kustomization.yaml index 694590b..f3a5082 100644 --- a/deploy/prod/kustomization.yaml +++ b/deploy/prod/kustomization.yaml @@ -9,13 +9,29 @@ configMapGenerator: behavior: merge files: - prometheus.yml=prometheus.yaml +- name: grafana + behavior: merge + files: + - grafana.ini + - datasources.yaml=grafana-datasources.yaml secretGenerator: - name: prometheus-credentials files: - secrets/exporter-password +- name: grafana-credentials + files: + - admin-user=secrets/grafana-admin-user + - admin-password=secrets/grafana-admin-password patches: +# Patch the ingress-nginx deployment to allow it to use a service with a +# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289. +- target: + kind: Deployment + name: ingress-nginx-controller + path: deploy-ingress-nginx.yaml + # Patch prometheus-server pod to mount the secrets volume. - target: kind: Deployment @@ -25,7 +41,6 @@ patches: path: /spec/template/spec/volumes/- value: secret: - defaultMode: 420 secretName: prod-prometheus-credentials name: secrets-volume - op: add @@ -35,9 +50,8 @@ patches: name: secrets-volume readOnly: true -# Patch the ingress-nginx deployment to allow it to use a service with a -# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289. +# Patch Grafana deployment to inject PostgreSQL credentials: - target: kind: Deployment - name: ingress-nginx-controller - path: deploy-ingress-nginx.yaml + name: grafana + path: deploy-grafana.yaml diff --git a/deploy/prod/secrets/README.md b/deploy/prod/secrets/README.md index 54cb482..76686d8 100644 --- a/deploy/prod/secrets/README.md +++ b/deploy/prod/secrets/README.md @@ -5,3 +5,7 @@ TODO: find a way to encrypt these secrets at rest on dev machine. ### exporter-password The basic auth password required to access node-exporter endpoints. See ansible-vault. + +### grafana-admin-user, grafana-admin-password + +The credentials used to create the Grafana admin user. See 1password. diff --git a/deploy/prod/secrets/env.example b/deploy/prod/secrets/env.example index b735602..91e40cb 100644 --- a/deploy/prod/secrets/env.example +++ b/deploy/prod/secrets/env.example @@ -1,2 +1,3 @@ NETFLUX_PRIVATE_IP=1.2.3.4 POSTGRESQL_IP=1.2.3.4 +GRAFANA_POSTGRESQL_PASSWORD=hackme