Add Grafana

This commit is contained in:
Rob Watson 2022-05-09 05:34:36 +02:00
parent b6312a527b
commit 2ce28000a7
11 changed files with 204 additions and 5 deletions

View File

@ -21,3 +21,56 @@ helmCharts:
includeCRDs: true includeCRDs: true
releaseName: prometheus releaseName: prometheus
valuesInline: {} valuesInline: {}
- name: grafana
repo: https://grafana.github.io/helm-charts
version: "6.29.1"
releaseName: grafana
valuesInline:
admin:
existingSecret: grafana-credentials
# Seems to launch a failing container, disabling for now:
testFramework:
enabled: false
persistence:
enabled: false
# Note: datasources are patched in overlays to correct the URLs.
# Including here is required for the helm chart to mount the configmap
# volume.
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- isDefault: true
name: Prometheus
type: prometheus
url: http://prometheus-server
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
postgresql:
gnetId: 9628
revision: 7
datasource: Prometheus
node:
gnetId: 1860
revision: 26
datasource: Prometheus
nginx-ingress:
gnetId: 9614
revision: 1
datasource: Prometheus
kubernetes-apiserver:
gnetId: 12006
revision: 1
datasource: Prometheus

View File

@ -0,0 +1,31 @@
---
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_TYPE
value: postgres
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_HOST
value: dev-db
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_PORT
value: "5432"
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_USER
value: postgres
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_PASSWORD
value: testme
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_NAME
value: grafana

View File

@ -0,0 +1,6 @@
apiVersion: 1
datasources:
- isDefault: true
name: Prometheus
type: prometheus
url: http://dev-prometheus-server

15
deploy/dev/grafana.ini Normal file
View File

@ -0,0 +1,15 @@
[analytics]
reporting_enabled = false
check_for_updates = false
check_for_plugin_updates = false
enable_feedback_links = false
[grafana_net]
url = https://grafana.net
[log]
mode = console
; level = debug
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning

View File

@ -21,6 +21,17 @@ configMapGenerator:
behavior: merge behavior: merge
files: files:
- prometheus.yml=prometheus.yaml - prometheus.yml=prometheus.yaml
- name: grafana
behavior: merge
files:
- grafana.ini
- datasources.yaml=grafana-datasources.yaml
secretGenerator:
- name: grafana-credentials
literals:
- admin-user=rob
- admin-password=testme
patches: patches:
# Patch the ingress-nginx deployment to allow it to use a service with a # Patch the ingress-nginx deployment to allow it to use a service with a
@ -29,3 +40,9 @@ patches:
kind: Deployment kind: Deployment
name: ingress-nginx-controller name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml path: deploy-ingress-nginx.yaml
# Patch Grafana deployment to inject PostgreSQL credentials:
- target:
kind: Deployment
name: grafana
path: deploy-grafana.yaml

View File

@ -0,0 +1,36 @@
---
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_TYPE
value: postgres
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_HOST
value: prod-db
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_PORT
value: "5432"
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_USER
value: grafana
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_PASSWORD
value: ${GRAFANA_POSTGRESQL_PASSWORD}
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_NAME
value: grafana
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: GF_DATABASE_SSL_MODE
value: require

View File

@ -0,0 +1,7 @@
apiVersion: 1
datasources:
- isDefault: true
name: Prometheus
type: prometheus
url: http://prod-prometheus-server

15
deploy/prod/grafana.ini Normal file
View File

@ -0,0 +1,15 @@
[analytics]
reporting_enabled = false
check_for_updates = false
check_for_plugin_updates = false
enable_feedback_links = false
[grafana_net]
url = https://grafana.net
[log]
mode = console
; level = debug
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning

View File

@ -9,13 +9,29 @@ configMapGenerator:
behavior: merge behavior: merge
files: files:
- prometheus.yml=prometheus.yaml - prometheus.yml=prometheus.yaml
- name: grafana
behavior: merge
files:
- grafana.ini
- datasources.yaml=grafana-datasources.yaml
secretGenerator: secretGenerator:
- name: prometheus-credentials - name: prometheus-credentials
files: files:
- secrets/exporter-password - secrets/exporter-password
- name: grafana-credentials
files:
- admin-user=secrets/grafana-admin-user
- admin-password=secrets/grafana-admin-password
patches: patches:
# Patch the ingress-nginx deployment to allow it to use a service with a
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target:
kind: Deployment
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
# Patch prometheus-server pod to mount the secrets volume. # Patch prometheus-server pod to mount the secrets volume.
- target: - target:
kind: Deployment kind: Deployment
@ -25,7 +41,6 @@ patches:
path: /spec/template/spec/volumes/- path: /spec/template/spec/volumes/-
value: value:
secret: secret:
defaultMode: 420
secretName: prod-prometheus-credentials secretName: prod-prometheus-credentials
name: secrets-volume name: secrets-volume
- op: add - op: add
@ -35,9 +50,8 @@ patches:
name: secrets-volume name: secrets-volume
readOnly: true readOnly: true
# Patch the ingress-nginx deployment to allow it to use a service with a # Patch Grafana deployment to inject PostgreSQL credentials:
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target: - target:
kind: Deployment kind: Deployment
name: ingress-nginx-controller name: grafana
path: deploy-ingress-nginx.yaml path: deploy-grafana.yaml

View File

@ -5,3 +5,7 @@ TODO: find a way to encrypt these secrets at rest on dev machine.
### exporter-password ### exporter-password
The basic auth password required to access node-exporter endpoints. See ansible-vault. The basic auth password required to access node-exporter endpoints. See ansible-vault.
### grafana-admin-user, grafana-admin-password
The credentials used to create the Grafana admin user. See 1password.

View File

@ -1,2 +1,3 @@
NETFLUX_PRIVATE_IP=1.2.3.4 NETFLUX_PRIVATE_IP=1.2.3.4
POSTGRESQL_IP=1.2.3.4 POSTGRESQL_IP=1.2.3.4
GRAFANA_POSTGRESQL_PASSWORD=hackme