Add Grafana

2022-05-09 05:34:36 +02:00 · 2022-05-09 05:34:36 +02:00 · 2ce28000a7
parent b6312a527b
commit 2ce28000a7
11 changed files with 204 additions and 5 deletions
--- a/deploy/base/kustomization.yaml
+++ b/deploy/base/kustomization.yaml
@ -21,3 +21,56 @@ helmCharts:
  includeCRDs: true
  releaseName: prometheus
  valuesInline: {}
+- name: grafana
+  repo: https://grafana.github.io/helm-charts
+  version: "6.29.1"
+  releaseName: grafana
+  valuesInline:
+    admin:
+      existingSecret: grafana-credentials
+    # Seems to launch a failing container, disabling for now:
+    testFramework:
+      enabled: false
+    persistence:
+      enabled: false
+    # Note: datasources are patched in overlays to correct the URLs.
+    # Including here is required for the helm chart to mount the configmap
+    # volume.
+    datasources:
+      datasources.yaml:
+        apiVersion: 1
+        datasources:
+        - isDefault: true
+          name: Prometheus
+          type: prometheus
+          url: http://prometheus-server
+    dashboardProviders:
+      dashboardproviders.yaml:
+        apiVersion: 1
+        providers:
+        - name: 'default'
+          orgId: 1
+          folder: ''
+          type: file
+          disableDeletion: false
+          editable: true
+          options:
+            path: /var/lib/grafana/dashboards/default
+    dashboards:
+      default:
+        postgresql:
+          gnetId: 9628
+          revision: 7
+          datasource: Prometheus
+        node:
+          gnetId: 1860
+          revision: 26
+          datasource: Prometheus
+        nginx-ingress:
+          gnetId: 9614
+          revision: 1
+          datasource: Prometheus
+        kubernetes-apiserver:
+          gnetId: 12006
+          revision: 1
+          datasource: Prometheus
--- a/deploy/dev/deploy-grafana.yaml
+++ b/deploy/dev/deploy-grafana.yaml
@ -0,0 +1,31 @@
+---
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_TYPE
+    value: postgres
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_HOST
+    value: dev-db
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_PORT
+    value: "5432"
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_USER
+    value: postgres
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_PASSWORD
+    value: testme
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_NAME
+    value: grafana
--- a/deploy/dev/grafana-datasources.yaml
+++ b/deploy/dev/grafana-datasources.yaml
@ -0,0 +1,6 @@
+apiVersion: 1
+datasources:
+- isDefault: true
+  name: Prometheus
+  type: prometheus
+  url: http://dev-prometheus-server
--- a/deploy/dev/grafana.ini
+++ b/deploy/dev/grafana.ini
@ -0,0 +1,15 @@
+[analytics]
+reporting_enabled = false
+check_for_updates = false
+check_for_plugin_updates = false
+enable_feedback_links = false
+[grafana_net]
+url = https://grafana.net
+[log]
+mode = console
+; level = debug
+[paths]
+data = /var/lib/grafana/
+logs = /var/log/grafana
+plugins = /var/lib/grafana/plugins
+provisioning = /etc/grafana/provisioning
--- a/deploy/dev/kustomization.yaml
+++ b/deploy/dev/kustomization.yaml
@ -21,6 +21,17 @@ configMapGenerator:
  behavior: merge
  files:
  - prometheus.yml=prometheus.yaml
+- name: grafana
+  behavior: merge
+  files:
+  - grafana.ini
+  - datasources.yaml=grafana-datasources.yaml
+
+secretGenerator:
+- name: grafana-credentials
+  literals:
+  - admin-user=rob
+  - admin-password=testme

 patches:
 # Patch the ingress-nginx deployment to allow it to use a service with a
@ -29,3 +40,9 @@ patches:
    kind: Deployment
    name: ingress-nginx-controller
  path: deploy-ingress-nginx.yaml
+
+# Patch Grafana deployment to inject PostgreSQL credentials:
+- target:
+    kind: Deployment
+    name: grafana
+  path: deploy-grafana.yaml
--- a/deploy/prod/deploy-grafana.yaml
+++ b/deploy/prod/deploy-grafana.yaml
@ -0,0 +1,36 @@
+---
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_TYPE
+    value: postgres
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_HOST
+    value: prod-db
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_PORT
+    value: "5432"
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_USER
+    value: grafana
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_PASSWORD
+    value: ${GRAFANA_POSTGRESQL_PASSWORD}
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_NAME
+    value: grafana
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GF_DATABASE_SSL_MODE
+    value: require
--- a/deploy/prod/grafana-datasources.yaml
+++ b/deploy/prod/grafana-datasources.yaml
@ -0,0 +1,7 @@
+apiVersion: 1
+datasources:
+- isDefault: true
+  name: Prometheus
+  type: prometheus
+  url: http://prod-prometheus-server
+
--- a/deploy/prod/grafana.ini
+++ b/deploy/prod/grafana.ini
@ -0,0 +1,15 @@
+[analytics]
+reporting_enabled = false
+check_for_updates = false
+check_for_plugin_updates = false
+enable_feedback_links = false
+[grafana_net]
+url = https://grafana.net
+[log]
+mode = console
+; level = debug
+[paths]
+data = /var/lib/grafana/
+logs = /var/log/grafana
+plugins = /var/lib/grafana/plugins
+provisioning = /etc/grafana/provisioning
--- a/deploy/prod/kustomization.yaml
+++ b/deploy/prod/kustomization.yaml
@ -9,13 +9,29 @@ configMapGenerator:
  behavior: merge
  files:
  - prometheus.yml=prometheus.yaml
+- name: grafana
+  behavior: merge
+  files:
+  - grafana.ini
+  - datasources.yaml=grafana-datasources.yaml

 secretGenerator:
 - name: prometheus-credentials
  files:
  - secrets/exporter-password
+- name: grafana-credentials
+  files:
+  - admin-user=secrets/grafana-admin-user
+  - admin-password=secrets/grafana-admin-password

 patches:
+# Patch the ingress-nginx deployment to allow it to use a service with a
+# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
+- target:
+    kind: Deployment
+    name: ingress-nginx-controller
+  path: deploy-ingress-nginx.yaml
+
 # Patch prometheus-server pod to mount the secrets volume.
 - target:
    kind: Deployment
@ -25,7 +41,6 @@ patches:
      path: /spec/template/spec/volumes/-
      value:
        secret:
-          defaultMode: 420
          secretName: prod-prometheus-credentials
        name: secrets-volume
    - op: add
@ -35,9 +50,8 @@ patches:
        name: secrets-volume
        readOnly: true

-# Patch the ingress-nginx deployment to allow it to use a service with a
-# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
+# Patch Grafana deployment to inject PostgreSQL credentials:
 - target:
    kind: Deployment
-    name: ingress-nginx-controller
-  path: deploy-ingress-nginx.yaml
+    name: grafana
+  path: deploy-grafana.yaml
--- a/deploy/prod/secrets/README.md
+++ b/deploy/prod/secrets/README.md
@ -5,3 +5,7 @@ TODO: find a way to encrypt these secrets at rest on dev machine.
 ### exporter-password

 The basic auth password required to access node-exporter endpoints. See ansible-vault.
+
+### grafana-admin-user, grafana-admin-password
+
+The credentials used to create the Grafana admin user. See 1password.
--- a/deploy/prod/secrets/env.example
+++ b/deploy/prod/secrets/env.example
@ -1,2 +1,3 @@
 NETFLUX_PRIVATE_IP=1.2.3.4
 POSTGRESQL_IP=1.2.3.4
+GRAFANA_POSTGRESQL_PASSWORD=hackme