From edeb6f16f8bb2fb8a25c6aebf6c030cdabfcb4d3 Mon Sep 17 00:00:00 2001 From: Jorge Perez Date: Tue, 19 Mar 2024 20:26:34 -0500 Subject: [PATCH 1/3] Added example files and updated grafana docs Signed-off-by: Jorge Perez --- docs/grafana.md | 87 +++++++++++-------- .../grafana/base/azure-client-secret.yaml | 9 ++ kustomize/grafana/base/datasources.yaml | 14 +++ kustomize/grafana/base/example-cert.pem | 23 +++++ kustomize/grafana/base/example-key.pem | 27 ++++++ kustomize/grafana/base/grafana-values.yaml | 7 +- kustomize/grafana/base/kustomization.yaml | 3 + 7 files changed, 130 insertions(+), 40 deletions(-) create mode 100644 kustomize/grafana/base/azure-client-secret.yaml create mode 100644 kustomize/grafana/base/datasources.yaml create mode 100644 kustomize/grafana/base/example-cert.pem create mode 100644 kustomize/grafana/base/example-key.pem diff --git a/docs/grafana.md b/docs/grafana.md index 55db8c6d..d4a47cb7 100644 --- a/docs/grafana.md +++ b/docs/grafana.md @@ -15,6 +15,13 @@ In order to avoid putting sensative information on the cli, it is recommended to create and use a secret file instead. +You can base64 encode your `client_id` and `client_secret` by using the echo and base64 command: + +``` shell +echo -n "YOUR CLIENT ID OR SECRET" | base64 +``` + +This example file is located at `/opt/genestack/kustomize/grafana/base` example secret file: ``` yaml @@ -31,40 +38,17 @@ type: opaque --- -## Create a datasources yaml - -If you have specific datasources that should be populated when grafana deploys, create a seperate datasource.yaml. The example below shows one way to configure prometheus and loki datasources. - -example datasources yaml file: - -``` yaml -datasources: - datasources.yaml: - apiversion: 1 - datasources: - - name: prometheus - type: prometheus - access: proxy - url: http://kube-prometheus-stack-prometheus.prometheus.svc.cluster.local:9090 - isdefault: true - - name: loki - type: loki - access: proxy - url: http://loki-gateway.{{ .release.namespace }}.svc.cluster.local:80 - editable: false -``` - ---- - ## Create your ssl files If you are configuring grafana to use tls/ssl, you should create a file for your certificate and a file for your key. After the deployment, these files can be deleted if desired since the cert and key will now be in a Kubernetes secret. Your cert and key files should look something like the following (cert and key example taken from [VMware Docs](https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-BBC4804F-AC54-4DD2-BF6B-ECD2F60083F6.html "VMware Docs")). +These example files are located in `/opt/genestack/kustomize/grafana/base` + ??? example - === "Cert file" + === "Cert file (example-cert.pem)" ``` -----BEGIN CERTIFICATE----- MIID0DCCARIGAWIBAGIBATANBGKQHKIG9W0BAQUFADB/MQSWCQYDVQQGEWJGUJET @@ -91,7 +75,7 @@ Your cert and key files should look something like the following (cert and key e -----END CERTIFICATE----- ``` - === "Key file" + === "Key file (example-key.pem)" ``` -----BEGIN RSA PRIVATE KEY----- MIIEOWIBAAKCAQEAVPNAPKLIKDVX98KW68LZ8PGARRCYERSNGQPJPIFMVJJE8LUC @@ -124,17 +108,46 @@ Your cert and key files should look something like the following (cert and key e --- -## Add repo and install +## Update datasources.yaml -``` shell -helm repo add grafana https://grafana.github.io/helm-charts -helm repo update -kubectl create ns grafana -kubectl -n grafana create secret tls grafana-tls-public --cert=your_cert_file --key=your_key_file +The datasource.yaml file is located at `/opt/genestack/kustomize/grafana/base` -kubectl -n grafana create secret generic azure-client --type opaque --from-literal=client_id="your_client_id" --from-literal=client_secret="your_client_secret" -or -kubectl -n grafana apply -f azure-secrets.yaml +If you have specific datasources that should be populated when grafana deploys, update the datasource.yaml to use your values. The example below shows one way to configure prometheus and loki datasources. + +example datasources.yaml file: + +``` yaml +datasources: + datasources.yaml: + apiversion: 1 + datasources: + - name: prometheus + type: prometheus + access: proxy + url: http://kube-prometheus-stack-prometheus.prometheus.svc.cluster.local:9090 + isdefault: true + - name: loki + type: loki + access: proxy + url: http://loki-gateway.{{ $.Release.Namespace }}.svc.cluster.local:80 + editable: false +``` + +--- + +## Update grafana-values.yaml + +The grafana-values.yaml file is located at `/opt/genestack/kustomize/grafana/base` + +You must edit this file to include your specific url and + +--- + +## Create the tls secret and install + +``` shell +kubectl -n grafana create secret tls grafana-tls-public --cert=/opt/genestack/kustomize/grafana/base/cert.pem --key=/opt/genestack/kustomize/grafana/base/key.pem -helm upgrade --install grafana grafana/grafana --namespace grafana --values overrides.yaml -f datasources.yaml --set tenant_id=your_tenant_id --set custom_host=your_url_for_ingress +kubectl kustomize --enable-helm /opt/genestack/kustomize/grafana/base | \ + kubectl -n grafana -f - ``` diff --git a/kustomize/grafana/base/azure-client-secret.yaml b/kustomize/grafana/base/azure-client-secret.yaml new file mode 100644 index 00000000..d8b59ee0 --- /dev/null +++ b/kustomize/grafana/base/azure-client-secret.yaml @@ -0,0 +1,9 @@ +apiversion: v1 +data: + client_id: base64_encoded_client_id + client_secret: base64_encoded_client_secret +kind: secret +metadata: + name: azure-client + namespace: grafana +type: opaque \ No newline at end of file diff --git a/kustomize/grafana/base/datasources.yaml b/kustomize/grafana/base/datasources.yaml new file mode 100644 index 00000000..6ae7e3a3 --- /dev/null +++ b/kustomize/grafana/base/datasources.yaml @@ -0,0 +1,14 @@ +datasources: + datasources.yaml: + apiversion: 1 + datasources: + - name: prometheus + type: prometheus + access: proxy + url: http://kube-prometheus-stack-prometheus.prometheus.svc.cluster.local:9090 + isdefault: true + - name: loki + type: loki + access: proxy + url: http://loki-gateway.{{ $.Release.Namespace }}.svc.cluster.local:80 + editable: false diff --git a/kustomize/grafana/base/example-cert.pem b/kustomize/grafana/base/example-cert.pem new file mode 100644 index 00000000..dffee0a3 --- /dev/null +++ b/kustomize/grafana/base/example-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCARIGAWIBAGIBATANBGKQHKIG9W0BAQUFADB/MQSWCQYDVQQGEWJGUJET +MBEGA1UECAWKU29TZS1TDGF0ZTEOMAWGA1UEBWWFUGFYAXMXDTALBGNVBAOMBERP +BWKXDTALBGNVBASMBE5TQLUXEDAOBGNVBAMMB0RPBWKGQ0EXGZAZBGKQHKIG9W0B +CQEWDGRPBWLAZGLTAS5MCJAEFW0XNDAXMJGYMDM2NTVAFW0YNDAXMJYYMDM2NTVA +MFSXCZAJBGNVBAYTAKZSMRMWEQYDVQQIDAPTB21LLVN0YXRLMSEWHWYDVQQKDBHJ +BNRLCM5LDCBXAWRNAXRZIFB0ESBMDGQXFDASBGNVBAMMC3D3DY5KAW1PLMZYMIIB +IJANBGKQHKIG9W0BAQEFAAOCAQ8AMIIBCGKCAQEAVPNAPKLIKDVX98KW68LZ8PGA +RRCYERSNGQPJPIFMVJJE8LUCOXGPU0HEPNNTUJPSHBNYNKCVRTWHN+HAKBSP+QWX +SXITRW99HBFAL1MDQYWCUKOEB9CW6INCTVUN4IRVKN9T8E6Q174RBCNWA/7YTC7P +1NCVW+6B/AAN9L1G2PQXGRDYC/+G6O1IZEHTWHQZE97NY5QKNUUVD0V09DC5CDYB +AKJQETWWV6DFK/GRDOSED/6BW+20Z0QSHPA3YNW6QSP+X5PYYMDRZRIR03OS6DAU +ZKCHSRYC/WHVURX6O85D6QPZYWO8XWNALZHXTQPGCIA5SU9ZIYTV9LH2E+LSWWID +AQABO3SWETAJBGNVHRMEAJAAMCWGCWCGSAGG+EIBDQQFFH1PCGVUU1NMIEDLBMVY +YXRLZCBDZXJ0AWZPY2F0ZTADBGNVHQ4EFGQU+TUGFTYN+CXE1WXUQEA7X+YS3BGW +HWYDVR0JBBGWFOAUHMWQKBBRGP87HXFVWGPNLGGVR64WDQYJKOZIHVCNAQEFBQAD +GGEBAIEEMQQHEZEXZ4CKHE5UM9VCKZKJ5IV9TFS/A9CCQUEPZPLT7YVMEVBFNOC0 ++1ZYR4TXGI4+5MHGZHYCIVVHO4HKQYM+J+O5MWQINF1QOAHUO7CLD3WNA1SKCVUV +VEPIXC/1AHZRG+DPEEHT0MDFFOW13YDUC2FH6AQEDCEL4AV5PXQ2EYR8HR4ZKBC1 +FBTUQUSVA8NWSIYZQ16FYGVE+ANF6VXVUIZYVWDRPRV/KFVLNA3ZPNLMMXU98MVH +PXY3PKB8++6U4Y3VDK2NI2WYYLILS8YQBM4327IKMKDC2TIMS8U60CT47MKU7ADY +CBTV5RDKRLAYWM5YQLTIGLVCV7O= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/kustomize/grafana/base/example-key.pem b/kustomize/grafana/base/example-key.pem new file mode 100644 index 00000000..ddabc18b --- /dev/null +++ b/kustomize/grafana/base/example-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEOWIBAAKCAQEAVPNAPKLIKDVX98KW68LZ8PGARRCYERSNGQPJPIFMVJJE8LUC +OXGPU0HEPNNTUJPSHBNYNKCVRTWHN+HAKBSP+QWXSXITRW99HBFAL1MDQYWCUKOE +B9CW6INCTVUN4IRVKN9T8E6Q174RBCNWA/7YTC7P1NCVW+6B/AAN9L1G2PQXGRDY +C/+G6O1IZEHTWHQZE97NY5QKNUUVD0V09DC5CDYBAKJQETWWV6DFK/GRDOSED/6B +W+20Z0QSHPA3YNW6QSP+X5PYYMDRZRIR03OS6DAUZKCHSRYC/WHVURX6O85D6QPZ +YWO8XWNALZHXTQPGCIA5SU9ZIYTV9LH2E+LSWWIDAQABAOIBAFML8CD9A5PMQLW3 +F9BTTQZ1SRL4FVP7CMHSXHVJSJEHWHHCKEE0OBKWTRSGKTSM1XLU5W8IITNHN0+1 +INR+78EB+RRGNGDAXH8DIODKEY+8/CEE8TFI3JYUTKDRLXMBWIKSOUVVIUMOQ3FX +OGQYWQ0Z2L/PVCWY/Y82FFQ3YSC5GAJSBBYSCRG14BQO44ULRELE4SDWS5HCJKYB +EI2B8COMUCQZSOTXG9NILN/JE2BO/I2HGSAWIBGCODBMS8K6TVSSRZMR3KJ5O6J+ +77LGWKH37BRVGBVYVBQ6NWPL0XLG7DUV+7LWEO5QQAPY6AXB/ZBCKQLQU6/EJOVE +YDG5JQECGYEA9KKFTZD/WEVAREA0DZFEJRU8VLNWOAGL7CJAODXQXOS4MCR5MPDT +KBWGFKLFFH/AYUNPBLK6BCJP1XK67B13ETUA3I9Q5T1WUZEOBIKKBLFM9DDQJT43 +UKZWJXBKFGSVFRYPTGZST719MZVCPCT2CZPJEGN3HLPT6FYW3EORNOECGYEAXIOU +JWXCOMUGAB7+OW2TR0PGEZBVVLEGDKAJ6TC/HOKM1A8R2U4HLTEJJCRLLTFW++4I +DDHE2DLER4Q7O58SFLPHWGPMLDEZN7WRLGR7VYFUV7VMAHJGUC3GV9AGNHWDLA2Q +GBG9/R9OVFL0DC7CGJGLEUTITCYC31BGT3YHV0MCGYEA4K3DG4L+RN4PXDPHVK9I +PA1JXAJHEIFEHNAW1D3VWKBSKVJMGVF+9U5VEV+OWRHN1QZPZV4SURI6M/8LK8RA +GR4UNM4AQK4K/QKY4G05LKRIK9EV2CGQSLQDRA7CJQ+JN3NB50QG6HFNFPAFN+J7 +7JUWLN08WFYV4ATPDD+9XQECGYBXIZKZFL+9IQKFOCONVWAZGO+DQ1N0L3J4ITIK +W56CKWXYJ88D4QB4EUU3YJ4UB4S9MIAW/ELEWKZIBWPUPFAN0DB7I6H3ZMP5ZL8Q +QS3NQCB9DULMU2/TU641ERUKAMIOKA1G9SNDKAZUWO+O6FDKIB1RGOBK9XNN8R4R +PSV+AQKBGB+CICEXR30VYCV5BNZN9EFLIXNKAEMJURYCXCRQNVRNUIUBVAO8+JAE +CDLYGS5RTGOLZIB0IVERQWSP3EI1ACGULTS0VQ9GFLQGAN1SAMS40C9KVNS1MLDU +LHIHYPJ8USCVT5SNWO2N+M+6ANH5TPWDQNEK6ZILH4TRBUZAIHGB +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/kustomize/grafana/base/grafana-values.yaml b/kustomize/grafana/base/grafana-values.yaml index df9bccf9..13b92f7a 100644 --- a/kustomize/grafana/base/grafana-values.yaml +++ b/kustomize/grafana/base/grafana-values.yaml @@ -1,6 +1,7 @@ -custom_host: grafana.example.com # TODO: update this value. Can be set in CLI. -tenant_id: 122333 # TODO: update this value. Can be set in CLI. - +#### EDIT THESE TWO VARIABLES WITH YOUR VALUES +custom_host: grafana.example.com # TODO: update this value to the FQDN of your grafana site +tenant_id: 122333 # TODO: update this value to use your Azure Tenant ID +#### ingress: enabled: true diff --git a/kustomize/grafana/base/kustomization.yaml b/kustomize/grafana/base/kustomization.yaml index fa5255fb..9e94a166 100644 --- a/kustomize/grafana/base/kustomization.yaml +++ b/kustomize/grafana/base/kustomization.yaml @@ -1,5 +1,6 @@ resources: - ns-grafana.yaml + - azure-client-secret.yaml - grafana-database.yaml helmCharts: @@ -8,3 +9,5 @@ helmCharts: releaseName: grafana namespace: grafana valuesFile: grafana-values.yaml + additionalValuesFiles: + - datasources.yaml \ No newline at end of file From 1a13318edc364aa7d718a2db32b25140733e49d1 Mon Sep 17 00:00:00 2001 From: Jorge Perez Date: Wed, 20 Mar 2024 11:36:06 -0500 Subject: [PATCH 2/3] Added extra line at end of files Signed-off-by: Jorge Perez --- kustomize/grafana/base/azure-client-secret.yaml | 2 +- kustomize/grafana/base/example-cert.pem | 2 +- kustomize/grafana/base/example-key.pem | 2 +- kustomize/grafana/base/kustomization.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kustomize/grafana/base/azure-client-secret.yaml b/kustomize/grafana/base/azure-client-secret.yaml index d8b59ee0..e707a00c 100644 --- a/kustomize/grafana/base/azure-client-secret.yaml +++ b/kustomize/grafana/base/azure-client-secret.yaml @@ -6,4 +6,4 @@ kind: secret metadata: name: azure-client namespace: grafana -type: opaque \ No newline at end of file +type: opaque diff --git a/kustomize/grafana/base/example-cert.pem b/kustomize/grafana/base/example-cert.pem index dffee0a3..90e2af6b 100644 --- a/kustomize/grafana/base/example-cert.pem +++ b/kustomize/grafana/base/example-cert.pem @@ -20,4 +20,4 @@ VEPIXC/1AHZRG+DPEEHT0MDFFOW13YDUC2FH6AQEDCEL4AV5PXQ2EYR8HR4ZKBC1 FBTUQUSVA8NWSIYZQ16FYGVE+ANF6VXVUIZYVWDRPRV/KFVLNA3ZPNLMMXU98MVH PXY3PKB8++6U4Y3VDK2NI2WYYLILS8YQBM4327IKMKDC2TIMS8U60CT47MKU7ADY CBTV5RDKRLAYWM5YQLTIGLVCV7O= ------END CERTIFICATE----- \ No newline at end of file +-----END CERTIFICATE----- diff --git a/kustomize/grafana/base/example-key.pem b/kustomize/grafana/base/example-key.pem index ddabc18b..18e01dee 100644 --- a/kustomize/grafana/base/example-key.pem +++ b/kustomize/grafana/base/example-key.pem @@ -24,4 +24,4 @@ QS3NQCB9DULMU2/TU641ERUKAMIOKA1G9SNDKAZUWO+O6FDKIB1RGOBK9XNN8R4R PSV+AQKBGB+CICEXR30VYCV5BNZN9EFLIXNKAEMJURYCXCRQNVRNUIUBVAO8+JAE CDLYGS5RTGOLZIB0IVERQWSP3EI1ACGULTS0VQ9GFLQGAN1SAMS40C9KVNS1MLDU LHIHYPJ8USCVT5SNWO2N+M+6ANH5TPWDQNEK6ZILH4TRBUZAIHGB ------END RSA PRIVATE KEY----- \ No newline at end of file +-----END RSA PRIVATE KEY----- diff --git a/kustomize/grafana/base/kustomization.yaml b/kustomize/grafana/base/kustomization.yaml index 9e94a166..f50c4088 100644 --- a/kustomize/grafana/base/kustomization.yaml +++ b/kustomize/grafana/base/kustomization.yaml @@ -10,4 +10,4 @@ helmCharts: namespace: grafana valuesFile: grafana-values.yaml additionalValuesFiles: - - datasources.yaml \ No newline at end of file + - datasources.yaml From 90ff8ecac34fc45f005d23f5047c56090884be50 Mon Sep 17 00:00:00 2001 From: Jorge Perez Date: Wed, 20 Mar 2024 11:44:45 -0500 Subject: [PATCH 3/3] Missed updates to the grafana.md file. Signed-off-by: Jorge Perez --- docs/grafana.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/grafana.md b/docs/grafana.md index d4a47cb7..2e140acf 100644 --- a/docs/grafana.md +++ b/docs/grafana.md @@ -44,7 +44,7 @@ If you are configuring grafana to use tls/ssl, you should create a file for your Your cert and key files should look something like the following (cert and key example taken from [VMware Docs](https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-BBC4804F-AC54-4DD2-BF6B-ECD2F60083F6.html "VMware Docs")). -These example files are located in `/opt/genestack/kustomize/grafana/base` +These example files are located in `/opt/genestack/kustomize/grafana/base` ??? example @@ -139,7 +139,7 @@ datasources: The grafana-values.yaml file is located at `/opt/genestack/kustomize/grafana/base` -You must edit this file to include your specific url and +You must edit this file to include your specific url and azure tenant id ---