PoC - create a working custom-grafana-dashboard for argoCD metrics

grafana/base/configmaps/grafana-config-overrides.yaml

@@ -0,0 +1,6 @@
+kind: ConfigMap
+metadata:
+  name: grafana-config-overrides
+  namespace: grafana
+apiVersion: v1
+data:

grafana/base/configmaps/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - grafana-config-overrides.yaml

grafana/base/grafanadatasources/grafanadatasource.yaml

@@ -0,0 +1,38 @@
+apiVersion: integreatly.org/v1alpha1
+kind: GrafanaDataSource
+metadata:
+  name: loki-datasource
+  namespace: grafana
+spec:
+  name: loki
+  datasources:
+    - name: application-logging
+      type: loki
+      url: >-
+        https://lokistack-querier-http.openshift-operators-redhat.svc.cluster.local:3100
+      withCredentials: true
+      jsonData:
+        tlsSkipVerify: true
+        httpHeaderName1: X-Scope-OrgID
+      secureJsonData:
+        httpHeaderValue1: application
+    - name: infrastructure-logging
+      type: loki
+      url: >-
+        https://lokistack-querier-http.openshift-operators-redhat.svc.cluster.local:3100
+      withCredentials: true
+      jsonData:
+        tlsSkipVerify: true
+        httpHeaderName1: X-Scope-OrgID
+      secureJsonData:
+        httpHeaderValue1: infrastructure
+    - name: audit-logging
+      type: loki
+      url: >-
+        https://lokistack-querier-http.openshift-operators-redhat.svc.cluster.local:3100
+      withCredentials: true
+      jsonData:
+        tlsSkipVerify: true
+        httpHeaderName1: X-Scope-OrgID
+      secureJsonData:
+        httpHeaderValue1: audit

grafana/base/grafanadatasources/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - grafanadatasource.yaml

grafana/base/grafanas/grafana.yaml

@@ -0,0 +1,26 @@
+apiVersion: integreatly.org/v1alpha1
+kind: Grafana
+metadata:
+  name: grafana
+  namespace: grafana
+spec:
+  deployment:
+    envFrom:
+      - configMapRef:
+          name: grafana-config-overrides
+  config:
+    server:
+      root_url: $GRAFANA_ROOT_URL
+    auth.generic_oauth:
+      enabled: true
+      scopes: openid email groups profile
+      email_attribute_path: name
+      api_url: https://dex-dex.apps.nerc-ocp-infra.rc.fas.harvard.edu/userinfo
+      auth_url: https://dex-dex.apps.nerc-ocp-infra.rc.fas.harvard.edu/auth
+      token_url: https://dex-dex.apps.nerc-ocp-infra.rc.fas.harvard.edu/token
+      role_attribute_path: >-
+        contains(groups[*], 'cluster-admins') && 'Admin' ||
+        contains(groups[*], 'nerc-org-admins')  && 'Admin' ||
+        contains(groups[*], 'nerc-ops')   && 'Editor' ||
+        'Deny'
+      role_attribute_strict: true

grafana/base/grafanas/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - grafana.yaml

grafana/base/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - operatorgroups
+  - subscriptions
+  - configmaps
+  - grafanas
+  #  - grafanadatasources
+  - routes
+  - serviceaccounts
+commonLabels:
+  app.kubernetes.io/name: grafana
+  app.kubernetes.io/component: grafana
+  app.kubernetes.io/part-of: cluster-logging

grafana/base/operatorgroups/grafana.yaml

@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: grafana
+  namespace: grafana
+spec:
+  targetNamespaces:
+    - grafana

grafana/base/operatorgroups/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - grafana.yaml

grafana/base/routes/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- route.yaml

grafana/base/routes/route.yaml

@@ -0,0 +1,17 @@
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: grafana
+  namespace: grafana
+spec:
+  host: grafana.apps.nerc-ocp-infra.rc.fas.harvard.edu
+  to:
+    kind: Service
+    name: grafana-service
+    weight: 100
+  port:
+    targetPort: grafana
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None

grafana/base/serviceaccounts/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - serviceaccount.yaml

grafana/base/serviceaccounts/serviceaccount.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: patch-operator
+  namespace: grafana

grafana/base/subscriptions/grafana-operator.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: grafana-operator
+  namespace: grafana
+spec:
+  channel: v4
+  installPlanApproval: Automatic
+  name: grafana-operator
+  source: community-operators
+  sourceNamespace: openshift-marketplace

grafana/base/subscriptions/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - grafana-operator.yaml

grafana/overlays/nerc-ocp-infra/externalsecrets/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- oauth-client-secret.yaml

grafana/overlays/nerc-ocp-infra/externalsecrets/oauth-client-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oauth-client-secret
+  namespace: grafana
+spec:
+  secretStoreRef:
+    name: nerc-cluster-secrets
+    kind: ClusterSecretStore
+  target:
+    name: oauth-client-secret
+  data:
+  - secretKey: GRAFANA_SECRET
+    remoteRef:
+      key: nerc/nerc-ocp-infra/dex/dex-clients
+      property: GRAFANA_SECRET

grafana/overlays/nerc-ocp-infra/grafanas/logging-grafana_patch.yaml

@@ -0,0 +1,9 @@
+apiVersion: integreatly.org/v1alpha1
+kind: Grafana
+metadata:
+  name: grafana
+  namespace: grafana
+spec:
+  config:
+    server:
+      root_url: https://grafana.apps.nerc-ocp-infra.rc.fas.harvard.edu

grafana/overlays/nerc-ocp-infra/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+  - externalsecrets
+  - patches/logging-grafana-patch.yaml
+
+patchesStrategicMerge:
+  - grafanas/logging-grafana_patch.yaml

grafana/overlays/nerc-ocp-infra/patches/logging-grafana-patch.yaml

@@ -0,0 +1,26 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: Patch
+metadata:
+  name: logging-grafana-patch
+  namespace: grafana
+spec:
+  serviceAccountRef:
+    name: patch-operator
+  patches:
+    logging-grafana-patch:
+      targetObjectRef:
+        apiVersion: integreatly.org/v1alpha1
+        kind: Grafana
+        name: grafana
+      patchTemplate: |
+        spec:
+          config:
+            auth.generic_oauth:
+              client_id: grafana
+              client_secret: {{ (index . 1).data.GRAFANA_SECRET | b64dec }}
+      patchType: application/merge-patch+json
+      sourceObjectRefs:
+      - apiVersion: v1
+        kind: Secret
+        name: oauth-client-secret
+        namespace: grafana