-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom grafana dashboard #317
Conversation
Why? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
working together with Jeet in a call
checking and linting together
271f199
to
f01f908
Compare
@larsks after a couple hours going crazy testing out a custom dashboard in the ACM grafana, I can't explain why, but naming the dashboard anything but |
@computate thanks for checking the argocd naming problem we had and confirming it. |
2a74c05
to
513a5a7
Compare
@larsks I'm having trouble with the Patch Operator with this PR. I have applied the changes from this branch to test it:
The Patches say oc --as system:admin -n grafana get patch/grafana-oauth -o yaml | grep 'status:' -A 20
oc --as system:admin -n grafana get patch/grafanadatasource-observability-metrics -o yaml | grep 'status:' -A 20 But the objects are not patched: oc --as system:admin -n grafana get grafana/grafana -o yaml | grep 'root_url:'
oc --as system:admin -n grafana get grafanadatasource/observability-metrics -o yaml | grep 'secureJsonData:' -A 2 @larsks Can you please help me understand why the patches are not working, and if I need this ClusterRoleBinding? apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: grafana-node-labeler-patcher
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: node-labeler
subjects:
- kind: ServiceAccount
name: patcher
namespace: grafana |
@computate, looking at the logs for the patch operator, we see the following errors after creating the Patch resource:
It looks like a permissions issue; we'll need to add some RBAC to provide the necessary permissions. ...but the |
Add this RBAC to your pr and things seem to work as expected:
Following our organizational model, that should go into the |
...or not, since I see the |
@computate, looking at https://github.com/grafana-operator/grafana-operator/blob/v3.6.0/documentation/env_vars.md this patching may no longer be necessary. I'm not 100% positive; followed grafana/grafana-operator#130 to find that link and I'm taking a closer look now. |
I think you ought to be able to do something like this... In the Grafana resource:
And in grafana-secrets:
You should be patching |
@computate with this latest set of changes I think everything is working (and no more patch operator required). |
89a9b74
to
39577cb
Compare
This will allow cluster-admins, nerc-org-admins, and nerc-ops teams to develop new dashboards using the existing multi-cluster observability metrics. rh-pre-commit.version: 2.0.3 rh-pre-commit.check-secrets: ENABLED
We're reusing the dex configuration for logging-grafana, but we had not updated the list of valid redirect urls in Dex, so oauth logins were failing.
Previously we were storing a service account token in the vault and retrieving it via an ExternalSecret. This is not necessary; Kubernetes already has the ability to populate a Secret with the token for a service account [1]. [1]: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#create-token
This commit removes the patch-operator [1] based patches and accompanying support resources such as service accounts, RBAC, etc. [1]: https://github.com/redhat-cop/patch-operator
We're not using the grafana-config-overrides ConfigMap.
Grafana supports setting configuration from environment variables [1]. This commit renames the secret key in the oauth-client-secret resource to match the required variable name pattern so that Grafana will get the oauth client secret from the environment. [1]: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables
Grafana supports environment variable substitution in data sources [1]. This commit modifies the observability-metrics datasource to get the service account token and CA certificate from the environment, rather than using a live patch. [1]: https://grafana.com/docs/grafana/latest/administration/provisioning/#using-environment-variables
The server root_url and the oauth client id are not dynamic nor are they secret, so we can set them statically rather than patching them.
This commit modifies the Grafana resource to read environment variables from the oauth-client-secret and grafana-serviceaccount-token Secrets and the openshift-service-ca.crt ConfigMap.
This commit has some minor formatting changes that didn't really fit in anywhere else.
39577cb
to
968d127
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@larsks Nice work with the secretGenerator, ExternalSecrets, and environment variable substitutions, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@larsks awesome work, thanks for having these ideas/digging them up. appreciated.
Also thanks for getting me all the details in our call.
grafana/overlays/nerc-ocp-infra/grafanadatasources/observability-metrics.yaml
Outdated
Show resolved
Hide resolved
960850c
to
ca68014
Compare
A new custom Grafana dashboard was created and tested by bringing in metrics from ArgoCD. ArgoCD provides a JSON template download, and code from the JSON download could be copied into the config file and appropriate changes made to ensure metrics from ArgoCD dashboard are pulled in and made visible in the custom Grafana dashboard. Additional information is available at https://grafana.com/grafana/dashboards/14584-argocd/
A key item to make a note of is that one cannot use the word "ArgoCD" or "argocd" just by itself in the value for the key "title" in the grafana-dashboard-argocd.yaml. When changed to "ArgoCD xxxxx" ("ArgoCD stats" in our case and it worked fine.