Find file History
cesaralbloz and k8s-ci-robot [stable/grafana] Add gerrit server as dashboard origin (#10711)
* [stable/grafana] Add gerrit server as dashboard origin

Signed-off-by: cesaralbloz <cesaralbloz@hotmail.com>

* [stable/grafana] Add gerrit server as dashboard origin

Signed-off-by: Cesar Alba Lozano <cesaralbloz@hotmail.com>
Latest commit 0077ae7 Jan 23, 2019

README.md

Grafana Helm Chart

  • Installs the web dashboarding system Grafana

TL;DR;

$ helm install stable/grafana

Installing the Chart

To install the chart with the release name my-release:

$ helm install --name my-release stable/grafana

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.

Configuration

Parameter Description Default
replicas Number of nodes 1
deploymentStrategy Deployment strategy RollingUpdate
livenessProbe Liveness Probe settings { "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }
readinessProbe Rediness Probe settings { "httpGet": { "path": "/api/health", "port": 3000 } }
securityContext Deployment securityContext {"runAsUser": 472, "fsGroup": 472}
priorityClassName Name of Priority Class to assign pods nil
image.repository Image repository grafana/grafana
image.tag Image tag. (Must be >= 5.0.0) 5.4.3
image.pullPolicy Image pull policy IfNotPresent
service.type Kubernetes service type ClusterIP
service.port Kubernetes port where service is exposed 80
service.annotations Service annotations {}
service.labels Custom labels {}
ingress.enabled Enables Ingress false
ingress.annotations Ingress annotations {}
ingress.labels Custom labels {}
ingress.hosts Ingress accepted hostnames []
ingress.tls Ingress TLS configuration []
resources CPU/Memory resource requests/limits {}
nodeSelector Node labels for pod assignment {}
tolerations Toleration labels for pod assignment []
affinity Affinity settings for pod assignment {}
persistence.enabled Use persistent volume to store data false
persistence.size Size of persistent volume claim 10Gi
persistence.existingClaim Use an existing PVC to persist data nil
persistence.storageClassName Type of persistent volume claim nil
persistence.accessModes Persistence access modes [ReadWriteOnce]
persistence.subPath Mount a sub dir of the persistent volume nil
schedulerName Alternate scheduler name nil
env Extra environment variables passed to pods {}
envFromSecret Name of a Kubenretes secret (must be manually created in the same namespace) containing values to be added to the environment ""
extraSecretMounts Additional grafana server secret mounts []
extraVolumeMounts Additional grafana server volume mounts []
extraConfigmapMounts Additional grafana server configMap volume mounts []
plugins Plugins to be loaded along with Grafana []
datasources Configure grafana datasources (passed through tpl) {}
dashboardProviders Configure grafana dashboard providers {}
dashboards Dashboards to import {}
dashboardsConfigMaps ConfigMaps reference that contains dashboards {}
grafana.ini Grafana's primary configuration {}
ldap.existingSecret The name of an existing secret containing the ldap.toml file, this must have the key ldap-toml. ""
ldap.config Grafana's LDAP configuration ""
annotations Deployment annotations {}
podAnnotations Pod annotations {}
sidecar.dashboards.enabled Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana false
sidecar.dashboards.label Label that config maps with dashboards should have to be added false
sidecar.dashboards.searchNamespace If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces nil
sidecar.datasources.enabled Enabled the cluster wide search for datasources and adds/updates/deletes them in grafana false
sidecar.datasources.label Label that config maps with datasources should have to be added false
sidecar.datasources.searchNamespace If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces nil
smtp.existingSecret The name of an existing secret containing the SMTP credentials. ""
smtp.userKey The key in the existing SMTP secret containing the username. "user"
smtp.passwordKey The key in the existing SMTP secret containing the password. "password"
admin.existingSecret The name of an existing secret containing the admin credentials. ""
admin.userKey The key in the existing admin secret containing the username. "admin-user"
admin.passwordKey The key in the existing admin secret containing the password. "admin-password"
rbac.create Create and use RBAC resources true
rbac.pspEnabled Create PodSecurityPolicy (with rbac.create, grant roles permissions as well) true
rbac.pspUseAppArmor Enforce AppArmor in created PodSecurityPolicy (requires rbac.pspEnabled) true

BASE64 dashboards

Dashboards could be storaged in a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.

Gerrit use case:

Gerrit API for download files has the following schema: https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content where {project-name} and {file-id} usualy has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard the url value is https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content

Sidecar for dashboards

If the parameter sidecar.dashboards.enabled is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in sidecar.dashboards.label. The files defined in those configmaps are written to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported dashboards are deleted/updated. A recommendation is to use one configmap per dashboard, as an reduction of multiple dashboards inside one configmap is currently not properly mirrored in grafana. Example dashboard config:

apiVersion: v1
kind: ConfigMap
metadata:
  name: sample-grafana-dashboard
  labels:
     grafana_dashboard: 1
data:
  k8s-dashboard.json: |-
  [...]

Sidecar for datasources

If the parameter sidecar.datasources.enabled is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in sidecar.datasources.label. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be modified.

Example datasource config adapted from Grafana:

apiVersion: v1
kind: ConfigMap
metadata:
  name: sample-grafana-datasource
  labels:
     grafana_datasource: 1
data:
  datasource.yaml: |-
    # config file version
    apiVersion: 1

    # list of datasources that should be deleted from the database
    deleteDatasources:
      - name: Graphite
        orgId: 1

    # list of datasources to insert/update depending
    # whats available in the database
    datasources:
      # <string, required> name of the datasource. Required
    - name: Graphite
      # <string, required> datasource type. Required
      type: graphite
      # <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
      access: proxy
      # <int> org id. will default to orgId 1 if not specified
      orgId: 1
      # <string> url
      url: http://localhost:8080
      # <string> database password, if used
      password:
      # <string> database user, if used
      user:
      # <string> database name, if used
      database:
      # <bool> enable/disable basic auth
      basicAuth:
      # <string> basic auth username
      basicAuthUser:
      # <string> basic auth password
      basicAuthPassword:
      # <bool> enable/disable with credentials headers
      withCredentials:
      # <bool> mark as default datasource. Max one per org
      isDefault:
      # <map> fields that will be converted to json and stored in json_data
      jsonData:
         graphiteVersion: "1.1"
         tlsAuth: true
         tlsAuthWithCACert: true
      # <string> json object of data that will be encrypted.
      secureJsonData:
        tlsCACert: "..."
        tlsClientCert: "..."
        tlsClientKey: "..."
      version: 1
      # <bool> allow users to edit datasources from the UI.
      editable: false