Add authentication via Openshift to Grafana #37
Comments
|
I have a prototype example here that uses dex to add auth to grafana. We can assign grafana roles based on openshift groups using this method. Downside is we have to deploy a separate instance of dex to do this. |
|
Doesn't really seem like there are any downsides to me. This way our monitoring graphs and stuff can be open for anyone to look at, but only we have edit rights on stuff. An additional dex server isn't that bad |
|
TBH, we'll need DEX for Argo as well and maybe for other components. Think, instead of deploying DEX along with every component, we should rather leverage the ArgoCD's DEX or have one common DEX deployment with multiple static clients. WDYT? |
|
I have been thinking the exact same thing @tumido -- we should try to use one instance. ArgoCD has some integrations with dex so let's wait on moving that one to use the external one. But we should start by having grafana/argo and others using this central one then moving argocd there as well. I haven't played around with having dex in a separate namespace yet, but it should be straight forward. |
|
I'm guessing we can use dex with superset too. |
|
I can take care of it. 👍 I'll file an issue for myself. I have a POC ready for Argo, you have one for Grafana, so I combine it together... WDYT? 🙂 |
|
Yeah, we can hook Superset to it and I'm sure Hue as well. It's more user friendly than Openshift itself. 😄 |
|
Yeah go for it, if you have any questions about the grafana stuff feel free to ask. |
|
Can we add it under operate-first/apps under a separate folder |
HumairAK
changed the title
|
more authorization related, but is relevant I think: if we can, we should also see about limiting access to editing datasources. Discussion here |
|
PR by @4n4nd to add |
The default access should be read only for users.
The text was updated successfully, but these errors were encountered: