Introduction
In our previous post How to configure Grafana on docker, we saw how we can run grafana docker container with SSL and oauth okta.
In this post, we will see how we can run this docker image on kubernetes cluster.
Note: I’m not going to detail out Kubernetes. I will just focus on Dockerfile and the environment variables for that.
Some Pre-requisites
I’m assumming you have configured Ingress rule, and exposed Kubernetes service for this grafana dashboard. And, the ingress rule should have the mapping from your cluster IP to app name: trainings
We are going to configure name of our app to trainings
kubernetes yaml file for service
Configuring service
apiVersion: v1
kind: Service
metadata:
name: trainings
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
selector:
app: trainingskubernetes file for ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: trainings
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: "<your host name>"
http:
paths:
- backend:
serviceName: trainings
servicePort: 80
tls:
- hosts:
- <your hostname>
secretName: trainings-secretNote: you also have to configure SSL certificate to your cluster.
Actual Dockerfile
FROM grafana/grafana:6.3.6
ENV GF_SERVER_HTTP_PORT=443
ENV GF_AUTH_ANONYMOUS_ENABLED=false
ENV GF_AUTH_GENERIC_OAUTH_NAME=Okta
ENV GF_AUTH_GENERIC_OAUTH_ENABLED=true
ENV GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
ENV GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://<XYZ>.okta.com/oauth2/v1/authorize
ENV GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://<XYZ>.okta.com/oauth2/v1/token
ENV GF_AUTH_GENERIC_OAUTH_API_URL=https://<XYZ>.okta.com/oauth2/v1/userinfo
ENV GF_USERS_ALLOW_SIGN_UP=false
ENV GF_AUTH_DISABLE_LOGIN_FORM=true
ENV GF_AUTH_OAUTH_AUTO_LOGIN=true
ENV GF_SECURITY_ADMIN_USER=<your email>
ENV GF_SECURITY_COOKIE_SAMESITE=lax
ENV GF_SECURITY_COOKIE_SECURE=true
USER root
RUN mkdir -p /var/lib/grafana/dashboards
ADD grafana_dashboards/belts-dashboard.json /var/lib/grafana/dashboards/belts-dashboard.json
ADD grafana_dashboards/dashboards.yaml /etc/grafana/provisioning/dashboards/dashboards.yaml
ADD grafana_dashboards/elastic_datasource.yaml /etc/grafana/provisioning/datasources/elastic_datasource.yaml
EXPOSE 8080
Kubernetes configuration yaml
Lets take a look at the Kubernetes configmap yaml file:
apiVersion: v1
kind: ConfigMap
metadata:
name: trainings
data:
GF_SERVER_PROTOCOL: "http"
GF_SERVER_ROOT_URL: "https://<your host name>"
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "<client id>"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "<secret>"
GF_SERVER_HTTP_PORT: "8080"Kubernetes deployment file
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: trainings
spec:
replicas: 1
template:
metadata:
labels:
app: trainings
spec:
containers:
- name: trainings
image: <your artificatory path to grafana image>:<version>
resources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 1
memory: 1024Mi
envFrom:
- configMapRef:
name: trainings
imagePullSecrets:
- name: <your secret name>Applying configurations
Apply config file
kubectl apply -f config/config.ymlApply deployment file
kubectl apply -f deployments/deployment.ymlHit your hostname, and it should redirect you to okta and then to your grafana dashboard.
