Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Grafana/Prometheus Chart #24

Merged
merged 5 commits into from
Mar 11, 2024
Merged

Update Grafana/Prometheus Chart #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4d59b8e
Update Grafana/Prometheus Chart
trispera Mar 7, 2024
734e892
Update random_pw_secret-key value
trispera Mar 11, 2024
25bc208
update README
trispera Mar 11, 2024
f61360a
update README
trispera Mar 11, 2024
c6d2f34
update README
trispera Mar 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/prometheus-grafana/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@ apiVersion: v2
name: prometheus-grafana-helm
description: Prometheus and Grafana Helm Chart for Rahti platform
Link to the repo https://github.com/CSCfi/helm-charts
version: 1.0.0
version: 1.1.0
sources:
- https://github.com/CSCfi/helm-charts
31 changes: 16 additions & 15 deletions charts/prometheus-grafana/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,36 +11,37 @@ If you want to use it with different values, you can edit `values.yaml` file and
helm upgrade --install graf-prom . -f {custom_values.yaml}
```

The password to access Grafana WebUI is generated randomly and won't change if you upgrade your chart.

## Parameters

### HedgeDoc parameters

| Name | Description | Value |
| ---------------------------------------------------- | ------------------------------------------------------- | --------------------------------- |
| `prometheus.appName` | Name of your app. | `prometheus` |
| `prometheus.image` | Name of the `prometheus` image | `prom/prometheus:v2.45.2` |
| `prometheus.image` | Name of the `prometheus` image | `prom/prometheus:v2.50.1` |
| `prometheus.retentionTime` | Define how long data is kept in time-series database | `15d` |
| `prometheus.limits.memory` | Define the maximum of amount of memory | `4Gi` |
| `prometheus.requests.memory` | Define the minimum guaranteed amount of memory | `4Gi` |
| `prometheus.secret.user` | Name of the user to connect to prometheus webUI | `admin` |
| `prometheus.pvc.storageSize` | Define the size of the Persistent Volume Claim | `5Gi` |
| `prometheus.service.type` | Define the service type | `ClusterIP` |
| `prometheus.route.tls.termination` | Create an OpenShift route | `edge` |
| `prometheus.route.tls.insecureEdgeTerminationPolicy` | Create an OpenShift route | `Redirect` |

### Grafana parameters

| Name | Description | Value |
| ---------------------------------------------------- | ------------------------------------------------------- | --------------------------------- |
| `grafana.appName` | Name of your app. | `grafana` |
| `grafana.image` | Name of the `prometheus` image | `grafana/grafana:9.5.15` |
| `grafana.limits.memory` | Define the maximum of amount of memory | `1Gi` |
| `grafana.requests.memory` | Define the minimum guaranteed amount of memory | `1Gi` |
| `grafana.secret.adminUsername` | Name of the user to connect to prometheus webUI | `admin` |
| `grafana.pvc.storageSize` | Define the size of the Persistent Volume Claim | `5Gi` |
| `grafana.service.type` | Define the service type | `ClusterIP` |
| `grafana.route.tls.termination` | Create an OpenShift route | `edge` |
| `grafana.route.tls.insecureEdgeTerminationPolicy` | Create an OpenShift route | `Redirect` |
| Name | Description | Value |
| ---------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------ |
| `grafana.appName` | Name of your app. | `grafana` |
| `grafana.image` | Name of the `prometheus` image | `grafana/grafana:10.2.4` |
| `grafana.limits.memory` | Define the maximum of amount of memory | `1Gi` |
| `grafana.requests.memory` | Define the minimum guaranteed amount of memory | `1Gi` |
| `grafana.random_pw_secret_key` | Key to store the password | `admin-password` |
| `grafana.secret.admin-username` | Name of the user to connect to prometheus webUI | `admin` |
| `grafana.secret.admin-password` | Function that retrieve the generated password | `'{{- include "random_pw_reusable" . - }}` |
| `grafana.service.type` | Define the service type | `ClusterIP` |
| `grafana.route.tls.termination` | Create an OpenShift route | `edge` |
| `grafana.route.tls.insecureEdgeTerminationPolicy` | Create an OpenShift route | `Redirect` |
| `grafana.pvc.storageSize` | Define the size of the Persistent Volume Claim | `5Gi` |

## Cleanup
To delete all the resources, simply uninstall the Helm Chart:
Expand Down
27 changes: 11 additions & 16 deletions charts/prometheus-grafana/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,7 @@
=======================================
CSC Prometheus-Grafana Helm deployed
=======================================
PROMETHEUS:
Get the Prometheus application URL by running these commands:

export PROMETHEUS=$(oc get route --namespace={{ .Release.Namespace }} -o yaml | yq '.items[] | select(.metadata.name == "{{ .Values.prometheus.appName }}-route") .spec.host' -r)
echo "PROMETHEUS server URL: http://$PROMETHEUS"

The password for the access is generated randomly.
To retrieve the information, run these commands:

echo Username: $(oc get secret --namespace={{ .Release.Namespace }} {{ .Values.prometheus.appName }}-nginx-secret -o jsonpath="{.data.user}" | base64 -d)
echo Password: $(oc get secret --namespace={{ .Release.Namespace }} {{ .Values.prometheus.appName }}-nginx-secret -o jsonpath="{.data.pass}" | base64 -d)

-----------------

GRAFANA:
Get the Grafana application URL by running these commands:

export GRAFANA=$(oc get route --namespace={{ .Release.Namespace }} -o yaml | yq '.items[] | select(.metadata.name == "{{ .Values.grafana.appName }}-route") .spec.host' -r)
Expand All @@ -24,5 +10,14 @@ Get the Grafana application URL by running these commands:
The password for the access is generated randomly.
To retrieve the information, run these commands:

echo Username: $(oc get secret --namespace={{ .Release.Namespace }} {{ .Values.grafana.appName }}-secret -o jsonpath="{.data.admin-username}" | base64 -d)
echo Password: $(oc get secret --namespace={{ .Release.Namespace }} {{ .Values.grafana.appName }}-secret -o jsonpath="{.data.admin-password}" | base64 -d)
echo Username: $(oc get secret --namespace={{ .Release.Namespace }} {{ .Values.grafana.appName }} -o jsonpath="{.data.admin-username}" | base64 -d)
echo Password: $(oc get secret --namespace={{ .Release.Namespace }} {{ .Values.grafana.appName }} -o jsonpath="{.data.admin-password}" | base64 -d)

The Route to Prometheus is not deployed by default. If you want to access Prometheus, you can type this command:

oc create route edge prometheus-route --service={{ .Values.prometheus.appName }}-service --insecure-policy='Redirect' --port=9090

And then, you can retrieve the Prometheus URL by running these commands:

export PROMETHEUS=$(oc get route --namespace={{ .Release.Namespace }} -o yaml | yq '.items[] | select(.metadata.name == "{{ .Values.prometheus.appName }}-route") .spec.host' -r)
echo "PROMETHEUS server URL: http://$PROMETHEUS"
69 changes: 30 additions & 39 deletions charts/prometheus-grafana/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,45 +51,36 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
Define a function that generate static password
*/}}
{{- define "prometheus-grafana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "prometheus-grafana.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "generate_static_password" -}}
{{- /* Create "tmp_vars" dict inside ".Release" to store various stuff. */ -}}
{{- if not (index .Release "tmp_vars") -}}
{{- $_ := set .Release "tmp_vars" dict -}}
{{- end -}}
{{- /* Some random ID of this password, in case there will be other random values alongside this instance. */ -}}
{{- $key := printf "%s_%s" .Release.Name "password" -}}
{{- /* If $key does not yet exist in .Release.tmp_vars, then... */ -}}
{{- if not (index .Release.tmp_vars $key) -}}
{{- /* ... store random password under the $key */ -}}
{{- $_ := set .Release.tmp_vars $key (randAlphaNum 20) -}}
{{- end -}}
{{- /* Retrieve previously generated value. */ -}}
{{- index .Release.tmp_vars $key -}}
{{- end -}}

{{/*
Generate prometheus secret password
*/}}
{{- define "prometheus.secretPassword" -}}
pass: {{ randAlphaNum 16 | quote }}
{{- end }}

{{/*
Generate grafana secret password
{{/*
Define a function that lookup the secret on upgrade. If install, it requires the name of secret to create and the key to store the password.
*/}}
{{- define "grafana.secretPassword" -}}
admin-password: {{ randAlphaNum 16 | quote }}
{{- end }}

# {{/*
# Generate prometheus static password for multiple use
# */}}
# {{- define "prometheus.staticPassword" -}}
# {{- /* Create "tmp_vars" dict inside ".Release" to store various stuff. */ -}}
# {{- if not (index .Release "tmp_vars") -}}
# {{- $_ := set .Release "tmp_vars" dict -}}
# {{- end -}}
# {{- /* Some random ID of this password, in case there will be other random values alongside this instance. */ -}}
# {{- $key := printf "%s_%s" .Release.Name "password" -}}
# {{- /* If $key does not yet exist in .Release.tmp_vars, then... */ -}}
# {{- if not (index .Release.tmp_vars $key) -}}
# {{- /* ... store random password under the $key */ -}}
# {{- $_ := set .Release.tmp_vars $key (randAlphaNum 16 | quote ) -}}
# {{- end -}}
# {{- /* Retrieve previously generated value. */ -}}
# {{- index .Release.tmp_vars $key -}}
# {{- end -}}
{{- define "random_pw_reusable" -}}
{{- if .Release.IsUpgrade -}}
{{- $data := default dict (lookup "v1" "Secret" .Release.Namespace .Values.grafana.appName).data -}}
{{- if $data -}}
{{- index $data .Values.grafana.random_pw_secret_key | b64dec -}}
{{- end -}}
{{- else -}}
{{- if and (required "You must pass .Values.grafana.appName (the name of a secret to retrieve password from on upgrade)" .Values.grafana.appName) (required "You must pass .Values.grafana.random_pw_secret_key (the name of the key in the secret to retrieve password from on upgrade)" .Values.grafana.random_pw_secret_key) -}}
{{- (include "generate_static_password" .) -}}
{{- end -}}
{{- end -}}
{{- end -}}
8 changes: 2 additions & 6 deletions charts/prometheus-grafana/templates/grafana/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ data:
[paths]
data = /var/lib/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
provisioning = /usr/share/grafana/conf/provisioning

[log]
mode = console
Expand All @@ -23,11 +23,7 @@ data:
type: prometheus
access: proxy
org_id: 1
url: http://prometheus-service:9091
url: http://prometheus-service:9090
is_default: true
version: 1
editable: true
basicAuth: true
basicAuthUser: ${BASIC_AUTH_USER}
secureJsonData:
basicAuthPassword: ${BASIC_AUTH_PASS}
14 changes: 2 additions & 12 deletions charts/prometheus-grafana/templates/grafana/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,22 +26,12 @@ spec:
valueFrom:
secretKeyRef:
key: admin-username
name: grafana-secret
name: {{ .Values.grafana.appName }}
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: grafana-secret
- name: BASIC_AUTH_USER
valueFrom:
secretKeyRef:
key: user
name: prometheus-nginx-secret
- name: BASIC_AUTH_PASS
valueFrom:
secretKeyRef:
key: pass
name: prometheus-nginx-secret
name: {{ .Values.grafana.appName }}
args:
- '--homepath=/usr/share/grafana'
- '--config=/etc/grafana/grafana.ini'
Expand Down
11 changes: 7 additions & 4 deletions charts/prometheus-grafana/templates/grafana/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.grafana.appName }}-secret
name: {{ .Values.grafana.appName }}
type: Opaque
stringData:
admin-username: {{ .Values.grafana.secret.adminUsername }}
{{- include "grafana.secretPassword" . | nindent 2 }}
{{- if .Values.grafana.secret}}
data:
{{- range $key, $val := .Values.grafana.secret }}
"{{ $key }}": "{{ tpl $val $ | b64enc }}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why use b64enc and data, and not stringdata?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anyways LGTM and will merge.

{{- end }}
{{- end }}
17 changes: 0 additions & 17 deletions charts/prometheus-grafana/templates/prometheus/configmap-nginx.yaml
View file
Open in desktop

This file was deleted.

46 changes: 1 addition & 45 deletions charts/prometheus-grafana/templates/prometheus/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,26 +17,6 @@ spec:
spec:
serviceAccount: {{ .Values.prometheus.appName }}-sa
serviceAccountName: {{ .Values.prometheus.appName }}-sa
initContainers:
- image: docker-registry.rahti.csc.fi/da-images/alpine-htpasswd:latest
env:
- name: USER
valueFrom:
secretKeyRef:
key: user
name: {{ .Values.prometheus.appName }}-nginx-secret
- name: PASS
valueFrom:
secretKeyRef:
key: pass
name: {{ .Values.prometheus.appName }}-nginx-secret
command: ["/bin/sh","-c","htpasswd -bc /tmp/secret-file/passwd $USER $PASS"]
name: htpasswd-generator
volumeMounts:
- name: {{ .Values.prometheus.appName }}-htpasswd-tmp
mountPath: "/tmp/secret-file"
- name: {{ .Values.prometheus.appName }}-nginx-secret
mountPath: "/tmp/secret-env"
containers:
- name: {{ .Values.prometheus.appName }}
args:
Expand All @@ -59,23 +39,6 @@ spec:
name: {{ .Values.prometheus.appName }}-config
- mountPath: /data
name: {{ .Values.prometheus.appName }}-data
- name: nginx
image: cscfi/nginx-okd
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 300m
memory: 512Mi
ports:
- containerPort: 9091
volumeMounts:
- name: {{ .Values.prometheus.appName }}-nginx-config
mountPath: /etc/nginx
- name: {{ .Values.prometheus.appName }}-htpasswd-tmp
mountPath: /etc/nginx/secrets
restartPolicy: Always
volumes:
- name: {{ .Values.prometheus.appName }}-config
Expand All @@ -85,11 +48,4 @@ spec:
- name: {{ .Values.prometheus.appName }}-data
persistentVolumeClaim:
claimName: {{ .Values.prometheus.appName }}-data
- name: {{ .Values.prometheus.appName }}-nginx-secret
secret:
secretName: {{ .Values.prometheus.appName }}-nginx-secret
- name: {{ .Values.prometheus.appName }}-htpasswd-tmp
emptyDir: {}
- name: {{ .Values.prometheus.appName }}-nginx-config
configMap:
name: {{ .Values.prometheus.appName }}-nginx-config

13 changes: 0 additions & 13 deletions charts/prometheus-grafana/templates/prometheus/route.yaml
View file
Open in desktop

This file was deleted.

8 changes: 0 additions & 8 deletions charts/prometheus-grafana/templates/prometheus/secret.yaml
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions charts/prometheus-grafana/templates/prometheus/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ metadata:
name: {{ .Values.prometheus.appName }}-service
spec:
ports:
- port: 9091
targetPort: 9091
- port: 9090
targetPort: 9090
selector:
app: {{ .Values.prometheus.appName }}
type: {{ .Values.prometheus.service.type }}
Loading