Merge pull request #266 from brancz/grafana-credentials

grafana-watcher: allow credentials from env variable
2017-04-06 16:47:28 +02:00
parent a2ca552f97 066b04322d
commit 2d5e5d7a7c
4 changed files with 56 additions and 4 deletions
--- a/hack/scripts/generate-grafana-credentials-secret.sh
+++ b/hack/scripts/generate-grafana-credentials-secret.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ "$#" -ne 2 ]; then
+    echo "Usage: $0 user password"
+    exit 1
+fi
+
+user=$1
+password=$2
+
+cat <<-EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-credentials
+data:
+  user: $(echo -n ${user} | base64 --wrap=0)
+  password: $(echo -n ${password} | base64 --wrap=0)
+EOF
+
--- a/hack/scripts/generate-manifests.sh
+++ b/hack/scripts/generate-manifests.sh
@@ -6,6 +6,9 @@ hack/scripts/generate-rules-configmap.sh > manifests/prometheus/prometheus-k8s-r
 # Generate Dashboard ConfigMap
 hack/scripts/generate-dashboards-configmap.sh > manifests/grafana/grafana-dashboards.yaml

+# Generate Grafana Credentials Secret
+hack/scripts/generate-grafana-credentials-secret.sh admin admin > manifests/grafana/grafana-credentials.yaml
+
 # Generate Secret for Alertmanager config
 hack/scripts/generate-alertmanager-config-secret.sh > manifests/alertmanager/alertmanager-config.yaml

--- a/manifests/grafana/grafana-credentials.yaml
+++ b/manifests/grafana/grafana-credentials.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-credentials
+data:
+  user: YWRtaW4=
+  password: YWRtaW4=
--- a/manifests/grafana/grafana-deployment.yaml
+++ b/manifests/grafana/grafana-deployment.yaml
@@ -17,6 +17,16 @@ spec:
          value: "true"
        - name: GF_AUTH_ANONYMOUS_ENABLED
          value: "true"
+        - name: GF_SECURITY_ADMIN_USER
+          valueFrom:
+            secretKeyRef:
+              name: grafana-credentials
+              key: user
+        - name: GF_SECURITY_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: grafana-credentials
+              key: password
        volumeMounts:
        - name: grafana-storage
          mountPath: /var/grafana-storage
@@ -28,13 +38,25 @@ spec:
            memory: 100Mi
            cpu: 100m
          limits:
-            memory: 300Mi
-            cpu: 300m
+            memory: 200Mi
+            cpu: 200m
      - name: grafana-watcher
-        image: quay.io/coreos/grafana-watcher:v0.0.2
+        image: quay.io/coreos/grafana-watcher:v0.0.3
+        imagePullPolicy: Never
        args:
          - '--watch-dir=/var/grafana-dashboards'
-          - '--grafana-url=http://admin:admin@localhost:3000'
+          - '--grafana-url=http://localhost:3000'
+        env:
+        - name: GRAFANA_USER
+          valueFrom:
+            secretKeyRef:
+              name: grafana-credentials
+              key: user
+        - name: GRAFANA_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: grafana-credentials
+              key: password
        volumeMounts:
        - name: grafana-dashboards
          mountPath: /var/grafana-dashboards