easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #266 from brancz/grafana-credentials

Browse Source 
grafana-watcher: allow credentials from env variable
This commit is contained in:
Fabian Reinartz
2017-04-06 16:47:28 +02:00
committed by GitHub
parent a2ca552f97 066b04322d
commit 2d5e5d7a7c
4 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
hack/scripts/generate-grafana-credentials-secret.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
if [ "$#" -ne 2 ]; then
echo "Usage: $0 user password"
exit 1
fi
user=$1
password=$2
cat <<-EOF
apiVersion: v1
kind: Secret
metadata:
name: grafana-credentials
data:
user: $(echo -n ${user} | base64 --wrap=0)
password: $(echo -n ${password} | base64 --wrap=0)
EOF

3
hack/scripts/generate-manifests.sh
View File

@@ -6,6 +6,9 @@ hack/scripts/generate-rules-configmap.sh > manifests/prometheus/prometheus-k8s-r
# Generate Dashboard ConfigMap # Generate Dashboard ConfigMap
hack/scripts/generate-dashboards-configmap.sh > manifests/grafana/grafana-dashboards.yaml hack/scripts/generate-dashboards-configmap.sh > manifests/grafana/grafana-dashboards.yaml
# Generate Grafana Credentials Secret
hack/scripts/generate-grafana-credentials-secret.sh admin admin > manifests/grafana/grafana-credentials.yaml
# Generate Secret for Alertmanager config # Generate Secret for Alertmanager config
hack/scripts/generate-alertmanager-config-secret.sh > manifests/alertmanager/alertmanager-config.yaml hack/scripts/generate-alertmanager-config-secret.sh > manifests/alertmanager/alertmanager-config.yaml

7
manifests/grafana/grafana-credentials.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: grafana-credentials
data:
user: YWRtaW4=
password: YWRtaW4=

30
manifests/grafana/grafana-deployment.yaml
View File

@@ -17,6 +17,16 @@ spec:
value: "true" value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED - name: GF_AUTH_ANONYMOUS_ENABLED
value: "true" value: "true"
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: grafana-credentials
key: user
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-credentials
key: password
volumeMounts: volumeMounts:
- name: grafana-storage - name: grafana-storage
mountPath: /var/grafana-storage mountPath: /var/grafana-storage
@@ -28,13 +38,25 @@ spec:
memory: 100Mi memory: 100Mi
cpu: 100m cpu: 100m
limits: limits:
memory: 300Mi memory: 200Mi
cpu: 300m cpu: 200m
- name: grafana-watcher - name: grafana-watcher
image: quay.io/coreos/grafana-watcher:v0.0.2 image: quay.io/coreos/grafana-watcher:v0.0.3
imagePullPolicy: Never
args: args:
- '--watch-dir=/var/grafana-dashboards' - '--watch-dir=/var/grafana-dashboards'
- '--grafana-url=http://admin:admin@localhost:3000' - '--grafana-url=http://localhost:3000'
env:
- name: GRAFANA_USER
valueFrom:
secretKeyRef:
name: grafana-credentials
key: user
- name: GRAFANA_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-credentials
key: password
volumeMounts: volumeMounts:
- name: grafana-dashboards - name: grafana-dashboards
mountPath: /var/grafana-dashboards mountPath: /var/grafana-dashboards