From d41eee950cecbf756fbb691bc7ab7b90e11f9198 Mon Sep 17 00:00:00 2001 From: Frank Dai Date: Mon, 6 Apr 2020 23:21:18 -0700 Subject: [PATCH 1/2] Move grafana secrets into environment variables --- kubernetes/grafana.yml.erb | 65 ++++++++++---------------------------- 1 file changed, 17 insertions(+), 48 deletions(-) diff --git a/kubernetes/grafana.yml.erb b/kubernetes/grafana.yml.erb index d2815a3..1ccd2d7 100644 --- a/kubernetes/grafana.yml.erb +++ b/kubernetes/grafana.yml.erb @@ -34,51 +34,9 @@ spec: cpu: 175m ports: - containerPort: 3000 - volumeMounts: - - mountPath: /etc/secrets - name: secrets - env: - - name: GF_SERVER_ROOT_URL - value: https://grafana.ocf.berkeley.edu/ - - name: GF_DATABASE_TYPE - value: mysql - - name: GF_DATABASE_HOST - value: mysql - - name: GF_DATABASE_NAME - value: ocfgrafana - - name: GF_DATABASE_USER - value: ocfgrafana - - name: GF_SESSION_PROVIDER - value: mysql - - name: GF_SESSION_COOKIE_SECURE - value: "true" - - - name: GF_DATABASE_PASSWORD__FILE - value: /etc/secrets/mysql-pass - - name: GF_SECURITY_ADMIN_PASSWORD__FILE - value: /etc/secrets/admin-pass - - name: GF_SESSION_PROVIDER_CONFIG__FILE - value: /etc/secrets/provider-config - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET__FILE - value: /etc/secrets/keycloak-secret - - - name: PROMETHEUS_AUTH_USER - valueFrom: - secretKeyRef: - name: prometheus-auth - key: username - - name: PROMETHEUS_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: prometheus-auth - key: password - - volumes: - - name: secrets - hostPath: - path: /opt/share/kubernetes/secrets/grafana - type: Directory - + envFrom: + - secretRef: + name: grafana-secret dnsPolicy: ClusterFirst dnsConfig: searches: @@ -100,8 +58,19 @@ spec: apiVersion: v1 kind: Secret metadata: - name: prometheus-auth + name: grafana-secret type: Opaque stringData: - username: ocfgrafana - password: "<%= prometheus_pass %>" + GF_SERVER_ROOT_URL: "https://grafana.ocf.berkeley.edu" + GF_DATABASE_TYPE: mysql + GF_DATABASE_HOST: mysql + GF_DATABASE_NAME: ocfgrafana + GF_DATABASE_USER: ocfgrafana + GF_SESSION_PROVIDER: mysql + GF_SESSION_COOKIE_SECURE: "true" + GF_DATABASE_PASSWORD: "<%= mysql_pass %>" + GF_SECURITY_ADMIN_PASSWORD: "<%= admin_pass %>" + GF_SESSION_PROVIDER_CONFIG: "<%= provider_config %>" + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "<%= keycloak_secret %>" + PROMETHEUS_AUTH_USER: ocfgrafana + PROMETHEUS_AUTH_PASSWORD: "<%= prometheus_pass %>" From fe7d4c9ac0432ae3f40094d99f8a84ca7caad626 Mon Sep 17 00:00:00 2001 From: Frank Dai Date: Mon, 6 Apr 2020 23:22:03 -0700 Subject: [PATCH 2/2] Add mysql datasources --- provisioning/datasources/mysql.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 provisioning/datasources/mysql.yaml diff --git a/provisioning/datasources/mysql.yaml b/provisioning/datasources/mysql.yaml new file mode 100644 index 0000000..c0cf12b --- /dev/null +++ b/provisioning/datasources/mysql.yaml @@ -0,0 +1,16 @@ +apiVersion: 1 + +datasources: + - name: MySQL Printing + type: mysql + url: mysql + database: ocfprinting + user: $GF_DATABASE_USER + password: $GF_DATABASE_PASSWORD + + - name: MySQL Stats + type: mysql + url: mysql + database: ocfstats + user: $GF_DATABASE_USER + password: $GF_DATABASE_PASSWORD