Introduction

In our previous post How to configure Grafana on docker, we saw how we can run Grafana docker container with SSL and OAuth okta.

In this post, we will see how we can run this docker image on the Kubernetes cluster.

Note: I’m not going to detail out Kubernetes. I will just focus on Dockerfile and the environment variables for that.

Some Pre-requisites

I’m assuming you have configured Ingress rule and exposed the Kubernetes service for this Grafana dashboard. And, the ingress rule should have the mapping from your cluster IP to app name: trainings

We are going to configure the name of our app to trainings

Kubernetes yaml file for service

Configuring service

apiVersion: v1

kind: Service

metadata:

name: trainings

spec:

type: ClusterIP

ports:

- port: 80

targetPort: 8080

selector:

app: trainings

Kubernetes file for ingress

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

name: trainings

annotations:

kubernetes.io/ingress.class: traefik

spec:

rules:

- host: "<your host name>"

http:

paths:

- backend:

serviceName: trainings

servicePort: 80

tls:

- hosts:

- <your hostname>

secretName: trainings-secret

Note: you also have to configure an SSL certificate to your cluster.

Actual Dockerfile

FROM grafana/grafana:6.3.6 ENV GF_SERVER_HTTP_PORT=443 ENV GF_AUTH_ANONYMOUS_ENABLED=false

ENV GF_AUTH_GENERIC_OAUTH_NAME=Okta

ENV GF_AUTH_GENERIC_OAUTH_ENABLED=true

ENV GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"

ENV GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://<XYZ>.okta.com/oauth2/v1/authorize

ENV GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://<XYZ>.okta.com/oauth2/v1/token

ENV GF_AUTH_GENERIC_OAUTH_API_URL=https://<XYZ>.okta.com/oauth2/v1/userinfo

ENV GF_USERS_ALLOW_SIGN_UP=false

ENV GF_AUTH_DISABLE_LOGIN_FORM=true

ENV GF_AUTH_OAUTH_AUTO_LOGIN=true

ENV GF_SECURITY_ADMIN_USER=<your email>

ENV GF_SECURITY_COOKIE_SAMESITE=lax

ENV GF_SECURITY_COOKIE_SECURE=true USER root RUN mkdir -p /var/lib/grafana/dashboards

ADD grafana_dashboards/belts-dashboard.json /var/lib/grafana/dashboards/belts-dashboard.json

ADD grafana_dashboards/dashboards.yaml /etc/grafana/provisioning/dashboards/dashboards.yaml

ADD grafana_dashboards/elastic_datasource.yaml /etc/grafana/provisioning/datasources/elastic_datasource.yaml EXPOSE 8080

Kubernetes configuration yaml

Let's take a look at the Kubernetes configmap yaml file:

apiVersion: v1

kind: ConfigMap

metadata:

name: trainings

data:

GF_SERVER_PROTOCOL: "http"

GF_SERVER_ROOT_URL: "https://<your host name>"

GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "<client id>"

GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "<secret>"

GF_SERVER_HTTP_PORT: "8080"

Kubernetes deployment file

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: trainings

spec:

replicas: 1

template:

metadata:

labels:

app: trainings

spec:

containers:

- name: trainings

image: <your artificatory path to grafana image>:<version>

resources:

limits:

cpu: 1

memory: 1024Mi

requests:

cpu: 1

memory: 1024Mi

envFrom:

- configMapRef:

name: trainings

imagePullSecrets:

- name: <your secret name>

Applying configurations

Apply config file

kubectl apply -f config/config.yml

Apply deployment file

kubectl apply -f deployments/deployment.yml

Hit your hostname, and it should redirect you to okta and then to your Grafana dashboard.