[grafana] encode azure monitor in grafana yaml (#14106)

I've already deployed to the cluster to test. Unless master deploys, you
can see it here:
https://grafana.azure.hail.is/datasources/edit/kgzY5Io7k

I also fixed the grafana Makefile.

Author: danking

config.mk

@@ -10,6 +10,7 @@ endif
 
 DOMAIN = $(eval DOMAIN := $$(shell kubectl -n $(NAMESPACE) get secret global-config --template={{.data.domain}} | base64 --decode))$(DOMAIN)
 CLOUD = $(eval CLOUD := $$(shell kubectl -n $(NAMESPACE) get secret global-config --template={{.data.cloud}} | base64 --decode))$(CLOUD)
+AZURE_SUBSCRIPTION_ID = $(eval AZURE_SUBSCRIPTION_ID := $$(shell kubectl -n $(NAMESPACE) get secret global-config --template={{.data.azure_subscription_id}} | base64 --decode))$(AZURE_SUBSCRIPTION_ID)
 
 ifeq ($(NAMESPACE),default)
 SCOPE = deploy

grafana/Makefile

@@ -5,9 +5,9 @@ include ../config.mk
 CLOUD := $(shell kubectl get secret global-config --template={{.data.cloud}} | base64 --decode)
 
 build:
-	$(MAKE) -C .. hail-ubuntu-image
+	$(MAKE) -C .. pushed-private-hail-ubuntu-image
 
 deploy: build
 	! [ -z $(NAMESPACE) ]  # call this like: make deploy NAMESPACE=default
-	python3 ../ci/jinja2_render.py '{"deploy":$(DEPLOY),"global": {"cloud": "$(CLOUD)", "domain": "$(DOMAIN)", "docker_prefix":"$(DOCKER_PREFIX)"},"default_ns":{"name":"$(NAMESPACE)"},"hail_ubuntu_image":{"image":"'$$(cat ../hail-ubuntu-image)'"}}' deployment.yaml deployment.yaml.out
+	python3 ../ci/jinja2_render.py '{"deploy":$(DEPLOY),"global": {"cloud": "$(CLOUD)", "domain": "$(DOMAIN)", "docker_prefix":"$(DOCKER_PREFIX)","azure_subscription_id":"$(AZURE_SUBSCRIPTION_ID)"},"default_ns":{"name":"$(NAMESPACE)"},"hail_ubuntu_image":{"image":"'$$(cat ../pushed-private-hail-ubuntu-image)'"}}' deployment.yaml deployment.yaml.out
 	kubectl -n $(NAMESPACE) apply -f deployment.yaml.out

grafana/deployment.yaml

@@ -155,6 +155,9 @@ spec:
         - name: grafana-envoy-sidecar-config
           configMap:
             name: grafana-envoy-sidecar-config
+        - name: grafana-gsa-key
+          secret:
+            secretName: grafana-gsa-key
       initContainers:
        - name: setup-tokens
          image: {{ hail_ubuntu_image.image }}
@@ -165,6 +168,20 @@ spec:
              name: grafana-tokens
            - mountPath: /grafana-shared
              name: grafana-shared
+       - name: setup-grafana-gsa-key
+         image: {{ hail_ubuntu_image.image }}
+         command: ["/bin/bash"]
+         args:
+           - "-c"
+           - |
+             jq -r '.tenant' /grafana-gsa-key/key.json > /grafana-shared/tenant-id
+             jq -r '.appId' /grafana-gsa-key/key.json > /grafana-shared/app-id
+             jq -r '.password' /grafana-gsa-key/key.json > /grafana-shared/client-secret
+         volumeMounts:
+           - mountPath: /grafana-gsa-key
+             name: grafana-gsa-key
+           - mountPath: /grafana-shared
+             name: grafana-shared
       containers:
        - name: grafana
          image: {{ global.docker_prefix }}/grafana/grafana:9.1.4
@@ -284,6 +301,19 @@ data:
           authenticationType: gce
           defaultProject: $GCP_PROJECT
         editable: true
+{% elif global.cloud == "azure" %}
+      - name: Azure Monitor
+        type: grafana-azure-monitor-datasource
+        access: proxy
+        jsonData:
+          azureAuthType: clientsecret
+          cloudName: azuremonitor
+          tenantId: $__file{/grafana-shared/tenant-id}
+          clientId: $__file{/grafana-shared/app-id}
+          subscriptionId: {{ global.azure_subscription_id }}
+        secureJsonData:
+          clientSecret: $__file{/grafana-shared/client-secret}
+        version: 1
 {% endif %}
       - name: Prometheus
         type: prometheus