Bump grafana version.

mrsiano · May 24, 2018 · a7996db · a7996db
1 parent 57a377c
commit a7996db
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 72 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,9 @@
-FROM centos:7
+FROM centos:centos7
 
 MAINTAINER Eldad Marciano "[email protected]"
 
 ENV GOPATH /root/go
 
-
 RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash -
 
 RUN yum install -y --nogpgcheck \
@@ -23,7 +22,7 @@ RUN mkdir -p $GOPATH/src/github.com/grafana && \
     cd $GOPATH/src/github.com/grafana && pwd && \
     git clone https://github.com/mrsiano/grafana.git && \
     cd grafana && pwd && git branch -a && \
-    git checkout OAuth;
+    git checkout generic_oauth;
 
 RUN cd $GOPATH/src/github.com/grafana/grafana && \
     go run build.go setup && \

diff --git a/README.md b/README.md
@@ -1,7 +1,8 @@
 # Openshift Grafana Dashboards
 
 Research repository, see the origin page for official example
-https://github.com/openshift/origin/tree/master/examples/grafana
+- https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_grafana
+- https://github.com/openshift/origin/tree/master/examples/grafana
 
 ## Available Dashboards
 - openshift cluster metrics
@@ -11,9 +12,10 @@ https://github.com/openshift/origin/tree/master/examples/grafana
 Note: make sure to have openshift prometheus deployed.
 (https://github.com/openshift/origin/tree/master/examples/prometheus)
 
-``` ./setup-grafana.sh prometheus-ocp prometheus false ``` - for byo cluster (prometheus selfdeployment).
+``` ./setup-grafana.sh -n prometheus -a -e ``` 
 
-``` ./setup-grafana.sh prometheus-ocp openshift-metrics true ``` - for byo cluster that uses openshift_metrics plus oauth.
+when you being asked to type username \ password, type 'grafana'
+and login with the same cerdentials 
 
 ## How to use oauth proxy:
 Note: when using oauth make sure your user has permission to browse grafana.

diff --git a/grafana-ocp.yaml b/grafana-ocp.yaml
@@ -12,7 +12,7 @@ metadata:
 parameters:
 - description: The location of the proxy image
   name: IMAGE_GF
-  value: mrsiano/grafana-ocp:latest
+  value: mrsiano/openshift-grafana:latest
 - description: External URL for the grafana route
   name: ROUTE_URL
   value: ""

diff --git a/grafana-ocp-oauth.yaml → grafana.yaml b/grafana-ocp-oauth.yaml → grafana.yaml
@@ -2,16 +2,16 @@
 kind: Template
 apiVersion: v1
 metadata:
-  name: grafana-ocp
+  name: grafana
   annotations:
-    "openshift.io/display-name": Grafana ocp
+    "openshift.io/display-name": Grafana
     description: |
       Grafana server with patched Prometheus datasource.
-    iconClass: icon-cogs
+    iconClass: fa fa-cogs
     tags: "metrics,monitoring,grafana,prometheus"
 parameters:
-- description: The location of the proxy image
-  name: IMAGE_GF
+- description: The location of the grafana image
+  name: IMAGE_GRAFANA
   value: mrsiano/grafana-ocp:latest
 - description: The location of the proxy image
   name: IMAGE_PROXY
@@ -30,78 +30,78 @@ objects:
 - apiVersion: v1
   kind: ServiceAccount
   metadata:
-    name: grafana-ocp
+    name: grafana
     namespace: "${NAMESPACE}"
     annotations:
-      serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"grafana-ocp"}}'
+      serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"grafana"}}'
 - apiVersion: authorization.openshift.io/v1
   kind: ClusterRoleBinding
   metadata:
-    name: gf-cluster-reader
+    name: grafana-cluster-reader
   roleRef:
     name: cluster-reader
   subjects:
   - kind: ServiceAccount
-    name: grafana-ocp
+    name: grafana
     namespace: "${NAMESPACE}"
 - apiVersion: route.openshift.io/v1
   kind: Route
   metadata:
-    name: grafana-ocp
+    name: grafana
     namespace: "${NAMESPACE}"
   spec:
     host: "${ROUTE_URL}"
     to:
-      name: grafana-ocp
+      name: grafana
     tls:
       termination: Reencrypt
 - apiVersion: v1
   kind: Service
   metadata:
-    name: grafana-ocp
+    name: grafana
     annotations:
       prometheus.io/scrape: "true"
       prometheus.io/scheme: https
-      service.alpha.openshift.io/serving-cert-secret-name: gf-tls
+      service.alpha.openshift.io/serving-cert-secret-name: grafana-tls
     namespace: "${NAMESPACE}"
     labels:
-      metrics-infra: grafana-ocp
-      name: grafana-ocp
+      metrics-infra: grafana
+      name: grafana
   spec:
     ports:
-    - name: grafana-ocp
+    - name: grafana
       port: 443
       protocol: TCP
       targetPort: 8443
     selector:
-      app: grafana-ocp
+      app: grafana
 - apiVersion: v1
   kind: Secret
   metadata:
-    name: gf-proxy
+    name: grafana-proxy
     namespace: "${NAMESPACE}"
   stringData:
     session_secret: "${SESSION_SECRET}="
-# Deploy Prometheus behind an oauth proxy
+# Deploy Grafana behind an oauth proxy
 - apiVersion: extensions/v1beta1
   kind: Deployment
   metadata:
     labels:
-      app: grafana-ocp
-    name: grafana-ocp
+      app: grafana
+    name: grafana
     namespace: "${NAMESPACE}"
   spec:
     replicas: 1
     selector:
       matchLabels:
-        app: grafana-ocp
+        app: grafana
     template:
       metadata:
         labels:
-          app: grafana-ocp
-        name: grafana-ocp-app
+          app: grafana
+        name: grafana
       spec:
-        serviceAccountName: grafana-ocp
+        serviceAccountName: grafana
         containers:
         - name: oauth-proxy
           image: ${IMAGE_PROXY}
@@ -113,56 +113,55 @@ objects:
           - -https-address=:8443
           - -http-address=
           - -email-domain=*
-          - -client-id=system:serviceaccount:${NAMESPACE}:grafana-ocp
+          - -client-id=system:serviceaccount:${NAMESPACE}:grafana
           - -upstream=http://localhost:3000
           - -provider=openshift
-#          - -skip-auth-regex=/api/datasources
-          - '-openshift-delegate-urls={"/api/datasources": {"resource": "namespace", "verb": "get", "resourceName": "grafana-ocp", "namespace": "${NAMESPACE}"}}'
+#          - '-openshift-delegate-urls={"/api/datasources": {"resource": "namespace", "verb": "get", "resourceName": "grafana", "namespace": "${NAMESPACE}"}}'
           - '-openshift-sar={"namespace": "${NAMESPACE}", "verb": "list", "resource": "services"}'
           - -tls-cert=/etc/tls/private/tls.crt
           - -tls-key=/etc/tls/private/tls.key
           - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
           - -cookie-secret-file=/etc/proxy/secrets/session_secret
-          - -skip-auth-regex=^/metrics
+          - -skip-auth-regex=^/metrics,/api/datasources,/api/dashboards
           volumeMounts:
           - mountPath: /etc/tls/private
-            name: gf-tls
+            name: grafana-tls
           - mountPath: /etc/proxy/secrets
             name: secrets
 
-        - name: grafana-ocp
-          image: ${IMAGE_GF}
+        - name: grafana
+          image: ${IMAGE_GRAFANA}
           ports:
           - name: grafana-http
             containerPort: 3000
           volumeMounts:
           - mountPath: "/root/go/src/github.com/grafana/grafana/data"
-            name: gf-data
+            name: grafana-data
           - mountPath: "/root/go/src/github.com/grafana/grafana/conf"
-            name: gfconfig
+            name: grafanaconfig
           - mountPath: /etc/tls/private
-            name: gf-tls
+            name: grafana-tls
           - mountPath: /etc/proxy/secrets
             name: secrets
           command:
            - "./bin/grafana-server"
 
         volumes:
-        - name: gfconfig
+        - name: grafanaconfig
           configMap:
-            name: gf-config
+            name: grafana-config
         - name: secrets
           secret:
-            secretName: gf-proxy
-        - name: gf-tls
+            secretName: grafana-proxy
+        - name: grafana-tls
           secret:
-            secretName: gf-tls
+            secretName: grafana-tls
         - emptyDir: {}
-          name: gf-data
+          name: grafana-data
 - apiVersion: v1
   kind: ConfigMap
   metadata:
-    name: gf-config
+    name: grafana-config
     namespace: "${NAMESPACE}"
   data:
     defaults.ini: |-

diff --git a/setup-grafana.sh b/setup-grafana.sh
@@ -1,40 +1,85 @@
 #!/bin/bash
 
-datasource_name=$1
-prometheus_namespace=$2
-oauth=$3
-yaml="grafana-ocp.yaml"
-protocol="http://"
+setoauth=0
+node_exporter=0
+datasource_name=''
+prometheus_namespace=''
+sa_reader=''
+graph_granularity=''
+yaml=''
+protocol="https://"
 
+while getopts 'n:s:p:g:y:ae' flag; do
+  case "${flag}" in
+    n) datasource_name="${OPTARG}" ;;
+    s) sa_reader="${OPTARG}" ;;
+    p) prometheus_namespace="${OPTARG}" ;;
+    g) graph_granularity="${OPTARG}" ;;
+    y) yaml="${OPTARG}" ;;
+    a) setoauth=1 ;;
+    e) node_exporter=1;;
+    *) error "Unexpected option ${flag}" ;;
+  esac
+done
 
 usage() {
 echo "
 USAGE
- setup-grafana.sh pro-ocp openshift-metrics true
+ setup-grafana.sh -n <datasource_name> -a [optional: -p <prometheus_namespace> -s <prometheus_serviceaccount> -g <graph_granularity> -y <yaml> -e]
 
- args:
-   datasource_name: grafana datasource name
-   prometheus_namespace: existing prometheus name e.g openshift-metrics
-   oauth: if set to true it will deploy grafana with oauth authorization
+ switches:
+   -n: grafana datasource name
+   -s: prometheus serviceaccount name
+   -p: existing prometheus name e.g openshift-metrics
+   -g: specifiy granularity
+   -y: specifies the grafana yaml
+   -a: deploy oauth proxy for grafana - otherwise skip it (for preconfigured deployment)
+   -e: deploy node exporter
 
  note:
-   the project must have view permissions for kube-system
+    - the project must have view permissions for kube-system
+    - the script allow to use high granularity by adding '30s' arg, but it needs tuned scrape prometheus
 "
 exit 1
 }
 
-[[ -n ${datasource_name} ]] || usage
-
-if [[ ${oauth} = true ]]; then
-    yaml="grafana-ocp-oauth.yaml"; protocol="https://"; echo "deploying with oauth";
+get::namespace(){
+if [ -z "$(oc projects |grep openshift-metrics)" ]; then
+    prometheus_namespace="kube-system"
+else
+    prometheus_namespace="openshift-metrics"
 fi
+}
 
+set::oauth() {
+touch -a /etc/origin/master/htpasswd
+htpasswd /etc/origin/master/htpasswd grafana
+sed -ie 's|AllowAllPasswordIdentityProvider|HTPasswdPasswordIdentityProvider\n      file: /etc/origin/master/htpasswd|' /etc/origin/master/master-config.yaml
+oc adm policy add-cluster-role-to-user cluster-reader grafana
+systemctl restart atomic-openshift-master-api.service
+}
 
+# deploy node exporter
+node::exporter(){
+oc annotate ns kube-system openshift.io/node-selector= --overwrite
+sed -i.bak "s/Xs/${graph_granularity}/" "${dashboard_file}"
+sed -i.bak "s/\${DS_PR}/${datasource_name}/" "${dashboard_file}"
+curl --insecure -H "Content-Type: application/json" -u admin:admin "${grafana_host}/api/dashboards/db" -X POST -d "@./node-exporter-full-dashboard.json"
+mv "${dashboard_file}.bak" "${dashboard_file}"
+}
+
+[[ -n ${datasource_name} ]] || usage
+[[ -n ${sa_reader} ]] || sa_reader="prometheus"
+[[ -n ${prometheus_namespace} ]] || get::namespace
+[[ -n ${graph_granularity} ]]  || graph_granularity="2m"
+# TODO: replace with link to origin/examples
+[[ -n ${yaml} ]] || yaml="grafana.yaml"
+((setoauth)) && set::oauth || echo "skip oauth"
 
 oc new-project grafana
 oc process -f "${yaml}" |oc create -f -
-oc rollout status deployment/grafana-ocp
-oc adm policy add-role-to-user view -z grafana-ocp -n kube-system
+oc rollout status deployment/grafana
+oc adm policy add-role-to-user view -z grafana -n "${prometheus_namespace}"
 
 payload="$( mktemp )"
 cat <<EOF >"${payload}"
@@ -47,19 +92,26 @@ cat <<EOF >"${payload}"
 "basicAuth": false,
 "withCredentials": false,
 "jsonData": {
-    "tlsSkipVerify":true,
-    "token":"$( oc sa get-token grafana-ocp )"
+    "tlsSkipVerify":true
+},
+"secureJsonData": {
+    "httpHeaderName1":"Authorization",
+    "httpHeaderValue1":"Bearer $( oc sa get-token "${sa_reader}" -n "${prometheus_namespace}" )"
 }
 }
 EOF
 
-grafana_host="${protocol}$( oc get route grafana-ocp -o jsonpath='{.spec.host}' )"
-curl -H "Content-Type: application/json" -u admin:admin "${grafana_host}/api/datasources" -X POST -d "@${payload}"
+# setup grafana data source
+grafana_host="${protocol}$( oc get route grafana -o jsonpath='{.spec.host}' )"
+curl --insecure -H "Content-Type: application/json" -u admin:admin "${grafana_host}/api/datasources" -X POST -d "@${payload}"
 
+# deploy openshift dashboard
 dashboard_file="./openshift-cluster-monitoring.json"
+sed -i.bak "s/Xs/${graph_granularity}/" "${dashboard_file}"
 sed -i.bak "s/\${DS_PR}/${datasource_name}/" "${dashboard_file}"
-curl -H "Content-Type: application/json" -u admin:admin "${grafana_host}/api/dashboards/db" -X POST -d "@${dashboard_file}"
+curl --insecure -H "Content-Type: application/json" -u admin:admin "${grafana_host}/api/dashboards/db" -X POST -d "@${dashboard_file}"
 mv "${dashboard_file}.bak" "${dashboard_file}"
 
+((node_exporter)) && node::exporter || echo "skip node exporter"
 
-exit 0
+exit 0