Add Grafana deploy

3scale-qe · Nov 5, 2024 · f818df4 · f818df4
1 parent e970e74
commit f818df4
Show file tree

Hide file tree

Showing 12 changed files with 226 additions and 0 deletions.
diff --git a/base/grafana/deploy-grafana.sh b/base/grafana/deploy-grafana.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -exuo pipefail
+command -v envsubst
+
+FILE_ROOT=${BASH_SOURCE%/*}
+NAMESPACE=${NAMESPACE:=tools}
+
+export FILE_ROOT NAMESPACE
+
+# make sure user-workloads are enabled
+USER_WORKLOADS=$(oc get cm/cluster-monitoring-config -n openshift-monitoring -ojsonpath='{.data.config\.yaml}')
+
+if ! [ "$USER_WORKLOADS" = "enableUserWorkload: true" ]; then
+    # maybe enable it here?
+    exit 0;
+fi
+
+envsubst < "${FILE_ROOT}"/operator-group.yaml.tpl | oc apply -n "${NAMESPACE}" -f -
+oc apply -f "${FILE_ROOT}"/subscription.yaml -n ${NAMESPACE}
+oc wait -n "${NAMESPACE}" --for=jsonpath=status.installPlanRef.name subscription grafana-operator --timeout=120s
+oc wait -n "${NAMESPACE}" --for=condition=Installed installplan --all --timeout=120s
+
+oc -n "$NAMESPACE" apply -f "$FILE_ROOT"/grafana.yaml
+
+timeout 120 bash -c "oc get serviceaccounts -n "$NAMESPACE" -w -o name | grep -qm1 grafana-sa"
+oc adm policy add-cluster-role-to-user cluster-monitoring-view -z grafana-sa -n "$NAMESPACE"
+
+TOKEN="$(oc serviceaccounts new-token grafana-sa -n "$NAMESPACE")"
+THANOS_URL="$(oc get route/thanos-querier -n openshift-monitoring -ojsonpath='{.spec.host}')"
+export TOKEN THANOS_URL
+
+envsubst < "$FILE_ROOT"/grafana-data-source.yaml | oc -n "$NAMESPACE" apply -f -
+
+unset TOKEN
diff --git a/base/grafana/deployment.yaml b/base/grafana/deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: grafana
+  name: grafana
+spec:
+  selector:
+    matchLabels:
+      app: grafana
+  template:
+    metadata:
+      labels:
+        app: grafana
+    spec:
+      auth:
+        disable_login_form: 'false'
+      auth.anonymous:
+        enabled: 'true'
+        org_role: Admin
+      auth.basic:
+        enabled: 'true'
+      securityContext:
+        fsGroup: 472
+        supplementalGroups:
+          - 0
+      containers:
+        - name: grafana
+          image: grafana/grafana:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 3000
+              name: http-grafana
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /robots.txt
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 30
+            successThreshold: 1
+            timeoutSeconds: 2
+          livenessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            successThreshold: 1
+            tcpSocket:
+              port: 3000
+            timeoutSeconds: 1
+          resources:
+            requests:
+              cpu: 250m
+              memory: 750Mi
+          volumeMounts:
+            - mountPath: /var/lib/grafana
+              name: grafana-pv
+      volumes:
+        - name: grafana-pv
+          persistentVolumeClaim:
+            claimName: grafana-pvc
diff --git a/base/grafana/gen_token.sh b/base/grafana/gen_token.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+NAMESPACE=${NAMESPACE:=tools}
+TOKEN="$(oc serviceaccounts new-token grafana-sa -n "$NAMESPACE")"
+THANOS_URL="$(oc get route/thanos-querier -n openshift-monitoring -o jsonpath='{.spec.host}')"
+
+# Write the values to a file for Kustomize to consume
+cat <<EOF > grafana-env-config.env
+TOKEN=${TOKEN}
+THANOS_URL=${THANOS_URL}
+EOF
diff --git a/base/grafana/grafana-data-source.yaml b/base/grafana/grafana-data-source.yaml
@@ -0,0 +1,26 @@
+kind: GrafanaDatasource
+apiVersion: grafana.integreatly.org/v1beta1
+metadata:
+  name: prometheus-grafana-data-source
+  namespace: $NAMESPACE
+spec:
+  datasource:
+    access: proxy
+    editable: true
+    isDefault: true
+    jsonData:
+      httpHeaderName1: 'Authorization'
+      timeInterval: 5s
+      tlsSkipVerify: true
+    name: prometheus
+    secureJsonData:
+      httpHeaderValue1: 'Bearer $TOKEN'
+    type: prometheus
+    url: 'https://$THANOS_URL'
+  instanceSelector:
+    matchLabels:
+      dashboards: grafana
+  plugins:
+    - name: grafana-clock-panel
+      version: 1.3.0
+
diff --git a/base/grafana/grafana.yaml b/base/grafana/grafana.yaml
@@ -0,0 +1,21 @@
+apiVersion: grafana.integreatly.org/v1beta1
+kind: Grafana
+metadata:
+  name: grafana
+  labels:
+    dashboards: grafana
+    folders: grafana
+spec:
+  config:
+    auth:
+      disable_login_form: 'false'
+    auth.anonymous:
+        enabled: 'true'
+        org_role: Admin
+    auth.basic:
+        enabled: 'true'
+    log:
+      mode: console
+    security:
+      admin_password: start
+      admin_user: root
diff --git a/base/grafana/kustomization.yaml b/base/grafana/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  app: grafana
+
+resources:
+  - persistent-volume-claim.yaml
+  - deployment.yaml
+  - service.yaml
diff --git a/base/grafana/operator-group.yaml.tpl b/base/grafana/operator-group.yaml.tpl
@@ -0,0 +1,10 @@
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: ${NAMESPACE}
+  generateName: ${NAMESPACE}-
+spec:
+  targetNamespaces:
+    - ${NAMESPACE}
+
diff --git a/base/grafana/persistent-volume-claim.yaml b/base/grafana/persistent-volume-claim.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
diff --git a/base/grafana/service.yaml b/base/grafana/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+spec:
+  ports:
+    - port: 3000
+      protocol: TCP
+      targetPort: http-grafana
+  selector:
+    app: grafana
+  sessionAffinity: None
+  type: LoadBalancer
+
diff --git a/base/grafana/subscription.yaml b/base/grafana/subscription.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: grafana-operator
+spec:
+  channel: v5
+  installPlanApproval: Automatic
+  name: grafana-operator
+  source: community-operators
+  sourceNamespace: openshift-marketplace
diff --git a/base/grafana/subscription.yaml.tpl b/base/grafana/subscription.yaml.tpl
@@ -0,0 +1,11 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: grafana-operator
+spec:
+  channel: v5
+  installPlanApproval: Automatic
+  name: grafana-operator
+  source: community-operators
+  sourceNamespace: openshift-marketplace
diff --git a/overlays/kuadrant/kustomization.yml b/overlays/kuadrant/kustomization.yml
@@ -6,6 +6,7 @@ resources:
   - ../../base/mockserver/
   - ../../base/jaeger/
   - ../../base/keycloak-deployment/
+  - ../../base/grafana/
 
 images:
   - name: quay.io/rh_integration/go-httpbin