Grafana是一个跨平台的开源的度量分析和可视化工具,主要用于查询并可视化展示采集的数据。
Grafana提供了丰富的可视化展示方式,包括快速灵活的客户端图表,拥有不同方式的可视化指标和日志的面板插件以及丰富的仪表盘插件,包括热图、折线图、图表等。
Grafana能够帮助用户快速的查看和编辑dashboard的前端。支持同时连接多种数据源,能够将时序时空数据库(TSDB)数据转换为漂亮的图表。
准备
- Kubernetes
- Helm
- Postgresql(Optional)
- Kubeapps(Optional)
安装
导入bitnami repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
准备chart values
完整的原始值可以通过helm命令查看
helm show values bitnami/grafana
需要修改的地方
config:
useGrafanaIniFile: true
grafanaIniConfigMap: "grafana-config"
grafana:
# 存放额外的环境变量,比如存放数据库密码环境变量
extraEnvVarsSecret: "grafana"
# 修改成你需要的,这里写阿里云的
storageClass: "alicloud-disk-available"
# 修改pv大小,阿里云最小是20Gi,更小的无法创建
size: 20Gi
grafana-config
apiVersion: v1
data:
grafana.ini: |-
[database]
type = postgres
# 需要修改为实际的值
host = "YOUR_PG_HOST"
# 修改为实际的数据库用户名
name = grafana
# 修改为实际的数据库密码
user = grafana
# config map 不适合存密码相关的,这里使用env存放数据库密码,可以配合extraEnvVarsSecret使用
password = $__env{PG_PASSWORD}
kind: ConfigMap
metadata:
name: grafana-config
namespace: monitor
ldap
如果你需要用到ldap做统一登录,需要配置ldap配置
ldap:
## @param ldap.enabled Enable LDAP for Grafana
##
enabled: true
## @param ldap.secretName Name of the Secret with the ldap.toml configuration file for Grafana
## NOTE: When it's set the ldap.configuration parameter is ignored
##
secretName: "grafana-ldap"
ldap.toml
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "ldap.my_secure_remote_server.org"
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = true
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = false
# set to true if you want to skip SSL cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = "grafana"
# We recommend using variable expansion for the bind_password, for more info https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion
# bind_password = '$__env{LDAP_BIND_PASSWORD}'
# Timeout in seconds. Applies to each host specified in the 'host' entry (space separated).
timeout = 10
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = "(cn=%s)"
# An array of base dns to search through
search_base_dns = ["dc=grafana,dc=org"]
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_filter_user_attribute = "distinguishedName"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# Specify names of the LDAP attributes your LDAP uses
[servers.attributes]
member_of = "memberOf"
email = "email"
kubectl create secret generic grafana-ldap --from-file=ldap.toml=ldap.toml
执行安装
helm install ${RELEASE_NAME} bitnami/grafana -f values.yaml
可以看到下面这段输出
CHART NAME: grafana
CHART VERSION: x.x.x
APP VERSION: x.x.x
** Please be patient while the chart is being deployed **
1. Get the application URL by running these commands:
echo "Browse to [http://127.0.0.1:8080](http://127.0.0.1:8080/)"
kubectl port-forward svc/grafana 8080:3000 &
1. Get the admin credentials:
echo "User: admin"
echo "Password: $(kubectl get secret grafana-admin --namespace monitor -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 -d)"
如果使用了ldap,可以直接使用ldap账号密码登录了。
