Grafana

설치

helm repo add grafana https://grafana.github.io/helm-charts

helm repo update grafana \
&& helm search repo grafana/grafana -l | head -n 10

helm pull grafana/grafana --version 7.3.7

helm show values grafana-7.3.7.tgz > grafana-7.3.7.yaml

grafana-values.yaml
extraLabels: {}

podLabels: {}

resources:
  requests:
    cpu: 200m
    memory: 1Gi
  limits:
    memory: 1Gi

grafana.ini:
  # users, data sources, and dashboards 같은 설정을 저장합니다.
  database:
    type: mysql|postgres|sqlite3
    host: <host>:<port>
    name: <database>
    user: grafana
    password: <grafana-password>

helm template grafana grafana-7.3.7.tgz \
    -n monitoring \
    -f grafana-values.yaml \
    > grafana.yaml

helm upgrade grafana grafana-7.3.7.tgz \
    --install \
    --history-max 5 \
    -n monitoring \
    -f grafana-values.yaml

Keycloak

Keycloak OIDC

grafana-values.yaml
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/
grafana.ini:
  server:
    root_url: <grafana-url>
  auth.generic_oauth:
    enabled: true
    name: Keycloak
    allow_sign_up: false
    client_id: grafana
    client_secret: <grafana-client-secret>
    scopes: openid profile email groups
    auth_url: <keycloak-url>/auth/realms/<realm>/protocol/openid-connect/auth
    token_url: <keycloak-url>/auth/realms/<realm>/protocol/openid-connect/token
    api_url: <keycloak-url>/auth/realms/<realm>/protocol/openid-connect/userinfo
    # grafana-admin, grafana-dev 그룹
    role_attribute_path: contains(groups[*], 'grafana-admin') && 'Admin' || contains(groups[*], 'grafana-dev') && 'Editor' || 'Viewer'
  security:
    disable_initial_admin_creation: true

warning

초기에 생성된 admin 계정은 꼭 삭제해주세요.

설치​

Keycloak​

설치

Keycloak