Introduce custom Grafana for openshift prometheus. #17037
Conversation
openshift-ci-robot
added
the
size/L
|
/assign |
examples/grafana/README.md
Outdated
| 2. ```oc new-app -f grafana-ocp.yaml``` | ||
| 3. ```oc expose svc grafana-ocp``` | ||
| 4. grab the grafana url ``` oc get route |awk 'NR==2 {print $2}' ``` | ||
| 5. grab the ocp token, from openshift master run: ```oc sa get-token management-admin -n management-infra``` |
There was a problem hiding this comment.
This command doesn't make sense. What is management-infra?
Did you create a user called management-infra and a namespace called management-infra? What about the grafana namespace?
There was a problem hiding this comment.
IIUC, the grafana server does not use access authentication.
This command is a way to get the admin token for the prometheus server, using the prom-proxy [1] authentication proxy.
note:
a. running a playbook using openshift-ansible will create this sa and namespace
b. when installing prometheus using the prometheus.yaml example (line 31 in reademe) it will use this token to authenticate.
There was a problem hiding this comment.
p.s.
alternatively you can use kube-system namespace and the prometheus sa
There was a problem hiding this comment.
but this (using kube-system namespace) will not work with promethus install using openshift-ansible [1]
| - name: data | ||
| mountPath: "/root/go/src/github.com/grafana/grafana/data" | ||
| command: | ||
| - "./bin/grafana-server" |
There was a problem hiding this comment.
Could you please add a route to this template? Here is an example:
https://github.com/openshift/origin/blob/master/examples/prometheus/prometheus.yaml#L52
There was a problem hiding this comment.
note:
when implementing the route, note that here the grafana server run without tls, so outside port is 80 not 443 and you do not need the tls part
There was a problem hiding this comment.
p.s.
It will be nicer to run grafana with tls ...
There was a problem hiding this comment.
for tls, you will have to edit:
https://github.com/grafana/grafana/blob/master/conf/defaults.ini#L29
you can get the key/cert using a secret, see example [1]
There was a problem hiding this comment.
@jeremyeder @yaacov
It dose not work, I tried to resolve that already thats why I use oc expose command, it needs further investigation, since configuring grafana to run with https[1] needs cert file, the key is not enough.
[1]
https://github.com/grafana/grafana/blob/master/conf/defaults.ini#L29
There was a problem hiding this comment.
If it's OK, let's handle TLS in a subsequent PR.
There was a problem hiding this comment.
If it's OK, let's handle TLS in a subsequent PR.
Sounds right by me 👍
There was a problem hiding this comment.
+1
So ill revert the https for now and will handle it later on by different patch.
There was a problem hiding this comment.
@jeremyeder route is added 🍰 , PTAL
There was a problem hiding this comment.
Works for me. I am able to create dashboards now :-)
openshift-ci-robot
added
size/XXL
examples/grafana/README.md
Outdated
| Note: make sure to have openshift prometheus deployed. | ||
| (https://github.com/openshift/origin/tree/master/examples/prometheus) | ||
|
|
||
| 1. ```oc create project grafana``` |
There was a problem hiding this comment.
it is oc create namespace
oc create project does not work
There was a problem hiding this comment.
should be:
oc new-project grafana
There was a problem hiding this comment.
yes 👍 create namespace is nicer :-)
oc create namespace grafana
examples/grafana/README.md
Outdated
|
|
||
| 1. ```oc create project grafana``` | ||
| 2. ```oc new-app -f grafana-ocp.yaml``` | ||
| 3. ```oc expose svc grafana-ocp``` |
There was a problem hiding this comment.
once the route will be added to the yml file, we will not need to expose the service any more
There was a problem hiding this comment.
Lets submit issue
I understood that in this PR we will add route for http ( port 80, without tls )
and in a later PR update the grafana config file and update route for https ( port 443, with tls )
did I understand correctly ?
There was a problem hiding this comment.
p.s
- sttring grafana for https is a setting in the config file [1] ( we have the key/cert from openshift )
[1] https://github.com/grafana/grafana/blob/master/conf/defaults.ini#L29
|
Sure known issue.
Lets submit issue to let grafana use tls auth
…On Fri, Oct 27, 2017, 09:57 Yaacov Zamir ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In examples/grafana/README.md
<#17037 (comment)>:
> @@ -0,0 +1,31 @@
+# grafana-ocp
+
+This template creates a custom Grafana instance preconfigured to gather Prometheus openshift metrics.
+It is uses OAuth token to login openshift Prometheus.
+
+
+## To deploy grafana
+Note: make sure to have openshift prometheus deployed.
+(https://github.com/openshift/origin/tree/master/examples/prometheus
)
+
+1. ```oc create project grafana```
+2. ```oc new-app -f grafana-ocp.yaml```
+3. ```oc expose svc grafana-ocp```
once the route will be added to the yml file, we will not need to expose
the service any more
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#17037 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AM8S4kV-jI7GDJVQxm6oX0g6bQtSICZiks5swX7qgaJpZM4QGqPV>
.
|
|
/test extended_networking_minimal |
|
/test extended_conformance_gce |
|
LGTM 👍 |
|
@mrsiano: you cannot LGTM your own PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
examples/grafana/README.md
Outdated
| 2. ```oc new-app -f grafana-ocp.yaml``` | ||
| 3. grab the grafana url ``` oc get route |awk 'NR==2 {print $2}' ``` | ||
| 4. grab the ocp token, from openshift master run: ```oc sa get-token prometheus -n kube-system``` | ||
| 5. browse to grafana via browser and add new prometheus DS to grafana. |
There was a problem hiding this comment.
- change DS to datasource (could be confused with DaemonSet).
- mention that the data source URL is the prometheus route, and put an example URL in here
https://prometheus-kube-system.apps.example.com
| - name: data | ||
| mountPath: "/root/go/src/github.com/grafana/grafana/data" | ||
| command: | ||
| - "./bin/grafana-server" |
There was a problem hiding this comment.
Works for me. I am able to create dashboards now :-)
|
Few small nits about the README but otherwise this LGTM for phase 1. |
examples/grafana/Dockerfile
Outdated
| @@ -0,0 +1,35 @@ | |||
| FROM centos:7 | |||
There was a problem hiding this comment.
Is there a reason this needs to be in origin? We're unlikely to build it, so it would be better as a standalone repo.
There was a problem hiding this comment.
Hmm, ok, I've just move it, I did not see any reason to have it here either.
@jeremyeder what do you think ?
There was a problem hiding this comment.
Specifically the Dockerfile? Fine to move. @mrsiano you can put it in https://github.com/openshift/svt/tree/master/dockerfiles
There was a problem hiding this comment.
| 1. ```oc create namespace grafana``` | ||
| 2. ```oc new-app -f grafana-ocp.yaml``` | ||
| 3. grab the grafana url ``` oc get route |awk 'NR==2 {print $2}' ``` | ||
| 4. grab the ocp token, from openshift master run: ```oc sa get-token prometheus -n kube-system``` |
There was a problem hiding this comment.
@smarterclayton hi, do you have preference on how to get a token for the Prometheus auth proxy ?
Here we assume the namespace is kube-system, but if we install Prometheus using openshift-ansible [1] the namespace will be prometheus.
There was a problem hiding this comment.
@yaacov
I've started to work on another patch, to automate the deployment process.
I use this command,
oc get route --all-namespaces |grep -i prometheus |awk '{print $3}'
let's merge this patch for initial stage, then lets work on other things like https, automation and so.
@smarterclayton
|
ok, could you please setup LGTM ?
…On Mon, Oct 30, 2017 at 4:13 PM Jeremy Eder ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In examples/grafana/Dockerfile
<#17037 (comment)>:
> @@ -0,0 +1,35 @@
+FROM centos:7
Specifically the Dockerfile? Fine to move. @mrsiano
<https://github.com/mrsiano> you can put it in
https://github.com/openshift/svt/tree/master/dockerfiles
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#17037 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AM8S4qDGkKg57y7GU5LUuDDxf8ufPhmsks5sxdmMgaJpZM4QGqPV>
.
|
openshift-ci-robot
added
size/L
|
@jeremyeder @smarterclayton |
|
Allowed as a tech preview example. I would expect in 3.8/3.9 for you to continue to refine this and deal with all questions related. We are not productizing this. /lgtm |
openshift-merge-robot
added
the
approved
examples/grafana/README.md
Outdated
| 4. grab the ocp token, from openshift master run: ```oc sa get-token prometheus -n kube-system``` | ||
| 5. browse to grafana datasource's and add new prometheus datasource. | ||
| 6. grab the prometheus url via ```oc get route -n kube-system prometheus |awk 'NR==2 {print $2}'``` and paste the prometheus url e.g https://prometheus-kube-system.apps.example.com | ||
| 6. paste the token string at the token field. |
There was a problem hiding this comment.
By the way, maybe the prometheus config in Grafana could be automated with a side-car container? Grafana has a REST API that we can use to add datasource. But this is only possible is prom URL and token can be found programmatically.
Just for information I did some POC for automatic grafana setup with prometheus in openshift, I don't know if it does have some interest for you: https://github.com/jotak/discomon
(The OS template: https://github.com/jotak/discomon/blob/master/prometheus-grafana-discovery.yml ). For POC I didn't care about securing access)
|
Per #17037 (comment) I thought this should have merged. The outstanding requested changes by @smarterclayton were made (we moved the dockerfile out to our own repo here https://github.com/openshift/svt/tree/master/dockerfiles/grafana-ocp) Is there some incorrect flag/label to explain why it's stuck? |
|
/retest |
|
Just looked at the detail links next to each of the failures. Can't see how they're elated to this PR. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/test extended_conformance_install_update |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
A template creates a custom Grafana instance preconfigured to gather Prometheus openshift metrics. It is uses OAuth token to login openshift Prometheus.
openshift-merge-robot
removed
the
lgtm
|
i always seeing this error message [ERROR] Can not determine install and upgrade version for the any idea ?! |
|
/retest |
|
@mrsiano: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kargakis, mrsiano, smarterclayton The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Automatic merge from submit-queue. |
Automatic merge from submit-queue (batch tested with PRs 17114, 18274). Grafana template automation. eventually this patch should be compatible and jenkins friendly. #17037
A template creates a custom Grafana instance preconfigured to gather Prometheus openshift metrics.
It uses OAuth token to login openshift Prometheus.