From 066b04322d62605f203637574ffbf645597b5fca Mon Sep 17 00:00:00 2001
From: Frederic Branczyk <fbranczyk@gmail.com>
Date: Thu, 6 Apr 2017 15:24:22 +0200
Subject: [PATCH] grafana-watcher: allow credentials from env variable
---
.../generate-grafana-credentials-secret.sh | 20 +++++++++++++
hack/scripts/generate-manifests.sh | 3 ++
manifests/grafana/grafana-credentials.yaml | 7 +++++
manifests/grafana/grafana-deployment.yaml | 30 ++++++++++++++++---
4 files changed, 56 insertions(+), 4 deletions(-)
create mode 100755 hack/scripts/generate-grafana-credentials-secret.sh
create mode 100644 manifests/grafana/grafana-credentials.yaml
diff --git a/hack/scripts/generate-grafana-credentials-secret.sh b/hack/scripts/generate-grafana-credentials-secret.sh
new file mode 100755
index 00000000..e877b080
--- /dev/null
+++ b/hack/scripts/generate-grafana-credentials-secret.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ "$#" -ne 2 ]; then
+ echo "Usage: $0 user password"
+ exit 1
+fi
+
+user=$1
+password=$2
+
+cat <<-EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: grafana-credentials
+data:
+ user: $(echo -n ${user} | base64 --wrap=0)
+ password: $(echo -n ${password} | base64 --wrap=0)
+EOF
+
diff --git a/hack/scripts/generate-manifests.sh b/hack/scripts/generate-manifests.sh
index bf5f42fa..280bc121 100755
--- a/hack/scripts/generate-manifests.sh
+++ b/hack/scripts/generate-manifests.sh
@@ -6,6 +6,9 @@ hack/scripts/generate-rules-configmap.sh > manifests/prometheus/prometheus-k8s-r
# Generate Dashboard ConfigMap
hack/scripts/generate-dashboards-configmap.sh > manifests/grafana/grafana-dashboards.yaml
+# Generate Grafana Credentials Secret
+hack/scripts/generate-grafana-credentials-secret.sh admin admin > manifests/grafana/grafana-credentials.yaml
+
# Generate Secret for Alertmanager config
hack/scripts/generate-alertmanager-config-secret.sh > manifests/alertmanager/alertmanager-config.yaml
diff --git a/manifests/grafana/grafana-credentials.yaml b/manifests/grafana/grafana-credentials.yaml
new file mode 100644
index 00000000..c3da1b63
--- /dev/null
+++ b/manifests/grafana/grafana-credentials.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: grafana-credentials
+data:
+ user: YWRtaW4=
+ password: YWRtaW4=
diff --git a/manifests/grafana/grafana-deployment.yaml b/manifests/grafana/grafana-deployment.yaml
index b727561c..e83d265d 100644
--- a/manifests/grafana/grafana-deployment.yaml
+++ b/manifests/grafana/grafana-deployment.yaml
@@ -17,6 +17,16 @@ spec:
value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "true"
+ - name: GF_SECURITY_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: grafana-credentials
+ key: user
+ - name: GF_SECURITY_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: grafana-credentials
+ key: password
volumeMounts:
- name: grafana-storage
mountPath: /var/grafana-storage
@@ -28,13 +38,25 @@ spec:
memory: 100Mi
cpu: 100m
limits:
- memory: 300Mi
- cpu: 300m
+ memory: 200Mi
+ cpu: 200m
- name: grafana-watcher
- image: quay.io/coreos/grafana-watcher:v0.0.2
+ image: quay.io/coreos/grafana-watcher:v0.0.3
+ imagePullPolicy: Never
args:
- '--watch-dir=/var/grafana-dashboards'
- - '--grafana-url=http://admin:admin@localhost:3000'
+ - '--grafana-url=http://localhost:3000'
+ env:
+ - name: GRAFANA_USER
+ valueFrom:
+ secretKeyRef:
+ name: grafana-credentials
+ key: user
+ - name: GRAFANA_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: grafana-credentials
+ key: password
volumeMounts:
- name: grafana-dashboards
mountPath: /var/grafana-dashboards
--
GitLab