Infra System

Grafana installation - Web UI Dashboard

kellis 2020. 10. 14. 14:22

Grafana는 모니터링을 시각화하기 위한 도구입니다. helm을 이용하여 설치하므로, helm이 설치되어 있다는 것을 전제로 합니다. 

 

1. 설치 방법

1. helm으로 grafana 설치

helm install --name air-grafana --namespace monitoring -f values.yaml stable/grafana

이때 사용한 values.yaml에서 가장 중요한 것은 외부 포트 오픈을 위해, service: NodePort를 지정해주었다는 것입니다. 또한 adminUser와 adminPassword를 지정해주어야 합니다. 

더보기

rbac:

  create: true

  pspEnabled: true

  pspUseAppArmor: true

  namespaced: false

  extraRoleRules: []

  # - apiGroups: []

  #   resources: []

  #   verbs: []

  extraClusterRoleRules: []

  # - apiGroups: []

  #   resources: []

  #   verbs: []

serviceAccount:

  create: true

  name:

  nameTest:

#  annotations:

 

replicas: 1

 

## See `kubectl explain poddisruptionbudget.spec` for more

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/

podDisruptionBudget: {}

#  minAvailable: 1

#  maxUnavailable: 1

 

## See `kubectl explain deployment.spec.strategy` for more

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

deploymentStrategy:

  type: RollingUpdate

 

readinessProbe:

  httpGet:

    path: /api/health

    port: 3000

 

livenessProbe:

  httpGet:

    path: /api/health

    port: 3000

  initialDelaySeconds: 60

  timeoutSeconds: 30

  failureThreshold: 10

 

## Use an alternate scheduler, e.g. "stork".

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

##

# schedulerName: "default-scheduler"

 

image:

  repository: grafana/grafana

  tag: 6.5.0

  pullPolicy: IfNotPresent

 

  ## Optionally specify an array of imagePullSecrets.

  ## Secrets must be manually created in the namespace.

  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

  ##

  # pullSecrets:

  #   - myRegistrKeySecretName

 

testFramework:

  enabled: true

  image: "dduportal/bats"

  tag: "0.4.0"

  securityContext: {}

 

securityContext:

  runAsUser: 472

  fsGroup: 472

 

 

extraConfigmapMounts: []

  # - name: certs-configmap

  #   mountPath: /etc/grafana/ssl/

  #   subPath: certificates.crt # (optional)

  #   configMap: certs-configmap

  #   readOnly: true

 

 

extraEmptyDirMounts: []

  # - name: provisioning-notifiers

  #   mountPath: /etc/grafana/provisioning/notifiers

 

 

## Assign a PriorityClassName to pods if set

# priorityClassName:

 

downloadDashboardsImage:

  repository: appropriate/curl

  tag: latest

  pullPolicy: IfNotPresent

 

downloadDashboards:

  env: {}

 

## Pod Annotations

# podAnnotations: {}

 

## Pod Labels

# podLabels: {}

 

podPortName: grafana

 

## Deployment annotations

# annotations: {}

 

## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).

## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.

## ref: http://kubernetes.io/docs/user-guide/services/

##

service:

  type: NodePort

  nodePort: 30300

  port: 80

  targetPort: 3000

    # targetPort: 4181 To be used with a proxy extraContainer

  annotations: {}

  labels: {}

  portName: service

 

ingress:

  enabled: false

  annotations: {}

    # kubernetes.io/ingress.class: nginx

    # kubernetes.io/tls-acme: "true"

  labels: {}

  path: /

  hosts:

    - chart-example.local

  ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.

  extraPaths: []

  # - path: /*

  #   backend:

  #     serviceName: ssl-redirect

  #     servicePort: use-annotation

  tls: []

  #  - secretName: chart-example-tls

  #    hosts:

  #      - chart-example.local

 

resources: {}

#  limits:

#    cpu: 100m

#    memory: 128Mi

#  requests:

#    cpu: 100m

#    memory: 128Mi

 

## Node labels for pod assignment

## ref: https://kubernetes.io/docs/user-guide/node-selection/

#

nodeSelector: {}

 

## Tolerations for pod assignment

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

##

tolerations: []

 

## Affinity for pod assignment

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

##

affinity: {}

 

extraInitContainers: []

 

## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod

extraContainers: |

# - name: proxy

#   image: quay.io/gambol99/keycloak-proxy:latest

#   args:

#   - -provider=github

#   - -client-id=

#   - -client-secret=

#   - -github-org=<ORG_NAME>

#   - -email-domain=*

#   - -cookie-secret=

#   - -http-address=http://0.0.0.0:4181

#   - -upstream-url=http://127.0.0.1:3000

#   ports:

#     - name: proxy-web

#       containerPort: 4181

 

## Enable persistence using Persistent Volume Claims

## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/

##

persistence:

  type: pvc

  enabled: false

  # storageClassName: default

  accessModes:

    - ReadWriteOnce

  size: 10Gi

  # annotations: {}

  finalizers:

    - kubernetes.io/pvc-protection

  # subPath: ""

  # existingClaim:

 

initChownData:

  ## If false, data ownership will not be reset at startup

  ## This allows the prometheus-server to be run with an arbitrary user

  ##

  enabled: true

 

  ## initChownData container image

  ##

  image:

    repository: busybox

    tag: "1.30"

    pullPolicy: IfNotPresent

 

  ## initChownData resource requests and limits

  ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/

  ##

  resources: {}

  #  limits:

  #    cpu: 100m

  #    memory: 128Mi

  #  requests:

  #    cpu: 100m

  #    memory: 128Mi

 

 

# Administrator credentials when not using an existing secret (see below)

adminUser: admin

adminPassword: admin#

 

# Use an existing secret for the admin user.

#admin:

#  existingSecret: ""

#  userKey: admin

#  passwordKey: admin

 

## Define command to be executed at startup by grafana container

## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)

## Default is "run.sh" as defined in grafana's Dockerfile

# command:

# - "sh"

# - "/run.sh"

 

## Use an alternate scheduler, e.g. "stork".

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

##

# schedulerName:

 

## Extra environment variables that will be pass onto deployment pods

env: {}

 

## The name of a secret in the same kubernetes namespace which contain values to be added to the environment

## This can be useful for auth tokens, etc

envFromSecret: ""

 

## Sensible environment variables that will be rendered as new secret object

## This can be useful for auth tokens, etc

envRenderSecret: {}

 

## Additional grafana server secret mounts

# Defines additional mounts with secrets. Secrets must be manually created in the namespace.

extraSecretMounts: []

  # - name: secret-files

  #   mountPath: /etc/secrets

  #   secretName: grafana-secret-files

  #   readOnly: true

 

## Additional grafana server volume mounts

# Defines additional volume mounts.

extraVolumeMounts: []

  # - name: extra-volume

  #   mountPath: /mnt/volume

  #   readOnly: true

  #   existingClaim: volume-claim

 

## Pass the plugins you want installed as a list.

##

plugins: []

  # - digrich-bubblechart-panel

  # - grafana-clock-panel

 

## Configure grafana datasources

## ref: http://docs.grafana.org/administration/provisioning/#datasources

##

datasources: {}

#  datasources.yaml:

#    apiVersion: 1

#    datasources:

#    - name: Prometheus

#      type: prometheus

#      url: http://prometheus-prometheus-server

#      access: proxy

#      isDefault: true

 

## Configure notifiers

## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels

##

notifiers: {}

#  notifiers.yaml:

#    notifiers:

#    - name: email-notifier

#      type: email

#      uid: email1

#      # either:

#      org_id: 1

#      # or

#      org_name: Main Org.

#      is_default: true

#      settings:

#        addresses: an_email_address@example.com

#    delete_notifiers:

 

## Configure grafana dashboard providers

## ref: http://docs.grafana.org/administration/provisioning/#dashboards

##

## `path` must be /var/lib/grafana/dashboards/<provider_name>

##

dashboardProviders: {}

#  dashboardproviders.yaml:

#    apiVersion: 1

#    providers:

#    - name: 'default'

#      orgId: 1

#      folder: ''

#      type: file

#      disableDeletion: false

#      editable: true

#      options:

#        path: /var/lib/grafana/dashboards/default

 

## Configure grafana dashboard to import

## NOTE: To use dashboards you must also enable/configure dashboardProviders

## ref: https://grafana.com/dashboards

##

## dashboards per provider, use provider name as key.

##

dashboards: {}

  # default:

  #   some-dashboard:

  #     json: |

  #       $RAW_JSON

  #   custom-dashboard:

  #     file: dashboards/custom-dashboard.json

  #   prometheus-stats:

  #     gnetId: 2

  #     revision: 2

  #     datasource: Prometheus

  #   local-dashboard:

  #     url: https://example.com/repository/test.json

  #   local-dashboard-base64:

  #     url: https://example.com/repository/test-b64.json

  #     b64content: true

 

## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value.

## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.

## ConfigMap data example:

##

## data:

##   example-dashboard.json: |

##     RAW_JSON

##

dashboardsConfigMaps: {}

#  default: ""

 

## Grafana's primary configuration

## NOTE: values in map will be converted to ini format

## ref: http://docs.grafana.org/installation/configuration/

##

grafana.ini:

  paths:

    data: /var/lib/grafana/data

    logs: /var/log/grafana

    plugins: /var/lib/grafana/plugins

    provisioning: /etc/grafana/provisioning

  analytics:

    check_for_updates: true

  log:

    mode: console

  grafana_net:

    url: https://grafana.net

## LDAP Authentication can be enabled with the following values on grafana.ini

## NOTE: Grafana will fail to start if the value for ldap.toml is invalid

  # auth.ldap:

  #   enabled: true

  #   allow_sign_up: true

  #   config_file: /etc/grafana/ldap.toml

 

## Grafana's LDAP configuration

## Templated by the template in _helpers.tpl

## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled

## ref: http://docs.grafana.org/installation/configuration/#auth-ldap

## ref: http://docs.grafana.org/installation/ldap/#configuration

ldap:

  enabled: false

  # `existingSecret` is a reference to an existing secret containing the ldap configuration

  # for Grafana in a key `ldap-toml`.

  existingSecret: ""

  # `config` is the content of `ldap.toml` that will be stored in the created secret

  config: ""

  # config: |-

  #   verbose_logging = true

 

  #   [[servers]]

  #   host = "my-ldap-server"

  #   port = 636

  #   use_ssl = true

  #   start_tls = false

  #   ssl_skip_verify = false

  #   bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"

 

## Grafana's SMTP configuration

## NOTE: To enable, grafana.ini must be configured with smtp.enabled

## ref: http://docs.grafana.org/installation/configuration/#smtp

smtp:

  # `existingSecret` is a reference to an existing secret containing the smtp configuration

  # for Grafana.

  existingSecret: ""

  userKey: "user"

  passwordKey: "password"

 

## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders

## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards

sidecar:

  image: kiwigrid/k8s-sidecar:0.1.20

  imagePullPolicy: IfNotPresent

  resources: {}

#   limits:

#     cpu: 100m

#     memory: 100Mi

#   requests:

#     cpu: 50m

#     memory: 50Mi

  # skipTlsVerify Set to true to skip tls verification for kube api calls

  # skipTlsVerify: true

  dashboards:

    enabled: false

    SCProvider: true

    # label that the configmaps with dashboards are marked with

    label: grafana_dashboard

    # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set)

    folder: /tmp/dashboards

    # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead

    defaultFolderName: null

    # If specified, the sidecar will search for dashboard config-maps inside this namespace.

    # Otherwise the namespace in which the sidecar is running will be used.

    # It's also possible to specify ALL to search in all namespaces

    searchNamespace: null

    # provider configuration that lets grafana manage the dashboards

    provider:

      # name of the provider, should be unique

      name: sidecarProvider

      # orgid as configured in grafana

      orgid: 1

      # folder in which the dashboards should be imported in grafana

      folder: ''

      # type of the provider

      type: file

      # disableDelete to activate a import-only behaviour

      disableDelete: false

  datasources:

    enabled: false

    # label that the configmaps with datasources are marked with

    label: grafana_datasource

    # If specified, the sidecar will search for datasource config-maps inside this namespace.

    # Otherwise the namespace in which the sidecar is running will be used.

    # It's also possible to specify ALL to search in all namespaces

    searchNamespace: null

2. 설치 시 제공되는 데이터 

NAME:   air-grafana
LAST DEPLOYED: Tue Dec 10 05:36:32 2019
NAMESPACE: monitoring
STATUS: DEPLOYED
 
RESOURCES:
==> v1/ClusterRole
NAME                     AGE
air-grafana-clusterrole  0s
 
==> v1/ClusterRoleBinding
NAME                            AGE
air-grafana-clusterrolebinding  0s
 
==> v1/ConfigMap
NAME              AGE
air-grafana       0s
air-grafana-test  0s
 
==> v1/Deployment
NAME         AGE
air-grafana  0s
 
==> v1/Pod(related)
NAME                         AGE
air-grafana-9f7c5458d-jbsf2  0s
 
==> v1/Role
NAME              AGE
air-grafana-test  0s
 
==> v1/RoleBinding
NAME              AGE
air-grafana-test  0s
 
==> v1/Secret
NAME         AGE
air-grafana  0s
 
==> v1/Service
NAME         AGE
air-grafana  0s
 
==> v1/ServiceAccount
NAME              AGE
air-grafana       0s
air-grafana-test  0s
 
==> v1beta1/PodSecurityPolicy
NAME              AGE
air-grafana       0s
air-grafana-test  0s
 
==> v1beta1/Role
NAME         AGE
air-grafana  0s
 
==> v1beta1/RoleBinding
NAME         AGE
air-grafana  0s
 
 
NOTES:
1. Get your 'admin' user password by running:
 
   kubectl get secret --namespace monitoring air-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
 
2. The Grafana server can be accessed via port 80 on the following DNS name from within your cluster:
 
   air-grafana.monitoring.svc.cluster.local
 
   Get the Grafana URL to visit by running these commands in the same shell:
export NODE_PORT=$(kubectl get --namespace monitoring -o jsonpath="{.spec.ports[0].nodePort}" services air-grafana)
     export NODE_IP=$(kubectl get nodes --namespace monitoring -o jsonpath="{.items[0].status.addresses[0].address}")
     echo http://$NODE_IP:$NODE_PORT
 
 
3. Login with the password from step 1 and the username: admin
#################################################################################
######   WARNING: Persistence is disabled!!! You will lose your data when   #####
######            the Grafana pod is terminated.                            #####
#################################################################################

2. 설치확인

 

브라우저에서 ip:port로 접근했을 때 아래와 같이 연결되면 정상 동작하는 것입니다.