dan
/
dans_cloud_terraform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Grafana

zot
Dan Ankers 2023-10-04 19:08:10 +01:00
parent 1f75d8d61c
commit 239204c58f
2 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
main.tf
View File

@ -258,6 +258,86 @@ resource "helm_release" "influxdb" {
] ]
} }
resource "keycloak_openid_client" "grafana_client" {
realm_id = keycloak_realm.realm.id
client_id = "grafana"
enabled = true
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
implicit_flow_enabled = false
use_refresh_tokens = false
client_secret = var.keycloak_grafana_secret
valid_redirect_uris = [
"https://grafana.${var.domain_suffix}/login/generic_oauth"
]
}
resource "kubernetes_config_map" "grafana_ini" {
metadata {
name = "grafana-ini"
namespace = var.grafana_namespace
}
data = {
"grafana.ini" = <<-EOT
[server]
root_url = https://grafana.${var.domain_suffix}/
[auth.generic_oauth]
enabled = true
name = md1clv.im
allow_sign_up = true
client_id = ${keycloak_openid_client.grafana_client.client_id}
client_secret = ${keycloak_openid_client.grafana_client.client_secret}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
name_attribute_path = full_name
auth_url = https://keycloak.${var.domain_suffix}/realms/${keycloak_realm.realm.realm}/protocol/openid-connect/auth
token_url = https://keycloak.${var.domain_suffix}/realms/${keycloak_realm.realm.realm}/protocol/openid-connect/token
api_url = https://keycloak.${var.domain_suffix}/realms/${keycloak_realm.realm.realm}/protocol/openid-connect/userinfo
signout_redirect_url = https://keycloak.${var.domain_suffix}/realms/${keycloak_realm.realm.realm}/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fgrafana.${var.domain_suffix}%2Flogin
role_attribute_path = contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
allow_assign_grafana_admin = true
groups_attribute_path = groups
EOT
}
}
resource "helm_release" "grafana" {
name = "grafana"
namespace = var.grafana_namespace
repository = "https://charts.bitnami.com/bitnami/"
chart = "grafana"
create_namespace = true
values = [
<<-EOT
admin:
password: ${var.default_password}
config:
grafanaIniConfigMap: grafana-ini
useGrafanaIniFile: true
datasources:
secretDefinition:
apiVersion: 1
datasources:
- isDefault: true
name: InfluxDB
type: influxdb
url: http://influxdb.${var.influxdb_namespace}.svc.cluster.local:8006
- name: Prometheus
type: prometheus
url: http://prometheus.${var.prometheus_namespace}.svc.cluster.local
global:
storageClass: ${var.storageclass}
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
enabled: true
hostname: grafana.${var.domain_suffix}
tls: true
EOT
]
}
resource "helm_release" "freeipa" { resource "helm_release" "freeipa" {
name = "freeipa" name = "freeipa"
namespace = var.freeipa_namespace namespace = var.freeipa_namespace

4
vars.tf
View File

@ -37,3 +37,7 @@ variable "freeipa_namespace" {
variable "influxdb_namespace" { variable "influxdb_namespace" {
default = "influxdb" default = "influxdb"
} }
variable "grafana_namespace" {
default = "grafana"
}