Decide on a path for enabling GitHub auth to grafana for Community Reps of hubs on dedicated clusters #1850
Comments
damianavila
moved this to Needs Shaping / Refinement
in DEPRECATED Engineering and Product Backlog
Sounds nice, but what happens if someone else from the community NOT interested to get access to the hub actually wants access to the dashboard? Should we decouple both actors? |
I think we could make the same argument about GitHub auth tbh. What if someone in a finance department wants access to the grafana dashboards for reporting and doesn't have a GitHub account? Having a service behind auth means someone needs some account somewhere. And I guess the only thing I can really see being a reasonable differentiator right now is comparing the amount of technical work/maintenance for us to provide that auth via the hub, or to provide it via one, or many, external services. |
Good point.
Another good one. |
|
We have github auth enabled for all clusters now, but I wonder if its perhaps better if we could avoid doing it like this, and instead using a |
Rethinking this one: sounds like a good idea since most (if not all) the community representatives are hubs users whereas it might not be GH users. |
|
I think we have an implicit practice around this now to use GitHub auth. We have docs on how to enable this for engineers, but nothing (obvious to me) on docs.2i2c.org to advertise this to community champions |
sgibson91
added
the
nominated-to-be-resolved-during-q4-2023
|
@sgibson91, @jmunroe and I had a meeting about this and we concluded that the next steps are:
Will update the top comment with the resolution and close this issue. |
github-project-automation
bot
moved this from Needs Shaping / Refinement
to Complete
in DEPRECATED Engineering and Product Backlog
December 2023 Update
The
defaultway to give access to communities is via invite links as documented at https://infrastructure.2i2c.org/sre-guide/support/grafana-account/.Two follow-up issues were opened as a follow-up to this discussion on the path forward:
Document Grafana access for communities docs#198
[docs] Clarify infrastructure documentation around Grafana access #3505
October 2023 Update
We seem to have settled on an implementation method for this which is documented for engineers here: https://infrastructure.2i2c.org/howto/grafana-github-auth/ However, there's no Hub Champion-facing documentation stating that this is available.
Original Issue Content
Context
We have grafana dashboards that report a lot of metrics that not only make us feel confident that we have our infrastructure under control, but also give Comm. Reps. insight into the usage and costs of their infrastructure. For every dedicated cluster we deploy, we should make enabling access to these dashboards for the Comm. Reps. a default step in the setup process.
Currently, we provide access by enabling GitHub auth on the grafana login page. We only have this feature enabled on the LEAP and M2LiNES hubs right now. We restrict the GitHub OAuth App to only grant access to members of the 2i2c-org GitHub org and in the grafana config we set
allow_sign_up: true. This approach has only worked so far because Ryan, as Comm Rep for these two hubs, is also a member of the 2i2c-org. We need to find a more generalisable path that we will work for all Comm Reps of dedicated clusters, regardless of status related to 2i2c.Some other approaches have been suggested:
Proposal
We should decide which of these paths we should take moving forward, scope the required technical work, and add it to the backlog.
Updates and actions
No response
The text was updated successfully, but these errors were encountered: