salt: Dynamic rendering of Grafana INI config

Extract Grafana INI configuration and put it in a CSC ConfigMap to allow dynamic configuration. Re-render the chart with the following command: ``` ./charts/render.py prometheus-operator \ charts/kube-prometheus-stack.yaml \ charts/kube-prometheus-stack/ \ --namespace metalk8s-monitoring \ --service-config grafana \ metalk8s-grafana-config \ metalk8s/addons/prometheus-operator/config/grafana.yaml.j2 \ metalk8s-monitoring \ --service-config prometheus \ metalk8s-prometheus-config \ metalk8s/addons/prometheus-operator/config/prometheus.yaml \ metalk8s-monitoring \ --service-config alertmanager \ metalk8s-alertmanager-config \ metalk8s/addons/prometheus-operator/config/alertmanager.yaml \ metalk8s-monitoring \ --service-config dex \ metalk8s-dex-config \ metalk8s/addons/dex/config/dex.yaml.j2 metalk8s-auth \ --drop-prometheus-rules charts/drop-prometheus-rules.yaml \ --patch 'PrometheusRule,metalk8s-monitoring,prometheus-operator-kubernetes-system-kubelet,spec:groups:0:rules:1:for,"5m"' \ --remove-manifest ConfigMap prometheus-operator-grafana \ > salt/metalk8s/addons/prometheus-operator/deployed/chart.sls ```
scality · Feb 8, 2022 · b268f49 · b268f49
1 parent 5f55bcf
commit b268f49
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 58 deletions.
diff --git a/buildchain/buildchain/salt_tree.py b/buildchain/buildchain/salt_tree.py
@@ -344,7 +344,7 @@ def task(self) -> types.TaskDict:
     Path("salt/metalk8s/addons/prometheus-operator/post-downgrade.sls"),
     Path("salt/metalk8s/addons/prometheus-operator/post-upgrade.sls"),
     Path("salt/metalk8s/addons/prometheus-operator/config/alertmanager.yaml"),
-    Path("salt/metalk8s/addons/prometheus-operator/config/grafana.yaml"),
+    Path("salt/metalk8s/addons/prometheus-operator/config/grafana.yaml.j2"),
     Path("salt/metalk8s/addons/prometheus-operator/config/prometheus.yaml"),
     Path(
         "salt/metalk8s/addons/prometheus-operator/deployed/",
@@ -357,6 +357,7 @@ def task(self) -> types.TaskDict:
         "salt/metalk8s/addons/prometheus-operator/deployed/files/",
         "node-exporter-full.json",
     ),
+    Path("salt/metalk8s/addons/prometheus-operator/deployed/grafana-ini-configmap.sls"),
     Path("salt/metalk8s/addons/prometheus-operator/deployed/init.sls"),
     Path("salt/metalk8s/addons/prometheus-operator/deployed/namespace.sls"),
     Path("salt/metalk8s/addons/prometheus-operator/deployed/prometheus-rules.sls"),

diff --git a/docs/operation/cluster_and_service_configuration.rst b/docs/operation/cluster_and_service_configuration.rst
@@ -51,9 +51,9 @@ Prometheus, with nice graphs.
 
 The default configuration values for Grafana are specified below:
 
-.. literalinclude:: ../../salt/metalk8s/addons/prometheus-operator/config/grafana.yaml
+.. literalinclude:: ../../salt/metalk8s/addons/prometheus-operator/config/grafana.yaml.j2
    :language: yaml
-   :lines: 3-
+   :lines: 8-31,33-44
 
 .. _csc-prometheus-default-configuration:
 

diff --git a/salt/metalk8s/addons/prometheus-operator/config/grafana.yaml b/salt/metalk8s/addons/prometheus-operator/config/grafana.yaml
diff --git a/salt/metalk8s/addons/prometheus-operator/config/grafana.yaml.j2 b/salt/metalk8s/addons/prometheus-operator/config/grafana.yaml.j2
@@ -0,0 +1,45 @@
+#!jinja|yaml
+
+{%- if pillar.addons.dex.enabled %}
+  {%- set dex_defaults = salt.slsutil.renderer('salt://metalk8s/addons/dex/config/dex.yaml.j2', saltenv=saltenv) %}
+  {%- set dex = salt.metalk8s_service_configuration.get_service_conf('metalk8s-auth', 'metalk8s-dex-config', dex_defaults) %}
+{%- endif %}
+{%- set control_plane_ingress_endpoint = salt.metalk8s_network.get_control_plane_ingress_endpoint() %}
+
+# Configuration of the Grafana service
+apiVersion: addons.metalk8s.scality.com
+kind: GrafanaConfig
+spec:
+  # Configure the Grafana Deployment
+  deployment:
+    replicas: 1
+  config:
+    grafana.ini:
+      analytics:
+        check_for_updates: true
+        reporting_enabled: falseœ
+      paths:
+        data: /var/lib/grafana/
+        logs: /var/log/grafana
+        plugins: /var/lib/grafana/plugins
+        provisioning: /etc/grafana/provisioning
+      log:
+        mode: console
+      grafana_net:
+        url: https://grafana.net
+      server:
+        root_url: "{{ control_plane_ingress_endpoint }}/grafana"
+{%- if pillar.addons.dex.enabled %}
+      auth:
+        oauth_auto_login: true
+      auth.generic_oauth:
+        api_url: "{{ control_plane_ingress_endpoint }}/oidc/userinfo"
+        auth_url: "{{ control_plane_ingress_endpoint }}/oidc/auth"
+        client_id: grafana-ui
+        client_secret: 4lqK98NcsWG5qBRHJUqYM1
+        enabled: true
+        role_attribute_path: contains(`{{ dex.spec.config.staticPasswords | map(attribute='email') | list | tojson }}`, email) && 'Admin'
+        scopes: openid profile email groups
+        tls_skip_verify_insecure: true
+        token_url: "{{ control_plane_ingress_endpoint }}/oidc/token"
+{%- endif %}
diff --git a/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls b/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
@@ -1,10 +1,10 @@
 #!jinja | metalk8s_kubernetes
 
 {%- from "metalk8s/repo/macro.sls" import build_image_name with context %}
-{% set grafana_defaults = salt.slsutil.renderer('salt://metalk8s/addons/prometheus-operator/config/grafana.yaml', saltenv=saltenv) %}
-{% set prometheus_defaults = salt.slsutil.renderer('salt://metalk8s/addons/prometheus-operator/config/prometheus.yaml', saltenv=saltenv) %}
-{% set alertmanager_defaults = salt.slsutil.renderer('salt://metalk8s/addons/prometheus-operator/config/alertmanager.yaml', saltenv=saltenv) %}
-{% set dex_defaults = salt.slsutil.renderer('salt://metalk8s/addons/dex/config/dex.yaml.j2', saltenv=saltenv) %}
+{%- set grafana_defaults = salt.slsutil.renderer('salt://metalk8s/addons/prometheus-operator/config/grafana.yaml.j2', saltenv=saltenv) %}
+{%- set prometheus_defaults = salt.slsutil.renderer('salt://metalk8s/addons/prometheus-operator/config/prometheus.yaml', saltenv=saltenv) %}
+{%- set alertmanager_defaults = salt.slsutil.renderer('salt://metalk8s/addons/prometheus-operator/config/alertmanager.yaml', saltenv=saltenv) %}
+{%- set dex_defaults = salt.slsutil.renderer('salt://metalk8s/addons/dex/config/dex.yaml.j2', saltenv=saltenv) %}
 {%- set grafana = salt.metalk8s_service_configuration.get_service_conf('metalk8s-monitoring', 'metalk8s-grafana-config', grafana_defaults) %}
 {%- set prometheus = salt.metalk8s_service_configuration.get_service_conf('metalk8s-monitoring', 'metalk8s-prometheus-config', prometheus_defaults) %}
 {%- set alertmanager = salt.metalk8s_service_configuration.get_service_conf('metalk8s-monitoring', 'metalk8s-alertmanager-config', alertmanager_defaults) %}
@@ -25043,48 +25043,6 @@ metadata:
   namespace: metalk8s-monitoring
 ---
 apiVersion: v1
-data:
-  grafana.ini: |-
-    [analytics]
-    check_for_updates = false
-    reporting_enabled = false
-    [auth]
-    oauth_auto_login = true
-    [auth.generic_oauth]
-    api_url = "{% endraw -%}{{ salt.metalk8s_network.get_control_plane_ingress_endpoint() }}/oidc/userinfo{%- raw %}"
-    auth_url = "{% endraw -%}{{ salt.metalk8s_network.get_control_plane_ingress_endpoint() }}/oidc/auth{%- raw %}"
-    client_id = grafana-ui
-    client_secret = 4lqK98NcsWG5qBRHJUqYM1
-    enabled = true
-    role_attribute_path = contains(`{% endraw %}{{ dex.spec.config.staticPasswords | map(attribute='email') | list | tojson }}{% raw %}`, email) && 'Admin'
-    scopes = openid profile email groups
-    tls_skip_verify_insecure = true
-    token_url = "{% endraw -%}{{ salt.metalk8s_network.get_control_plane_ingress_endpoint() }}/oidc/token{%- raw %}"
-    [grafana_net]
-    url = https://grafana.net
-    [log]
-    mode = console
-    [paths]
-    data = /var/lib/grafana/
-    logs = /var/log/grafana
-    plugins = /var/lib/grafana/plugins
-    provisioning = /etc/grafana/provisioning
-    [server]
-    root_url = "{% endraw -%}{{ salt.metalk8s_network.get_control_plane_ingress_endpoint() }}/grafana{%- raw %}"
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: prometheus-operator
-    app.kubernetes.io/managed-by: salt
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/part-of: metalk8s
-    app.kubernetes.io/version: 8.3.4-ubuntu
-    helm.sh/chart: grafana-6.19.0
-    heritage: metalk8s
-  name: prometheus-operator-grafana
-  namespace: metalk8s-monitoring
----
-apiVersion: v1
 data:
   datasource.yaml: |-
     apiVersion: 1

diff --git a/salt/metalk8s/addons/prometheus-operator/deployed/grafana-ini-configmap.sls b/salt/metalk8s/addons/prometheus-operator/deployed/grafana-ini-configmap.sls
@@ -0,0 +1,32 @@
+{%- set grafana_defaults = salt.slsutil.renderer(
+        'salt://metalk8s/addons/prometheus-operator/config/grafana.yaml.j2',
+        saltenv=saltenv
+    )
+%}
+
+{%- set grafana = salt.metalk8s_service_configuration.get_service_conf(
+        'metalk8s-monitoring', 'metalk8s-grafana-config', grafana_defaults
+    )
+%}
+
+Create Grafana INI Configuration ConfigMap:
+  metalk8s_kubernetes.object_present:
+    - manifest:
+        apiVersion: v1
+        kind: ConfigMap
+        metadata:
+          labels:
+            app.kubernetes.io/instance: prometheus-operator
+            app.kubernetes.io/managed-by: salt
+            app.kubernetes.io/name: grafana
+            app.kubernetes.io/part-of: metalk8s
+          name: prometheus-operator-grafana
+          namespace: metalk8s-monitoring
+        data:
+          grafana.ini: |-
+{%- for key, value in grafana.spec.config["grafana.ini"].items() %}
+            [{{ key }}]
+  {%- for element, element_value in value.items() %}
+            {{ element }} = {{ element_value }}
+  {%- endfor %}
+{%- endfor %}
diff --git a/salt/metalk8s/addons/prometheus-operator/deployed/init.sls b/salt/metalk8s/addons/prometheus-operator/deployed/init.sls
@@ -3,6 +3,7 @@ include:
   - .namespace
   - .cleanup
   - .alertmanager-configuration-secret
+  - .grafana-ini-configmap
   - .dashboards
   - .service-configuration
   - .chart