added certs and key for grafana (OCP-on-NERC#345)

Signed-off-by: Jeet Basu <[email protected]>

Corrected the secrets variables

grafana/overlays/nerc-ocp-infra/externalsecrets/oauth-client-secret.yaml

@@ -14,3 +14,18 @@ spec:
     remoteRef:
       key: nerc/nerc-ocp-infra/dex/dex-clients
       property: GRAFANA_SECRET
+
+  - secretKey: GF_AUTH_GENERIC_TLSCACERT
+    remoteRef:
+      key: nerc/nerc-ocp-infra/dex/grafanas
+      property: GF_TLSCACERT
+
+  - secretKey: GF_AUTH_GENERIC_TLSCLIENTCERT
+    remoteRef:
+      key: nerc/nerc-ocp-infra/dex/grafanas
+      property: GF_TLSCLIENTCERT
+
+  - secretKey: GF_AUTH_GENERIC_TLSCLIENTKEY
+    remoteRef:
+      key: nerc/nerc-ocp-infra/dex/grafanas
+      property: GF_TLSCLIENTKEY

grafana/overlays/nerc-ocp-infra/grafanadatasources/observability-metrics.yaml

@@ -3,6 +3,8 @@ kind: GrafanaDataSource
 metadata:
   name: observability-metrics
   namespace: grafana
+  labels:
+    app.kubernetes.io/instance: grafana-infra
 spec:
   name: observability-metrics
   datasources:
@@ -13,9 +15,12 @@ spec:
       jsonData:
         httpHeaderName1: Authorization
         timeInterval: 5s
+        tlsAuth: true
         tlsAuthWithCACert: true
       secureJsonData:
         httpHeaderValue1: "Bearer ${token}"
-        tlsCACert: "${service-ca.crt}"
+        tlsCACert: "${GF_AUTH_GENERIC_TLSCACERT}"
+        tlsClientCert: "${GF_AUTH_GENERIC_TLSCLIENTCERT}"
+        tlsClientKey: "${GF_AUTH_GENERIC_TLSCLIENTKEY}"
       type: prometheus
-      url: 'http://observability-thanos-query.open-cluster-management-observability.svc.cluster.local:9090/'
+      url: 'https://observatorium-api-open-cluster-management-observability.apps.nerc-ocp-infra.rc.fas.harvard.edu/api/metrics/v1/default'