grafana: Deploy Grafana
Now that Victoria Metrics is hosted in Kubernetes, it only makes sense to host Grafana there as well. I chose to use a single-instance deployment for simplicity; I don't really need high availability for Grafana. Its configuration does not change enough to worry about the downtime associated with restarting it. Migrating the existing data from SQLite to PostgreSQL, while possible, is just not worth the hassle.
This commit is contained in:
55
grafana/ldap.toml
Normal file
55
grafana/ldap.toml
Normal file
@@ -0,0 +1,55 @@
|
||||
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
|
||||
# [log]
|
||||
# filters = ldap:debug
|
||||
|
||||
[[servers]]
|
||||
# Ldap server host (specify multiple hosts space separated)
|
||||
host = "pyrocufflink.blue"
|
||||
# Default port is 389 or 636 if use_ssl = true
|
||||
port = 389
|
||||
# Set to true if ldap server supports TLS
|
||||
use_ssl = true
|
||||
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
|
||||
start_tls = true
|
||||
# set to true if you want to skip ssl cert validation
|
||||
ssl_skip_verify = false
|
||||
# set to the path to your root CA certificate or leave unset to use system defaults
|
||||
# root_ca_cert = "/path/to/certificate.crt"
|
||||
# Authentication against LDAP servers requiring client certificates
|
||||
# client_cert = "/path/to/client.crt"
|
||||
# client_key = "/path/to/client.key"
|
||||
|
||||
# Search user bind dn
|
||||
bind_dn = "CN=svc.grafana,CN=Users,DC=pyrocufflink,DC=blue"
|
||||
# Search user bind password
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
bind_password = '$__file{/run/secrets/grafana/ldap.password}'
|
||||
|
||||
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||
search_filter = "(sAMAccountName=%s)"
|
||||
|
||||
# An array of base dns to search through
|
||||
search_base_dns = ["DC=pyrocufflink,DC=blue"]
|
||||
|
||||
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
|
||||
## Please check grafana LDAP docs for examples
|
||||
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
|
||||
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
|
||||
# group_search_filter_user_attribute = "uid"
|
||||
|
||||
# Specify names of the ldap attributes your ldap uses
|
||||
[servers.attributes]
|
||||
name = "givenName"
|
||||
surname = "sn"
|
||||
username = "sAMAccountName"
|
||||
member_of = "memberOf"
|
||||
email = "mail"
|
||||
|
||||
# Map ldap groups to grafana org roles
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "CN=Grafana Admins,CN=Users,DC=pyrocufflink,DC=blue"
|
||||
org_role = "Admin"
|
||||
grafana_admin = true
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "*"
|
||||
org_role = "Viewer"
|
||||
Reference in New Issue
Block a user