grafana: Configure Loki datastore
Usually, Grafana datastores are configured using its web GUI. When setting up a datastore that requires TLS client authentication, the client certificate and private key have to be pasted into the form. For certificates that renew frequently, this method would require a frequent manual effort. Fortunately, Grafana supports defining datastores via its "provisioning" mechanism, reading the configuration from YAML files on the filesystem.
This commit is contained in:
@@ -16,9 +16,41 @@ resources:
|
||||
- grafana.yaml
|
||||
- ingress.yaml
|
||||
- secrets.yaml
|
||||
- loki-cert.yaml
|
||||
- ../dch-root-ca
|
||||
|
||||
configMapGenerator:
|
||||
- name: grafana
|
||||
files:
|
||||
- grafana.ini
|
||||
- ldap.toml
|
||||
|
||||
- name: datasources
|
||||
files:
|
||||
- datasources/loki.yml
|
||||
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: grafana
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: grafana
|
||||
volumeMounts:
|
||||
- mountPath: /run/dch-ca
|
||||
name: dch-ca
|
||||
readOnly: true
|
||||
- mountPath: /run/secrets/du5t1n.me/loki
|
||||
name: loki-client-cert
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: dch-ca
|
||||
configMap:
|
||||
name: dch-root-ca
|
||||
- name: loki-client-cert
|
||||
secret:
|
||||
secretName: loki-client-cert
|
||||
|
||||
Reference in New Issue
Block a user