Grafana: Update LDAP configuration, update volume mounts

This updates the LDAP configuration for grafana, using a template
defined in the values.yaml file. Using the template allows us to
dynamically define LDAP configuration values, such as the bind dn,
search base and group search base paths, the password, and the
LDAP fqdn.  This also updates the volume mount for the
provisioning directory to be defined by the configuration value in
the values.yaml file

Change-Id: I1e4866d1189cf40b08b3443dc725646a1b76094c
This commit is contained in:
Steve Wilkerson 2018-06-21 15:13:38 -05:00
parent 04f648a3a3
commit 497959371d
3 changed files with 39 additions and 38 deletions

@ -28,7 +28,6 @@ limitations under the License.
{{- $path := .Values.endpoints.oslo_db_session.path }}
{{- $_ := printf "%s:%s%s(%s)%s" $user $pass "@tcp" $host_port $path | set .Values.conf.grafana.session "provider_config" }}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
@ -42,8 +41,7 @@ data:
grafana.ini: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.grafana | indent 4 }}
{{ if not (empty .Values.conf.ldap) }}
ldap.toml: |
{{ .Values.conf.ldap | indent 4 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ldap.template "key" "ldap.toml") | indent 2 }}
{{ end }}
{{ range $key, $value := .Values.conf.dashboards }}
{{$key}}.json: |

@ -80,16 +80,16 @@ spec:
- name: pod-etc-grafana
mountPath: /etc/grafana
- name: pod-provisioning-grafana
mountPath: /var/lib/grafana/provisioning
mountPath: {{ .Values.conf.grafana.paths.provisioning }}
- name: grafana-bin
mountPath: /tmp/grafana.sh
subPath: grafana.sh
readOnly: true
- name: grafana-etc
mountPath: /var/lib/grafana/provisioning/dashboards/dashboards.yaml
mountPath: {{ .Values.conf.grafana.paths.provisioning }}/dashboards/dashboards.yaml
subPath: dashboards.yaml
- name: grafana-etc
mountPath: /var/lib/grafana/provisioning/datasources/datasources.yaml
mountPath: {{ .Values.conf.grafana.paths.provisioning }}/datasources/datasources.yaml
subPath: datasources.yaml
- name: grafana-etc
mountPath: /etc/grafana/grafana.ini

@ -207,11 +207,12 @@ endpoints:
default: ldap
auth:
admin:
bind_dn: "cn=admin,dc=cluster,dc=local"
password: password
host_fqdn_override:
default: null
path:
default: "/ou=People,dc=cluster,dc=local"
default: "ou=People,dc=cluster,dc=local"
scheme:
default: ldap
port:
@ -297,35 +298,39 @@ manifests:
service_ingress: true
conf:
ldap: |
verbose_logging = true
[[servers]]
host = "ldap.openstack.svc.cluster.local"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=cluster,dc=local"
bind_password = 'password'
search_filter = "(uid=%s)"
search_base_dns = ["dc=cluster,dc=local"]
group_search_filter = "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))"
group_search_base_dns = ["ou=Groups,dc=cluster,dc=local"]
[servers.attributes]
username = "uid"
surname = "sn"
member_of = "cn"
email = "mail"
[[servers.group_mappings]]
group_dn = "cn=admin,dc=cluster,dc=local"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Editor"
ldap:
config:
base_dns:
search: "dc=cluster,dc=local"
group_search: "ou=Groups,dc=cluster,dc=local"
filters:
search: "(uid=%s)"
group_search: "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))"
template: |
verbose_logging = false
[[servers]]
host = "{{ tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
port = {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
bind_password = "{{ .Values.endpoints.ldap.auth.admin.password }}"
search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
group_search_filter = "{{ .Values.conf.ldap.config.filters.group_search }}"
group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
[servers.attributes]
username = "uid"
surname = "sn"
member_of = "cn"
email = "mail"
[[servers.group_mappings]]
group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
provisioning:
dashboards:
apiVersion: 1
@ -348,8 +353,6 @@ conf:
editable: true
url: 'http://prom-metrics.openstack.svc.cluster.local:9090'
grafana:
auth.basic:
enabled: true
auth.ldap:
enabled: true
config_file: /etc/grafana/ldap.toml