Grafana: Update LDAP configuration, update volume mounts
This updates the LDAP configuration for grafana, using a template defined in the values.yaml file. Using the template allows us to dynamically define LDAP configuration values, such as the bind dn, search base and group search base paths, the password, and the LDAP fqdn. This also updates the volume mount for the provisioning directory to be defined by the configuration value in the values.yaml file Change-Id: I1e4866d1189cf40b08b3443dc725646a1b76094c
This commit is contained in:
parent
04f648a3a3
commit
497959371d
grafana
@ -28,7 +28,6 @@ limitations under the License.
|
||||
{{- $path := .Values.endpoints.oslo_db_session.path }}
|
||||
{{- $_ := printf "%s:%s%s(%s)%s" $user $pass "@tcp" $host_port $path | set .Values.conf.grafana.session "provider_config" }}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
@ -42,8 +41,7 @@ data:
|
||||
grafana.ini: |
|
||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.grafana | indent 4 }}
|
||||
{{ if not (empty .Values.conf.ldap) }}
|
||||
ldap.toml: |
|
||||
{{ .Values.conf.ldap | indent 4 }}
|
||||
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ldap.template "key" "ldap.toml") | indent 2 }}
|
||||
{{ end }}
|
||||
{{ range $key, $value := .Values.conf.dashboards }}
|
||||
{{$key}}.json: |
|
||||
|
@ -80,16 +80,16 @@ spec:
|
||||
- name: pod-etc-grafana
|
||||
mountPath: /etc/grafana
|
||||
- name: pod-provisioning-grafana
|
||||
mountPath: /var/lib/grafana/provisioning
|
||||
mountPath: {{ .Values.conf.grafana.paths.provisioning }}
|
||||
- name: grafana-bin
|
||||
mountPath: /tmp/grafana.sh
|
||||
subPath: grafana.sh
|
||||
readOnly: true
|
||||
- name: grafana-etc
|
||||
mountPath: /var/lib/grafana/provisioning/dashboards/dashboards.yaml
|
||||
mountPath: {{ .Values.conf.grafana.paths.provisioning }}/dashboards/dashboards.yaml
|
||||
subPath: dashboards.yaml
|
||||
- name: grafana-etc
|
||||
mountPath: /var/lib/grafana/provisioning/datasources/datasources.yaml
|
||||
mountPath: {{ .Values.conf.grafana.paths.provisioning }}/datasources/datasources.yaml
|
||||
subPath: datasources.yaml
|
||||
- name: grafana-etc
|
||||
mountPath: /etc/grafana/grafana.ini
|
||||
|
@ -207,11 +207,12 @@ endpoints:
|
||||
default: ldap
|
||||
auth:
|
||||
admin:
|
||||
bind_dn: "cn=admin,dc=cluster,dc=local"
|
||||
password: password
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: "/ou=People,dc=cluster,dc=local"
|
||||
default: "ou=People,dc=cluster,dc=local"
|
||||
scheme:
|
||||
default: ldap
|
||||
port:
|
||||
@ -297,35 +298,39 @@ manifests:
|
||||
service_ingress: true
|
||||
|
||||
conf:
|
||||
ldap: |
|
||||
verbose_logging = true
|
||||
|
||||
[[servers]]
|
||||
host = "ldap.openstack.svc.cluster.local"
|
||||
port = 389
|
||||
use_ssl = false
|
||||
start_tls = false
|
||||
ssl_skip_verify = false
|
||||
bind_dn = "cn=admin,dc=cluster,dc=local"
|
||||
bind_password = 'password'
|
||||
search_filter = "(uid=%s)"
|
||||
search_base_dns = ["dc=cluster,dc=local"]
|
||||
group_search_filter = "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))"
|
||||
group_search_base_dns = ["ou=Groups,dc=cluster,dc=local"]
|
||||
|
||||
[servers.attributes]
|
||||
username = "uid"
|
||||
surname = "sn"
|
||||
member_of = "cn"
|
||||
email = "mail"
|
||||
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "cn=admin,dc=cluster,dc=local"
|
||||
org_role = "Admin"
|
||||
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "*"
|
||||
org_role = "Editor"
|
||||
ldap:
|
||||
config:
|
||||
base_dns:
|
||||
search: "dc=cluster,dc=local"
|
||||
group_search: "ou=Groups,dc=cluster,dc=local"
|
||||
filters:
|
||||
search: "(uid=%s)"
|
||||
group_search: "(&(objectclass=posixGroup)(memberUID=uid=%s,ou=People,dc=cluster,dc=local))"
|
||||
template: |
|
||||
verbose_logging = false
|
||||
[[servers]]
|
||||
host = "{{ tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
|
||||
port = {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
use_ssl = false
|
||||
start_tls = false
|
||||
ssl_skip_verify = false
|
||||
bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
|
||||
bind_password = "{{ .Values.endpoints.ldap.auth.admin.password }}"
|
||||
search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
|
||||
search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
|
||||
group_search_filter = "{{ .Values.conf.ldap.config.filters.group_search }}"
|
||||
group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
|
||||
[servers.attributes]
|
||||
username = "uid"
|
||||
surname = "sn"
|
||||
member_of = "cn"
|
||||
email = "mail"
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
|
||||
org_role = "Admin"
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "*"
|
||||
org_role = "Viewer"
|
||||
provisioning:
|
||||
dashboards:
|
||||
apiVersion: 1
|
||||
@ -348,8 +353,6 @@ conf:
|
||||
editable: true
|
||||
url: 'http://prom-metrics.openstack.svc.cluster.local:9090'
|
||||
grafana:
|
||||
auth.basic:
|
||||
enabled: true
|
||||
auth.ldap:
|
||||
enabled: true
|
||||
config_file: /etc/grafana/ldap.toml
|
||||
|
Loading…
x
Reference in New Issue
Block a user