Enable GitHub authentication for Grafana#
We can enable GitHub authentication against a Grafana instance in order to allow access to the dashboards for hub administrators as well as 2i2c engineers.
To enable logging into Grafana using GitHub, follow these steps:
Create a GitHub OAuth application following Grafana’s documentation.
Create a new app inside the
When naming the application, please follow the convention
<cluster_name>-grafanafor consistency, e.g.
2i2c-grafanais the OAuth app for the Grafana running in the 2i2c cluster
The Homepage URL should match that in the
grafana.ingress.hostsfield of the appropriate cluster
support.values.yamlfile in the
infrastructurerepo. For example,
The authorisation callback URL is the homepage url appended with
/login/github. For example,
Once you have created the OAuth app, create a new client ID, generate a client secret and then hold on to these values for a future step
enc-support.secret.values.yamlfile in the chosen cluster directory and add the credentials created in step one:
grafana: grafana.ini: auth.github: client_id: <client-id> client_secret: <client-secret>
support.values.yamlfile in your chosen cluster directory and add the Grafana GitHub auth config, allowing the specific GitHub organization you wish to allow login.
grafana: grafana.ini: server: # root_url should point to the domain we redirect to if we have multiple # domain names configured and redirects from one to another # # FIXME: root_url is also required to be the same as the # grafana.ingress.hosts config specifically until # https://github.com/2i2c-org/infrastructure/issues/2533 is # resolved. # root_url: https://<grafana.ingress.hosts>/ auth.github: enabled: true # allowed_organizations should be a space separated list allowed_organizations: 2i2c-org
Checkout the Grafana documentation for more info about authorizing users using other types of membership than GitHub organizations.