Register the cluster’s Prometheus server with the central Grafana#
Once you have deployed the support chart, you must also register this cluster as a datasource for the central Grafana dashboard. This will allow you to visualize cluster statistics not only from the cluster-specific Grafana deployement but also from the central dashboard, that aggregates data from all the clusters.
Only 2i2c staff and our centralized grafana should be able to access the prometheus data on a cluster from outside the cluster.
The basic auth feature of nginx-ingress is used to restrict this.
support.secret.values.yaml file is used to provide these secret credentials, which we create under the relevant
It requires the following configuration:
prometheusIngressAuthSecret: username: <output of pwgen -s 64 1> password: <output of pwgen -s 64 1>
We use the pwgen program, commonly installed by default in many operating systems, to generate the password.
Once you create the file, encrypt it with
sops --output config/clusters/$CLUSTER_NAME/enc-support.secret.values.yaml --encrypt config/clusters/$CLUSTER_NAME/support.secret.values.yaml
support config in the cluster’s
cluster.yaml file to include the encrypted secret file.
support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml
Then redeploy the
deployer deploy-support $CLUSTER_NAME