Datasources
Datasources is a basic part of grafana and of course you can manage your datasources through the grafana operator.
To view all configuration you can do within Datasources look at our API documentation .
Secret management
In case a datasource requires authentication, it is advised not to include credentials directly in url. Instead, it’s better to rely on value substitution like in the example below.
kind: Secret
apiVersion: v1
metadata:
name: credentials
namespace: grafana
stringData:
PROMETHEUS_USERNAME: root
PROMETHEUS_PASSWORD: secret
type: Opaque
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
name: grafanadatasource-sample
spec:
valuesFrom:
- targetPath: "basicAuthUser"
valueFrom:
secretKeyRef:
name: "credentials"
key: "PROMETHEUS_USERNAME"
- targetPath: "secureJsonData.basicAuthPassword"
valueFrom:
secretKeyRef:
name: "credentials"
key: "PROMETHEUS_PASSWORD"
instanceSelector:
matchLabels:
dashboards: "grafana"
datasource:
name: prometheus
type: prometheus
access: proxy
basicAuth: true
url: http://prometheus-service:9090
isDefault: true
basicAuthUser: ${PROMETHEUS_USERNAME}
jsonData:
"tlsSkipVerify": true
"timeInterval": "5s"
secureJsonData:
"basicAuthPassword": ${PROMETHEUS_PASSWORD} # Notice the braces around PROMETHEUS_PASSWORD
Note
The secret must exist in the same namespace as the datasource.Here you can find a bigger example on how to use datasources with environment variables.
Plugins
Plugins is a way to extend the grafana functionality in dashboards and datasources.
Plugins can be installed to grafana instances managed by the operator and be defined in both datasources and dashboards.
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
name: example-grafanadatasource
spec:
datasource:
access: proxy
type: prometheus
jsonData:
timeInterval: 5s
tlsSkipVerify: true
name: Prometheus
url: http://prometheus-service:9090
instanceSelector:
matchLabels:
dashboards: grafana
plugins:
- name: grafana-clock-panel
version: 1.3.0
Note
To make grafana install a plugin, the operator bootstraps a grafana instance with a custom value passed inGF_INSTALL_PLUGINS environment variable (Install plugins in the Docker container
). Thus, there is no way for the operator to install a plugin in an external grafana instance.Look here for more examples on how to install plugins
Private data source connect (PDC)
Private data source connect , or PDC, is a way for you to establish a private, secured connection between a Grafana Cloud instance, or stack, and data sources secured within a private network.
To enable PDC on data sources configured through the Grafana operator, set the enableSecureSocksProxy and secureSocksProxyUsername fields in the jsonData field of the resource like this:
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
name: grafanadatasource-sample
spec:
instanceSelector:
matchLabels:
instance: grafanacloud-instance
datasource:
name: prometheus-pdc-operator
type: prometheus
access: proxy
url: http://localhost:9090
jsonData:
"enableSecureSocksProxy": true
"secureSocksProxyUsername": "<your-pdc-network-id>"
To find the PDC network ID, go to the Connections / Private data source connect page in your Grafana Cloud instance and select the network you want to connect to.