Grafana
The grafana Custom Resource Definition (CRD) exist to manage one or multiple managed and external grafana instances.
Grafana config
In version 4 of the operator, we defined all the configuration values that could be done in the CRD.
In version 5, we no longer do that. Instead, we offer grafana.config
field where you can pass any grafana configuration values you want.
The operator does not make any extra validation of your configuration, so just like a non-operator deployment of Grafana, your Grafana instance might be broken due to a configuration error.
To find all possible configuration options, look at the official documentation.
Where should the operator look for Grafana resources?
The operator needs extensive access to be able to manage Grafana instances. Depending on your needs, you might want to restrict the operator to specific namespaces.
To support that, we offer 4 operational modes (you can switch between those through WATCH_NAMESPACE
environment variable):
- cluster-wide (
WATCH_NAMESPACE: ""
); - multiple namespaces (
WATCH_NAMESPACE: "grafana, foo"
):- Cluster-wide permissions are still required;
- single namespace (
WATCH_NAMESPACE: "grafana"
):- With this mode, it’s possible to use
Role
+RoleBinding
to grant the operator the required access.
- With this mode, it’s possible to use
- mutliple namespaces using label selector (
WATCH_NAMESPACE_SELECTOR: "environment: dev"
):- With this mode, it is possible detect and load all namespaces that match the label selector automatically. New namespaces won’t be automatically included until the Grafana operator is restarted.
- Cluster-wide permissions are still required;
External Grafana instances
The operator is able to work with external Grafana instances (pretty much any SaaS offering) with a few limitations in mind:
grafana.spec.config
has no effect as the operator cannot mount a customgrafana.ini
file into the instance;- not possible to install plugins as the operator cannot overwrite
GF_INSTALL_PLUGINS
environment variable of the instance.
The grafana.spec.external
allows you to set a URL and provide credentials for external Grafana. Example:
---
kind: Secret
apiVersion: v1
metadata:
name: grafana-admin-credentials
stringData:
GF_SECURITY_ADMIN_USER: root # Username
GF_SECURITY_ADMIN_PASSWORD: secret # Password
type: Opaque
---
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
name: external-grafana
labels:
dashboards: "external-grafana"
spec:
external:
url: http://test.io # Grafana URL
adminPassword:
name: grafana-admin-credentials
key: GF_SECURITY_ADMIN_PASSWORD
adminUser:
name: grafana-admin-credentials
key: GF_SECURITY_ADMIN_USER
A more comprehensive example can be found here.
Organizations
For grafana-operator v4, there have been multiple requests around adding support for Grafana organizations. There have been much design work around how it could be done, but no one have managed to come up with a good design that would be simple-to-use for end users and be easy-to-manage code-wise from maintainer’s perspective.
Since version 5 now supports multiple Grafana instances, we are taking the same stance as Grafana Cloud does meaning we will not support organizations in the operator.
Instead we suggest that you use multiple grafana instances together with good CI/CD solutions to manage your dashboards, datasources, etc.