Install Grafana in Workload Clusters Deployed by a Supervisor
This topic explains how to deploy Grafana to Tanzu Kubernetes Grid (TKG) workload clusters deployed to vSphere by a vSphere with Tanzu Supervisor.
Grafana lets you query, visualize, alert on, and explore metrics no matter where they are stored. Grafana provides tools to form graphs and visualizations from application data.
You can install Grafana on a workload cluster in two ways:
Install Grafana Using the Tanzu CLI
Prerequisites
Adhere to the following prerequisites.
- Prepare to Install Tanzu Packages.
- Install Cert Manager Using the Tanzu CLI.
- Install Contour Using the Tanzu CLI.
- Install Prometheus Using the Tanzu CLI.
Reference
Refer to the following topic as needed.
Install Grafana
Complete these steps to install the Grafana package.
-
Create the namespace for Grafana.
kubectl create ns tanzu-system-dashboards -
Get the latest Grafana package version for your repo.
kubectl -n tkg-system get packagesgrafana.tanzu.vmware.com.7.5.16+vmware.1-tkg.1 grafana.tanzu.vmware.com 7.5.16+vmware.1-tkg.1 1h40m15s grafana.tanzu.vmware.com.7.5.16+vmware.1-tkg.2 grafana.tanzu.vmware.com 7.5.16+vmware.1-tkg.2 1h40m15s grafana.tanzu.vmware.com.7.5.17+vmware.1-tkg.1 grafana.tanzu.vmware.com 7.5.17+vmware.1-tkg.1 1h40m15s grafana.tanzu.vmware.com.7.5.17+vmware.2-tkg.1 grafana.tanzu.vmware.com 7.5.17+vmware.2-tkg.1 1h40m15s grafana.tanzu.vmware.com.7.5.7+vmware.1-tkg.1 grafana.tanzu.vmware.com 7.5.7+vmware.1-tkg.1 1h40m15s grafana.tanzu.vmware.com.7.5.7+vmware.2-tkg.1 grafana.tanzu.vmware.com 7.5.7+vmware.2-tkg.1 1h40m15sThe latest Grafana version in the repository is 7.5.17+vmware.2-tkg.1. This is the vesion we install. Adjust the version as necessary to meet your requirements.
-
Create the
grafana-data-values.yamlfile using either of the following options.- Copy the example provided. See Grafana Components, Configuration, Data Values.
-
Or, generate a
grafana-default-values.yamlfile.tanzu package available get grafana.tanzu.vmware.com/7.5.17+vmware.2-tkg.1 --default-values-file-output grafana-data-values.yaml
-
Edit the
grafana-data-values.yamlfile and update the values.If you use a generated data values file, add the
ingress.pvc: storageClassNameand value, which is the name of the vSphere storage class accessible by the TKG cluster, as returned bykubectl get storageclass.To avoid a common error, remove the secret from the data values file and manually create the secret. See Secret not created when installing Grafana from default YAML file in Troubleshooting Workload Cluster Issues.
Here is a minimal
grafana-data-values.yamlwith the storage class field added and the secret removed.grafana: deployment: replicas: 1 updateStrategy: Recreate pvc: accessMode: ReadWriteOnce storage: 2Gi service: port: 80 targetPort: 3000 type: LoadBalancer ingress: enabled: true prefix: / servicePort: 80 virtual_host_fqdn: grafana.system.tanzu pvc: storageClassName: vSphere-storage-profile namespace: grafana -
Install the Grafana package using the Tanzu CLI.
tanzu package install grafana -p grafana.tanzu.vmware.com -v 7.5.17+vmware.2-tkg.1 --values-file grafana-data-values.yaml -n tanzu-system-dashboards -
Verify Grafana installation using the Tanzu CLI.
tanzu package installed list -n tanzu-system-dashboards NAME PACKAGE-NAME PACKAGE-VERSION STATUS grafana grafana.tanzu.vmware.com 7.5.17+vmware.2-tkg.1 Reconcile succeededtanzu package installed get grafana -n tanzu-system-dashboards NAME: grafana PACKAGE-NAME: grafana.tanzu.vmware.com PACKAGE-VERSION: 7.5.17+vmware.2-tkg.1 STATUS: Reconcile succeeded -
Verify Grafana installation using Kubectl.
kubectl -n tanzu-system-dashboards get allkubectl -n tanzu-system-dashboards get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE CAPACITY ACCESS MODES STORAGECLASS AGE grafana-pvc Bound pvc-243405bc-93e3-4570-bfdc-8451cbe503af 2Gi RWO vwt-policy 2m41s
Troubleshoot Grafana Installation
To avoid the error “Secret not created when installing Grafana from default YAML file,” remove the grafana.secret.* from the data values file and manually create the secret as described at the link.
Install Grafana Using Kubectl
Grafana provides you with tools to graph and visualize data. Install the Grafana package to generate and view metrics for TKG clusters.
Requirements
Adhere to the following requirements before you install the Contour package.
- Prepare to Install Tanzu Packages
- Install Cert Manager Using Kubectl
- Install Contour Using Kubectl
- Install Prometheus Using Kubectl
Note: To access the Grafana Dashboard from outside the cluster, deploy Contour with an Envoy service of type LoadBalancer or type NodePort. In addition, install Prometheus.
Reference
Refer to the following topic as needed.
Install Grafana
Install the Grafana package.
-
List the available Grafana versions in the repository.
kubectl get packages -n tkg-systemThe most recent Grafana version is
grafana.tanzu.vmware.com.7.5.17+vmware.2-tkg.1. -
Create the Grafana namespace.
kubectl create ns grafana-dashboard -
Create
grafana-data-values.yaml.Start by copying the contents from
grafana-data-values.yaml. Update values accordingly. See Grafana Components, Configuration, Data Values. -
Create the secret named
grafana-data-valuesusing thegrafana-data-values.yamlfile as input.kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-systemsecret/grafana-data-values created -
Verify the secret.
kubectl get secrets -Akubectl describe secret grafana-data-values -n tkg-system -
Customize
grafana-data-valuesas needed for your environment.Refer to Grafana Components, Configuration, Data Values.
If you update the data values, update the secret with the following command.
kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system -o yaml --dry-run=client | kubectl replace -f-secret/grafana-data-values replaced -
Create the
grafana.yamlspecification.apiVersion: v1 kind: ServiceAccount metadata: name: grafana-sa namespace: tkg-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: grafana-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: grafana-sa namespace: tkg-system --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: grafana namespace: tkg-system spec: serviceAccountName: grafana-sa packageRef: refName: grafana.tanzu.vmware.com versionSelection: constraints: 7.5.17+vmware.2-tkg.1 values: - secretRef: name: grafana-data-values -
Install the Grafana package.
kubectl apply -f grafana.yamlserviceaccount/grafana-sa created clusterrolebinding.rbac.authorization.k8s.io/grafana-role-binding created packageinstall.packaging.carvel.dev/grafana created -
Verify Grafana installation.
kubectl get all -n grafana-dashboard
Access the Grafana Dashboard Using a Contour Envoy Service of Type LoadBalancer
If the prerequisite Contour Envoy service of type LoadBalancer is deployed, and you specified this in the Grafana configuration file, obtain the external IP address of the load balancer and create DNS records for the Grafana FQDN.
-
Get the
External-IPaddress for the Envoy service of type LoadBalancer.kubectl get service envoy -n tanzu-system-ingressYou should see the
External-IPaddress returned, for example:NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE envoy LoadBalancer 10.99.25.220 10.195.141.17 80:30437/TCP,443:30589/TCP 3h27mAlternatively you can get the
External-IPaddress using the following command.kubectl get svc envoy -n tanzu-system-ingress -o jsonpath='{.status.loadBalancer.ingress[0]}' -
To verify the installation of the Grafana extension, update your local
/etc/hostsfile with the Grafana FQDN mapped to theExternal-IPaddress of the load balancer, for example:127.0.0.1 localhost 127.0.1.1 ubuntu #TKG Grafana Extension with Envoy Load Balancer 10.195.141.17 grafana.system.tanzu -
Access the Grafana Dashboard by navigating to
https://grafana.system.tanzu.Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.
-
For production access, create two CNAME records on a DNS server that map the Envoy service Load Balancer
External-IPaddress to the Grafana Dashboard.
Access the Grafana Dashboard Using a Contour Envoy Service of Type NodePort
If the prerequisite Contour Envoy service of type NodePort is deployed, and you specified this in the Grafana configuration file, obtain the virtual machine IP address of a worker node and create DNS records for the Grafana FQDN.
-
Switch context to the vSphere Namespace where the cluster is provisioned.
kubectl config use-context VSPHERE-NAMESPACE -
List the nodes in the cluster.
kubectl get virtualmachines -
Pick one of the worker nodes and describe it using the following command.
kubectl describe virtualmachines tkgs-cluster-X-workers-9twdr-59bc54dc97-kt4cm -
Locate the IP address of the virtual machine, for example
Vm Ip: 10.115.22.43. -
To verify the installation of the Grafana extension, update your local
/etc/hostsfile with the Grafana FQDN mapped to a worker node IP address, for example:127.0.0.1 localhost 127.0.1.1 ubuntu # TKG Grafana with Envoy NodePort 10.115.22.43 grafana.system.tanzu -
Access the Grafana Dashboard by navigating to
https://grafana.system.tanzu.Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.
