Refer to these instructions for installing Grafana on a TKG cluster provisioned with TKr for vSphere 7.x.
Prerequisites
See Workflow for Installing Standard Packages on TKr for vSphere 7.x.
Install Grafana
Install Grafana.
- List the available Grafana versions in the repository.
kubectl get packages -n tkg-system | grep grafana
- Create the Grafana namespace.
kubectl create ns tanzu-system-dashboards
- Create PSA label for the namespace.
kubectl label namespace tanzu-system-dashboards pod-security.kubernetes.io/enforce=privileged
- Alternatively, declaratively create the Grafana namespace and label using the file
ns-grafana-dashboard.yaml
.apiVersion: v1kind: Namespace metadata: name: grafana-dashboard --- apiVersion: v1 kind: Namespace metadata: name: tanzu-system-dashboards labels: pod-security.kubernetes.io/enforce: privileged
- Create
grafana-data-values.yaml
. - Create a secret using the
grafana-data-values.yaml
file as input.kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system
secret/grafana-data-values created
- Verify the secret.
kubectl get secrets -A
kubectl describe secret grafana-data-values -n tkg-system
- If necessary, customize
grafana-data-values
for your environment.Refer to Grafana Package Reference.
If you update the data values, update the secret with the following command.kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system -o yaml --dry-run=client | kubectl replace -f-
secret/grafana-data-values replaced
- Create the
grafana.yaml
specification. - Install Grafana.
kubectl apply -f grafana.yaml
serviceaccount/grafana-sa created clusterrolebinding.rbac.authorization.k8s.io/grafana-role-binding created packageinstall.packaging.carvel.dev/grafana created
- Verify the installation of the Grafana package.
kubectl get pkgi -A | grep grafana
- Verify Grafana objects.
kubectl get all -n tanzu-system-dashboards
Access the Grafana Dashboard Using Envoy LoadBalancer
If the prerequisite Contour Envoy service of type LoadBalancer is deployed, and you specified this in the Grafana configuration file, obtain the external IP address of the load balancer and create DNS records for the Grafana FQDN.
- Get the
External-IP
address for the Envoy service of type LoadBalancer.kubectl get service envoy -n tanzu-system-ingress
You should see theExternal-IP
address returned, for example:NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE envoy LoadBalancer 10.99.25.220 10.195.141.17 80:30437/TCP,443:30589/TCP 3h27m
Alternatively you can get theExternal-IP
address using the following command.kubectl get svc envoy -n tanzu-system-ingress -o jsonpath='{.status.loadBalancer.ingress[0]}'
- To verify the installation of the Grafana extension, update your local
/etc/hosts
file with the Grafana FQDN mapped to theExternal-IP
address of the load balancer, for example:127.0.0.1 localhost 127.0.1.1 ubuntu #TKG Grafana Extension with Envoy Load Balancer 10.195.141.17 grafana.system.tanzu
- Access the Grafana Dashboard by navigating to
https://grafana.system.tanzu
.Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.
- For production access, create two CNAME records on a DNS server that map the Envoy service Load Balancer
External-IP
address to the Grafana Dashboard.
Access the Grafana Dashboard Using Envoy NodePort
If the prerequisite Contour Envoy service of type NodePort is deployed, and you specified this in the Grafana configuration file, obtain the virtual machine IP address of a worker node and create DNS records for the Grafana FQDN.
- Switch context to the vSphere Namespace where the cluster is provisioned.
kubectl config use-context VSPHERE-NAMESPACE
- List the nodes in the cluster.
kubectl get virtualmachines
- Pick one of the worker nodes and describe it using the following command.
kubectl describe virtualmachines tkgs-cluster-X-workers-9twdr-59bc54dc97-kt4cm
- Locate the IP address of the virtual machine, for example
Vm Ip: 10.115.22.43
. - To verify the installation of the Grafana extension, update your local
/etc/hosts
file with the Grafana FQDN mapped to a worker node IP address, for example:127.0.0.1 localhost 127.0.1.1 ubuntu # TKG Grafana with Envoy NodePort 10.115.22.43 grafana.system.tanzu
- Access the Grafana Dashboard by navigating to
https://grafana.system.tanzu
.Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.
grafana-data-values.yaml
Refer to the following example
grafana-data-values.yaml
file.
namespace: tanzu-system-dashboards grafana: pspNames: "vmware-system-restricted" deployment: replicas: 1 updateStrategy: Recreate pvc: accessMode: ReadWriteOnce storage: 2Gi storageClassName: wcpglobalstorageprofile secret: admin_user: YWRtaW4= admin_password: YWRtaW4= type: Opaque service: port: 80 targetPort: 3000 type: LoadBalancer ingress: enabled: true prefix: / servicePort: 80 virtual_host_fqdn: grafana.system.tanzu
grafana.yaml
Refer to the following example
grafana.yaml
specification. Update the package version as needed.
apiVersion: v1 kind: ServiceAccount metadata: name: grafana-sa namespace: tkg-system annotations: pod-security.kubernetes.io/enforce: "privileged" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: grafana-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: grafana-sa namespace: tkg-system --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: grafana namespace: tkg-system spec: serviceAccountName: grafana-sa packageRef: refName: grafana.tanzu.vmware.com versionSelection: constraints: 10.0.1+vmware.1-tkg.2 #PKG-VERSION values: - secretRef: name: grafana-data-values