Refer to these instructions for installing Grafana on a TKG cluster provisioned with TKr for vSphere 7.x.
Prerequisites
See Workflow for Installing Standard Packages on TKr for vSphere 7.x.
Install Grafana
Install Grafana.
- List the available Grafana versions in the repository.
kubectl get packages -n tkg-system | grep grafana
- Create the Grafana namespace.
kubectl create ns tanzu-system-dashboards
- Create PSA label for the namespace.
kubectl label namespace tanzu-system-dashboards pod-security.kubernetes.io/enforce=privileged
- Alternatively, declaratively create the Grafana namespace and label using the file
ns-grafana-dashboard.yaml.apiVersion: v1kind: Namespace metadata: name: grafana-dashboard --- apiVersion: v1 kind: Namespace metadata: name: tanzu-system-dashboards labels: pod-security.kubernetes.io/enforce: privileged - Create
grafana-data-values.yaml. - Create a secret using the
grafana-data-values.yamlfile as input.kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system
secret/grafana-data-values created
- Verify the secret.
kubectl get secrets -A
kubectl describe secret grafana-data-values -n tkg-system
- If necessary, customize
grafana-data-valuesfor your environment.Refer to Grafana Package Reference.
If you update the data values, update the secret with the following command.kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system -o yaml --dry-run=client | kubectl replace -f-
secret/grafana-data-values replaced
- Create the
grafana.yamlspecification. - Install Grafana.
kubectl apply -f grafana.yaml
serviceaccount/grafana-sa created clusterrolebinding.rbac.authorization.k8s.io/grafana-role-binding created packageinstall.packaging.carvel.dev/grafana created
- Verify the installation of the Grafana package.
kubectl get pkgi -A | grep grafana
- Verify Grafana objects.
kubectl get all -n tanzu-system-dashboards
Access the Grafana Dashboard Using Envoy LoadBalancer
If the prerequisite Contour Envoy service of type LoadBalancer is deployed, and you specified this in the Grafana configuration file, obtain the external IP address of the load balancer and create DNS records for the Grafana FQDN.
- Get the
External-IPaddress for the Envoy service of type LoadBalancer.kubectl get service envoy -n tanzu-system-ingress
You should see theExternal-IPaddress returned, for example:NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE envoy LoadBalancer 10.99.25.220 10.195.141.17 80:30437/TCP,443:30589/TCP 3h27m
Alternatively you can get theExternal-IPaddress using the following command.kubectl get svc envoy -n tanzu-system-ingress -o jsonpath='{.status.loadBalancer.ingress[0]}' - To verify the installation of the Grafana extension, update your local
/etc/hostsfile with the Grafana FQDN mapped to theExternal-IPaddress of the load balancer, for example:127.0.0.1 localhost 127.0.1.1 ubuntu #TKG Grafana Extension with Envoy Load Balancer 10.195.141.17 grafana.system.tanzu
- Access the Grafana Dashboard by navigating to
https://grafana.system.tanzu.Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.
- For production access, create two CNAME records on a DNS server that map the Envoy service Load Balancer
External-IPaddress to the Grafana Dashboard.
Access the Grafana Dashboard Using Envoy NodePort
If the prerequisite Contour Envoy service of type NodePort is deployed, and you specified this in the Grafana configuration file, obtain the virtual machine IP address of a worker node and create DNS records for the Grafana FQDN.
- Switch context to the vSphere Namespace where the cluster is provisioned.
kubectl config use-context VSPHERE-NAMESPACE
- List the nodes in the cluster.
kubectl get virtualmachines
- Pick one of the worker nodes and describe it using the following command.
kubectl describe virtualmachines tkgs-cluster-X-workers-9twdr-59bc54dc97-kt4cm
- Locate the IP address of the virtual machine, for example
Vm Ip: 10.115.22.43. - To verify the installation of the Grafana extension, update your local
/etc/hostsfile with the Grafana FQDN mapped to a worker node IP address, for example:127.0.0.1 localhost 127.0.1.1 ubuntu # TKG Grafana with Envoy NodePort 10.115.22.43 grafana.system.tanzu
- Access the Grafana Dashboard by navigating to
https://grafana.system.tanzu.Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.
grafana-data-values.yaml
Refer to the following example
grafana-data-values.yaml file.
namespace: tanzu-system-dashboards
grafana:
pspNames: "vmware-system-restricted"
deployment:
replicas: 1
updateStrategy: Recreate
pvc:
accessMode: ReadWriteOnce
storage: 2Gi
storageClassName: wcpglobalstorageprofile
secret:
admin_user: YWRtaW4=
admin_password: YWRtaW4=
type: Opaque
service:
port: 80
targetPort: 3000
type: LoadBalancer
ingress:
enabled: true
prefix: /
servicePort: 80
virtual_host_fqdn: grafana.system.tanzu
grafana.yaml
Refer to the following example
grafana.yaml specification. Update the package version as needed.
apiVersion: v1
kind: ServiceAccount
metadata:
name: grafana-sa
namespace: tkg-system
annotations:
pod-security.kubernetes.io/enforce: "privileged"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: grafana-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: grafana-sa
namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: grafana
namespace: tkg-system
spec:
serviceAccountName: grafana-sa
packageRef:
refName: grafana.tanzu.vmware.com
versionSelection:
constraints: 10.0.1+vmware.1-tkg.2 #PKG-VERSION
values:
- secretRef:
name: grafana-data-values
