Refer to these instructions for installing Grafana on a TKG cluster provisioned with TKr for vSphere 7.x.

Prerequisites

See Workflow for Installing Standard Packages on TKr for vSphere 7.x.

Install Grafana

Install Grafana.
  1. List the available Grafana versions in the repository.
    kubectl get packages -n tkg-system | grep grafana
  2. Create the Grafana namespace.
    kubectl create ns tanzu-system-dashboards
  3. Create PSA label for the namespace.
    kubectl label namespace tanzu-system-dashboards pod-security.kubernetes.io/enforce=privileged
  4. Alternatively, declaratively create the Grafana namespace and label using the file ns-grafana-dashboard.yaml.
    apiVersion: 
    v1kind: Namespace
    metadata:  
      name: grafana-dashboard
    ---
    apiVersion: v1
    kind: Namespace
    metadata:  
      name: tanzu-system-dashboards  
      labels:
        pod-security.kubernetes.io/enforce: privileged
  5. Create grafana-data-values.yaml.

    See Grafana Package Reference.

  6. Create a secret using the grafana-data-values.yaml file as input.
    kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system
    secret/grafana-data-values created
  7. Verify the secret.
    kubectl get secrets -A
    kubectl describe secret grafana-data-values -n tkg-system
  8. If necessary, customize grafana-data-values for your environment.

    Refer to Grafana Package Reference.

    If you update the data values, update the secret with the following command.
    kubectl create secret generic grafana-data-values --from-file=values.yaml=grafana-data-values.yaml -n tkg-system -o yaml --dry-run=client | kubectl replace -f-
    secret/grafana-data-values replaced
  9. Create the grafana.yaml specification.

    See Install Grafana on TKr for vSphere 7.x.

  10. Install Grafana.
    kubectl apply -f grafana.yaml
    serviceaccount/grafana-sa created
    clusterrolebinding.rbac.authorization.k8s.io/grafana-role-binding created
    packageinstall.packaging.carvel.dev/grafana created
  11. Verify the installation of the Grafana package.
    kubectl get pkgi -A | grep grafana
  12. Verify Grafana objects.
    kubectl get all -n tanzu-system-dashboards

Access the Grafana Dashboard Using Envoy LoadBalancer

If the prerequisite Contour Envoy service of type LoadBalancer is deployed, and you specified this in the Grafana configuration file, obtain the external IP address of the load balancer and create DNS records for the Grafana FQDN.
  1. Get the External-IP address for the Envoy service of type LoadBalancer.
    kubectl get service envoy -n tanzu-system-ingress
    You should see the External-IP address returned, for example:
    NAME    TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)                      AGE
    envoy   LoadBalancer   10.99.25.220   10.195.141.17   80:30437/TCP,443:30589/TCP   3h27m
    Alternatively you can get the External-IP address using the following command.
    kubectl get svc envoy -n tanzu-system-ingress -o jsonpath='{.status.loadBalancer.ingress[0]}'
  2. To verify the installation of the Grafana extension, update your local /etc/hosts file with the Grafana FQDN mapped to the External-IP address of the load balancer, for example:
    127.0.0.1 localhost
    127.0.1.1 ubuntu
    #TKG Grafana Extension with Envoy Load Balancer
    10.195.141.17 grafana.system.tanzu
    
  3. Access the Grafana Dashboard by navigating to https://grafana.system.tanzu.

    Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.

  4. For production access, create two CNAME records on a DNS server that map the Envoy service Load Balancer External-IP address to the Grafana Dashboard.

Access the Grafana Dashboard Using Envoy NodePort

If the prerequisite Contour Envoy service of type NodePort is deployed, and you specified this in the Grafana configuration file, obtain the virtual machine IP address of a worker node and create DNS records for the Grafana FQDN.
  1. Switch context to the vSphere Namespace where the cluster is provisioned.
    kubectl config use-context VSPHERE-NAMESPACE
  2. List the nodes in the cluster.
    kubectl get virtualmachines
  3. Pick one of the worker nodes and describe it using the following command.
    kubectl describe virtualmachines tkgs-cluster-X-workers-9twdr-59bc54dc97-kt4cm
  4. Locate the IP address of the virtual machine, for example Vm Ip: 10.115.22.43.
  5. To verify the installation of the Grafana extension, update your local /etc/hosts file with the Grafana FQDN mapped to a worker node IP address, for example:
    127.0.0.1 localhost
    127.0.1.1 ubuntu
    # TKG Grafana with Envoy NodePort
    10.115.22.43 grafana.system.tanzu
    
  6. Access the Grafana Dashboard by navigating to https://grafana.system.tanzu.

    Because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.

grafana-data-values.yaml

Refer to the following example grafana-data-values.yaml file.
namespace: tanzu-system-dashboards
grafana:
  pspNames: "vmware-system-restricted"
  deployment:
    replicas: 1
    updateStrategy: Recreate
  pvc:
    accessMode: ReadWriteOnce
    storage: 2Gi
    storageClassName: wcpglobalstorageprofile
  secret:
    admin_user: YWRtaW4=
    admin_password: YWRtaW4=
    type: Opaque
  service:
    port: 80
    targetPort: 3000
    type: LoadBalancer
ingress:
  enabled: true
  prefix: /
  servicePort: 80
  virtual_host_fqdn: grafana.system.tanzu

grafana.yaml

Refer to the following example grafana.yaml specification. Update the package version as needed.
apiVersion: v1
kind: ServiceAccount
metadata:
  name: grafana-sa
  namespace: tkg-system
  annotations:
    pod-security.kubernetes.io/enforce: "privileged"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: grafana-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: grafana-sa
    namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  name: grafana
  namespace: tkg-system
spec:
  serviceAccountName: grafana-sa
  packageRef:
    refName: grafana.tanzu.vmware.com
    versionSelection:
      constraints: 10.0.1+vmware.1-tkg.2 #PKG-VERSION
  values:
  - secretRef:
      name: grafana-data-values