Grafana
- By Canonical Observability
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 82 | 11 Sep 2023 | |
| latest/candidate | 92 | 11 Sep 2023 | |
| latest/beta | 92 | 11 Sep 2023 | |
| latest/edge | 92 | 08 Sep 2023 | |
| 1.0/stable | 82 | 11 Sep 2023 | |
| 1.0/candidate | 92 | 11 Sep 2023 | |
| 1.0/beta | 92 | 11 Sep 2023 | |
| 1.0/edge | 92 | 11 Sep 2023 |
juju deploy grafana-k8s
You will need Juju 2.9 to be able to run this command. Learn how to upgrade to Juju 2.9.
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Enable TLS
There are two alternative approaches to enabling TLS: TLS termination and end-to-end TLS.
For testing purposes, you could use the self-signed-certificates operator as a stand-in for a local/external ca.
TLS termination
You can deploy grafana together with traefik, and enable TLS in traefik rather than in grafana. This way, when grafana is reached via the ingress URL, communication is TLS-encrypted to traefik, and the communication between traefik and grafana is plain HTTP. Moreover, in-cluster communication with related charms would also be unencrypted.
graph LR
external-ca ---|tls-certificates| traefik
subgraph your-model
traefik ---|ingress| grafana
end
Deploy the following bundle:
bundle: kubernetes
applications:
ca:
charm: self-signed-certificates
channel: edge
scale: 1
grafana:
charm: grafana-k8s
channel: edge
series: focal
scale: 1
trust: true
traefik:
charm: traefik-k8s
channel: edge
series: focal
scale: 1
trust: true
relations:
- - ca:certificates
- traefik:certificates
- - grafana:ingress
- traefik:traefik-route
- - traefik:grafana-dashboard
- grafana:grafana-dashboard
End-to-end TLS
By relating grafana to a certificates provider, this operator ensures all communications are behind TLS: both in-cluster and via ingress.
graph LR
external-ca ---|tls-certificates| traefik
subgraph your-model
traefik ---|ingress| grafana
grafana ---|tls-certificates| local-ca
traefik ---|send-ca-cert| local-ca
end
Deploy the following bundle:
bundle: kubernetes
applications:
ca:
charm: self-signed-certificates
channel: edge
scale: 1
external-ca:
charm: self-signed-certificates
channel: edge
scale: 1
grafana:
charm: grafana-k8s
channel: edge
series: focal
scale: 1
trust: true
traefik:
charm: traefik-k8s
channel: edge
series: focal
scale: 1
trust: true
relations:
- - traefik:traefik-route
- grafana:ingress
- - ca:send-ca-cert
- traefik:receive-ca-cert
- - ca:certificates
- grafana:certificates
- - traefik:certificates
- external-ca:certificates
Help us improve this documentation
Most of this documentation can be collaboratively discussed and changed on the respective topic in the doc category of the Charmhub forum. See the documentation guidelines if you’d like to contribute.