Grafana
- Canonical Observability
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 117 | 10 Sep 2024 | |
latest/candidate | 117 | 28 Jun 2024 | |
latest/beta | 122 | 19 Nov 2024 | |
latest/edge | 122 | 18 Nov 2024 | |
1.0/stable | 93 | 12 Dec 2023 | |
1.0/candidate | 93 | 22 Nov 2023 | |
1.0/beta | 93 | 22 Nov 2023 | |
1.0/edge | 93 | 22 Nov 2023 |
juju deploy grafana-k8s --channel 1.0/beta
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Enable TLS
There are two alternative approaches to enabling TLS: TLS termination and end-to-end TLS.
For testing purposes, you could use the self-signed-certificates operator as a stand-in for a local/external ca.
TLS termination
You can deploy grafana together with traefik, and enable TLS in traefik rather than in grafana. This way, when grafana is reached via the ingress URL, communication is TLS-encrypted to traefik, and the communication between traefik and grafana is plain HTTP. Moreover, in-cluster communication with related charms would also be unencrypted.
graph LR
external-ca ---|tls-certificates| traefik
subgraph your-model
traefik ---|ingress| grafana
end
Deploy the following bundle:
bundle: kubernetes
applications:
ca:
charm: self-signed-certificates
channel: edge
scale: 1
grafana:
charm: grafana-k8s
channel: edge
series: focal
scale: 1
trust: true
traefik:
charm: traefik-k8s
channel: edge
series: focal
scale: 1
trust: true
relations:
- - ca:certificates
- traefik:certificates
- - grafana:ingress
- traefik:traefik-route
- - traefik:grafana-dashboard
- grafana:grafana-dashboard
End-to-end TLS
By relating grafana to a certificates provider, this operator ensures all communications are behind TLS: both in-cluster and via ingress.
graph LR
external-ca ---|tls-certificates| traefik
subgraph your-model
traefik ---|ingress| grafana
grafana ---|tls-certificates| local-ca
traefik ---|send-ca-cert| local-ca
end
Deploy the following bundle:
bundle: kubernetes
applications:
ca:
charm: self-signed-certificates
channel: edge
scale: 1
external-ca:
charm: self-signed-certificates
channel: edge
scale: 1
grafana:
charm: grafana-k8s
channel: edge
series: focal
scale: 1
trust: true
traefik:
charm: traefik-k8s
channel: edge
series: focal
scale: 1
trust: true
relations:
- - traefik:traefik-route
- grafana:ingress
- - ca:send-ca-cert
- traefik:receive-ca-cert
- - ca:certificates
- grafana:certificates
- - traefik:certificates
- external-ca:certificates