Add variable grafana_ingress_host to expose Grafana
#468
Conversation
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
1db5fd8
to
0af84cd
Compare
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
2 times, most recently
from
08362fe
to
69b5df9
Compare
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
69b5df9
to
c5dc6e6
Compare
|
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
3 times, most recently
from
4acff23
to
89d1350
Compare
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
89d1350
to
6d0a61e
Compare
|
So it was decided in a meeting that we create block for grafana like this: component "prometheus-operator" {
...
grafana {
admin_password = ""
ingress {
host = ""
# In future
ingress_class = ""
certmanager_cluster_issuer = ""
}
}
} |
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
35acb77
to
45a5ec3
Compare
Hm, okay. I think we should have a bit more documentation how to obtain this password then, so it is not so cryptic to the users. |
That I plan to handle as a part of #480 |
|
I wonder if it makes sense to allow exposing grafana and allow having an insecure default password so easily. So if a user does and this exposes grafana with admin:admin password, this is surprising and insecure. Should we do something about it? |
@iaguis there is a default password but it is not |
Ah, all good then 👍 |
| @@ -115,16 +122,26 @@ func newComponent() *component { | |||
| "tier": "control-plane", | |||
| }, | |||
| }, | |||
| Grafana: &Grafana{}, | |||
There was a problem hiding this comment.
Yes, we do need it. Otherwise you will see some nil pointer exceptions.
There was a problem hiding this comment.
I think those can be avoided by checking them then? It doesn't make much sense to me to put it here.
There was a problem hiding this comment.
Tests are also passing if I remove it.
There was a problem hiding this comment.
Ah, I'm able to trigger it when I modified the tests, hmm.
There was a problem hiding this comment.
Maybe we can make Grafana field not a pointer?
There was a problem hiding this comment.
What's wrong with it? What do you think would be potential implications if we don't make it a pointer?
There was a problem hiding this comment.
I'm not sure about the possible implications, but if it's a pointer, it means we should handle the cases when it's nil. Also, if defined here, if provides no "default" values, as we usually use newComponent for, so I'd remove it.
Please have a look at the patch I posted. It adds the handling and test for it.
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
45a5ec3
to
9d7efe6
Compare
|
How about something like this? diff --git a/pkg/components/prometheus-operator/component.go b/pkg/components/prometheus-operator/component.go
index b3791da3..137b997f 100644
--- a/pkg/components/prometheus-operator/component.go
+++ b/pkg/components/prometheus-operator/component.go
@@ -123,7 +123,6 @@ func newComponent() *component {
"tier": "control-plane",
},
},
- Grafana: &Grafana{},
}
}
diff --git a/pkg/components/prometheus-operator/component_test.go b/pkg/components/prometheus-operator/component_test.go
index 8e2608fb..b0b6cd39 100644
--- a/pkg/components/prometheus-operator/component_test.go
+++ b/pkg/components/prometheus-operator/component_test.go
@@ -26,18 +26,25 @@ func TestEmptyConfig(t *testing.T) {
c := newComponent()
emptyConfig := hcl.EmptyBody()
evalContext := hcl.EvalContext{}
- diagnostics := c.LoadConfig(&emptyConfig, &evalContext)
- if diagnostics.HasErrors() {
+ if d := c.LoadConfig(&emptyConfig, &evalContext); d.HasErrors() {
t.Fatalf("Empty config should not return errors")
}
+
+ m, err := c.RenderManifests()
+ if err != nil {
+ t.Fatalf("Rendering manifests with valid config should succeed, got: %s", err)
+ }
+ if len(m) <= 0 {
+ t.Fatalf("Rendered manifests shouldn't be empty")
+ }
}
func TestRenderManifest(t *testing.T) {
configHCL := `
component "prometheus-operator" {
grafana {
- admin_password = "foobar"
+ admin_password = "foobar"
}
namespace = "monitoring"
}
diff --git a/pkg/components/prometheus-operator/template.go b/pkg/components/prometheus-operator/template.go
index 3a96fe0f..7089874c 100644
--- a/pkg/components/prometheus-operator/template.go
+++ b/pkg/components/prometheus-operator/template.go
@@ -48,7 +48,6 @@ alertmanager:
storage: "{{.AlertManagerStorageSize}}"
grafana:
- adminPassword: {{.Grafana.AdminPassword}}
plugins: "grafana-piechart-panel"
testFramework:
enabled: false
@@ -57,6 +56,8 @@ grafana:
searchNamespace: ALL
rbac:
pspUseAppArmor: false
+ {{- if .Grafana}}
+ adminPassword: {{.Grafana.AdminPassword}}
{{ if .Grafana.Ingress }}
ingress:
enabled: true
@@ -71,6 +72,7 @@ grafana:
- {{ .Grafana.Ingress.Host }}
secretName: {{ .Grafana.Ingress.Host }}-tls
{{ end }}
+ {{- end}}
kubeEtcd:
enabled: {{.Monitor.Etcd}} |
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
9d7efe6
to
503beb8
Compare
|
@invidian PTAL, added table driven tests. Also taken care of the test that fails. |
| t.Errorf("%s - Wrong config should have returned an error", tc.desc) | ||
| } | ||
|
|
||
| m, err := c.RenderManifests() |
There was a problem hiding this comment.
If I want error, meaning loading the HCL failed, this should not be executed, or?
There was a problem hiding this comment.
By want error it means that the test is expecting an error.
There was a problem hiding this comment.
yes, sorry. I mean, if we fail to load the HCL, the component will be in the possibly undefined state, so we should not try to render it then.
There was a problem hiding this comment.
Yes changed that now it is using t.Run so now I can return using t.Fatal.
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
503beb8
to
152bc61
Compare
* Changes the UX for grafana component. Now all the grafana related information goes into a block. * Adds a new variable `grafana.ingress.host` where user can provide the ingress Host URL to expose Grafana on. * Adds a new variable `grafana.ingress.class` so that user can provide the ingress class to be used for Grafana's ingress object. * Adds a new variable `grafana.ingress.certmanager_cluster_issuer` so that user can choose the cluster issuer for certmanager so that it can generate TLS cert for Grafana's Ingress. * Adds documentation of the above variables. Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
- Modify the tests to run in a table. - Remove the test which checks for empty config. It is not a failure condition and is incorporated in above table. - Add test that verifies if the user provides ingress host or not. It is a compulsory field if not provided the test should fail. Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
surajssd
force-pushed
the
surajssd/add-support-for-grafana-ingress
branch
from
152bc61
to
dc247e8
Compare
Testing on packet can be tricky because:
|
|
The testing can be done on any platform. But should be done at at least one. |
Fixes: #456