Creating Grafana Datasorce instance from Custom Resource managed by the RedHat community powered Grafana operator - IBM/ibm-spectrum-scale-bridge-for-grafana GitHub Wiki

The grafana-for-cnsa-sa serviceAccount, created during Grafana instance deployment, was created alongside the Grafana instance.

Example output:

[[email protected] ~]# NAMESPACE=grafana-for-cnsa
[[email protected] ~]# oc get sa -n $NAMESPACE | grep $NAMESPACE
grafana-for-cnsa-sa                   1         11d

You need grant the grafana-for-cnsa-sa access rights to the ibm-spectrum-scale-operator clusterRole:

Command:

oc adm policy add-cluster-role-to-user ibm-spectrum-scale-operator -z grafana-for-cnsa-sa

To allow ingress/egress communication from the grafana-for-cnsa namespace into the IBM Storage Scale container native namespaces, label the namespace with scale.spectrum.ibm.com/networkpolicy=allow

Commands:

NAMESPACE=grafana-for-cnsa
oc label namespace grafana-for-cnsa scale.spectrum.ibm.com/networkpolicy=allow

Grafana instance requires ssl connection data to communicate with grafana-bridge. With grafana-operator V.5 it is possible to apply ssl/tls connection data during datasource connection dunamically from a tls secret.

Create grafana-bridge-tls-cert secret in the grafana-for-cnsa namespace from the following yaml file:

Command:

oc apply -f https://raw.githubusercontent.com/IBM/ibm-spectrum-scale-bridge-for-grafana/master/examples/openshift_deployment_scripts/examples_for_grafana-operator_v5/grafana_datasource_deployment/bridge-tls-secret-v5.yaml --namespace=$NAMESPACE

Copy the grafana-bridge tls certificate and tls private key from CNSA project and store those in grafana-bridge-tls-cert secret

Commands:

TLS_CERT=`oc get secret ibm-spectrum-scale-grafana-bridge-service-cert -n ibm-spectrum-scale -o json |jq '.data["tls.crt"]' | tr -d \"`
TLS_KEY=`oc get secret ibm-spectrum-scale-grafana-bridge-service-cert -n ibm-spectrum-scale -o json |jq '.data["tls.key"]' | tr -d \"`
oc get secrets grafana-bridge-tls-cert -n $NAMESPACE -o json | jq ".data[\"tls.key\"] |= \"$TLS_KEY\"" | jq ".data[\"tls.crt\"] |= \"$TLS_CERT\""| oc apply -f -

Create the bridge-grafanadatasource GrafanaDatasource from the yaml file:

Command:

oc apply -f https://raw.githubusercontent.com/IBM/ibm-spectrum-scale-bridge-for-grafana/master/examples/openshift_deployment_scripts/examples_for_grafana-operator_v5/grafana_datasource_deployment/grafana-bridge-datasource-v5.yaml --namespace=$NAMESPACE

Verify the bridge-grafanadatasource instance from the type GrafanaDatasource has been deployed:

Example output:

[[email protected] ~]# oc get GrafanaDatasource -n $NAMESPACE
NAME                                   NO MATCHING INSTANCES   LAST RESYNC   AGE
bridge-grafanadatasource                                       3m24s         11d

[[email protected] ~]# oc get GrafanaDataSource bridge-grafanadatasource -n $NAMESPACE -o json | jq '.status'
{
 "hash": "f0b60ac2b538a4fbbb28121dbbe70f9fcfb0506f67e16b08c143a002c95dc611",
 "lastResync": "2023-08-15T16:47:40Z",
 "uid": "c3955aa4-a8e9-474a-923d-ccf0a00c00ae"
}