bitnamicharts/grafana
Bitnami Helm chart for Grafana
1M+
Grafana is an open source metric analytics and visualization suite for visualizing time series data that supports various types of data sources.
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
helm install my-release oci://registry-1.docker.io/bitnamicharts/grafana
Looking to use Grafana in production? Try VMware Tanzu Application Catalog, the commercial edition of the Bitnami catalog.
This chart bootstraps a grafana deployment on a Kubernetes cluster using the Helm package manager.
Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters.
In the Bitnami catalog we offer both the bitnami/grafana and bitnami/grafana-operator charts. Each solution covers different needs and use cases.
The bitnami/grafana chart deploys a single Grafana installation using a Kubernetes Deployment object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing helm install:
+--------------+ +-----+
| | | |
Service & Ingress | Grafana +<------------+ PVC |
<-------------------+ | | |
| Deployment | +-----+
| |
+-----------+--+
^ +------------+
| | |
+----------------+ Configmaps |
| Secrets |
| |
+------------+
Its lifecycle is managed using Helm and, at the Grafana container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The chart also allows deploying dashboards and data sources using ConfigMaps. The Deployments do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations.
The bitnami/grafana-operator chart deploys a Grafana Operator installation using a Kubernetes Deployment. The figure below shows the Grafana operator deployment after executing helm install:
+--------------------+
| | +---------------+
| Grafana Operator | | |
| | | RBAC |
| Deployment | | Privileges |
| | | |
+-------+------------+ +-------+-------+
^ |
| +-----------------+ |
+---+ Service Account +<----+
+-----------------+
The operator will extend the Kubernetes API with the following objects: Grafana, GrafanaDashboards and GrafanaDataSources. From that moment, the user will be able to deploy objects of these kinds and the previously deployed Operator will take care of deploying all the required Deployments, ConfigMaps and Services for running a Grafana instance. Its lifecycle is managed using kubectl on the Grafana, GrafanaDashboards and GrafanaDataSource objects. The following figure shows the deployed objects after deploying a Grafana object using kubectl:
+--------------------+
| | +---------------+
| Grafana Operator | | |
| | | RBAC |
| Deployment | | Privileges |
| | | |
+--+----+------------+ +-------+-------+
| ^ |
| | +-----------------+ |
| +---+ Service Account +<----+
| +-----------------+
|
|
|
|
| Grafana
| +---------------------------------------------------------------------------+
| | |
| | +--------------+ +-----+ |
| | | | | | |
+-------------------->+ Service & Ingress | Grafana +<------------+ PVC | |
| <-------------------+ | | | |
| | Deployment | +-----+ |
| | | |
| +-----------+--+ |
| ^ +------------+ |
| | | | |
| +----------------+ Configmaps | |
| | Secrets | |
| | | |
| +------------+ |
| |
+---------------------------------------------------------------------------+
This solution allows to easily deploy multiple Grafana instances compared to the bitnami/grafana chart. As the operator automatically deploys Grafana installations, the Grafana Operator pods will require a ServiceAccount with privileges to create and destroy mulitple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies.
To install the chart with the release name my-release
:
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/grafana
Note: You need to substitute the placeholders
REGISTRY_NAME
andREPOSITORY_NAME
with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to useREGISTRY_NAME=registry-1.docker.io
andREPOSITORY_NAME=bitnamicharts
.
These commands deploy grafana on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the resources
value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the resourcesPreset
values, which automatically sets the resources
section according to different presets. Check these presets in the bitnami/common chart. However, in production workloads using resourcesPreset
is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the official Kubernetes documentation.
The Bitnami Redis chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in auth.existingSecret
. To update credentials, use one of the following:
helm upgrade
specifying a new password in admin.password
helm upgrade
specifying a new secret in admin.existingSecret
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
This chart can be integrated with Prometheus by setting metrics.enabled
to true
. This will expose Grafana native Prometheus endpoint in the service. It will have the necessary annotations to be automatically scraped by Prometheus.
Prometheus requirements
It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the Bitnami Prometheus helm chart or the Bitnami Kube Prometheus helm chart to easily have a working Prometheus in your cluster.
Integration with Prometheus Operator
The chart can deploy ServiceMonitor
objects for integration with Prometheus Operator installations. To do so, set the value metrics.serviceMonitor.enabled=true
. Ensure that the Prometheus Operator CustomResourceDefinitions
are installed in the cluster or it will fail with the following error:
no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
Install the Bitnami Kube Prometheus helm chart for having the necessary CRDs and the Prometheus Operator.
Grafana supports multiples configuration files. Using kubernetes you can mount a file using a ConfigMap or a Secret. For example, to mount a custom grafana.ini
file or custom.ini
file you can create a ConfigMap like the following:
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
data:
grafana.ini: |-
# Raw text of the file
And now you need to pass the ConfigMap name, to the corresponding parameters: config.useGrafanaIniFile=true
and config.grafanaIniConfigMap=myconfig
.
To provide dashboards on deployment time, Grafana needs a dashboards provider and the dashboards themselves.
A default provider is created if enabled, or you can mount your own provider using a ConfigMap, but have in mind that the path to the dashboard folder must be /opt/bitnami/grafana/dashboards
.
json
file that defines the dashboard and set the array with the ConfigMap names into the dashboardsConfigMaps
parameter.
Note the difference between the datasources and the dashboards creation. For the datasources we can use just one secret with all of the files, while for the dashboards we need one ConfigMap per file.For example, create the dashboard ConfigMap(s) and datasource Secret as described below:
kubectl create secret generic datasource-secret --from-file=datasource-secret.yaml
kubectl create configmap my-dashboard-1 --from-file=my-dashboard-1.json
kubectl create configmap my-dashboard-2 --from-file=my-dashboard-2.json
Note: the commands above assume you had previously exported your dashboards in the JSON files: my-dashboard-1.json and my-dashboard-2.json Note: the commands above assume you had previously created a datasource config file datasource-secret.yaml. Find an example at https://grafana.com/docs/grafana/latest/administration/provisioning/#example-datasource-config-file
Once you have them, use the following parameters to deploy Grafana with 2 custom dashboards:
dashboardsProvider.enabled=true
datasources.secretName=datasource-secret
dashboardsConfigMaps[0].configMapName=my-dashboard-1
dashboardsConfigMaps[0].fileName=my-dashboard-1.json
dashboardsConfigMaps[1].configMapName=my-dashboard-2
dashboardsConfigMaps[1].fileName=my-dashboard-2.json
More info at Grafana documentation.
To enable LDAP authentication it is necessary to provide a ConfigMap with the Grafana LDAP configuration file. For instance:
configmap.yaml:
apiVersion: v1
kind: ConfigMap
metadata:
name: ldap-config
data:
ldap.toml: |-
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "ldap"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "cn=admin,dc=example,dc=org"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = 'admin'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = "(uid=%s)"
# An array of base dns to search through
search_base_dns = ["ou=People,dc=support,dc=example,dc=org"]
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_filter_user_attribute = "distinguishedName"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
Create the ConfigMap into the cluster and deploy the Grafana Helm Chart using the existing ConfigMap and the following parameters:
ldap.enabled=true
ldap.configMapName=ldap-config
ldap.allowSignUp=true
In order to install the Grafana Image Renderer Plugin so you rely on it to render images and save memory on Grafana pods, follow the steps below:
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-image-renderer
namespace: default
labels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
app.kubernetes.io/part-of: grafana
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
template:
metadata:
labels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
app.kubernetes.io/part-of: grafana
spec:
securityContext:
fsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
containers:
- name: grafana-image-renderer
image: docker.io/bitnami/grafana-image-renderer:3
securityContext:
runAsUser: 1001
env:
- name: HTTP_HOST
value: "::"
- name: HTTP_PORT
value: "8080"
ports:
- name: http
containerPort: 8080
protocol: TCP
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: grafana-image-renderer
namespace: default
labels:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
app.kubernetes.io/part-of: grafana
spec:
type: ClusterIP
sessionAffinity: None
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: grafana-image-renderer
app.kubernetes.io/instance: grafana-image-renderer
app.kubernetes.io/component: image-renderer-plugin
values.yaml
file:imageRenderer:
enabled: true
serverURL: "http://grafana-image-renderer.default.svc.cluster.local:8080/render"
callbackURL: "http://grafana.default.svc.cluster.local:3000/"
Note: the steps above assume an installation in the
default
namespace. If you are installing the chart in a different namespace, adjust the manifests and theserverURL
&callbackURL
values accordingly.
To support HA Grafana just need an external database where store dashboards, users and other persistent data. To configure the external database provide a configuration file containing the database section
More information about Grafana HA here
This chart allows you to set your custom affinity using the affinity
parameter. Find more information about Pod's affinity in the kubernetes documentation.
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the bitnami/common chart. To do so, set the podAffinityPreset
, podAntiAffinityPreset
, or nodeAffinityPreset
parameters.
To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool. Find the instructions for using Velero in this guide.
The Bitnami Grafana image stores the Grafana data and configurations at the /opt/bitnami/grafana/data
path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. See the Parameters section to configure the PVC or to disable persistence.
Name | Description | Value |
---|---|---|
global.imageRegistry | Global Docker image registry | "" |
global.imagePullSecrets | Global Docker registry secret names as an array | [] |
global.defaultStorageClass | Global default StorageClass for Persistent Volume(s) | "" |
global.storageClass | DEPRECATED: use global.defaultStorageClass instead | "" |
global.security.allowInsecureImages | Allows skipping image verification | false |
global.compatibility.openshift.adaptSecurityContext | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | auto |
Name | Description | Value |
---|---|---|
kubeVersion | Force target Kubernetes version (using Helm capabilities if not set) | "" |
extraDeploy | Array of extra objects to deploy with the release | [] |
nameOverride | String to partially override grafana.fullname template (will maintain the release name) | "" |
fullnameOverride | String to fully override grafana.fullname template | "" |
clusterDomain | Default Kubernetes cluster domain | cluster.local |
` |
Note: the README for this chart is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at https://github.com/bitnami/charts/blob/main/bitnami/grafana/README.md