Set up Grafana with MKE Prometheus

Important

The information offered herein on how to set up a Grafana instance connected to MKE Prometheus is derived from the official Deploy Grafana on Kubernetes documentation and modified to work with MKE. As it deploys Grafana with default credentials, Mirantis strongly recommends that you adjust the configuration detail to meet your specific needs prior to deploying Grafana with MKE in a production environment.

  1. Source an MKE admin bundle.

  2. Create the monitoring namespace on which you will deploy Grafana:

    kubectl create namespace monitoring

  3. Obtain the UCP cluster ID:

    CLUSTER_ID=$(docker info --format '{{json .Swarm.Cluster.ID}}')

  4. Apply the following YAML file to deploy Grafana in the monitoring namespace and to automatically configure MKE Prometheus as a data source:

    kubectl apply -f - <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: grafana
  name: grafana
  namespace: monitoring
spec:
  selector:
    matchLabels:
      app: grafana
  template:
    metadata:
      labels:
        app: grafana
    spec:
      securityContext:
        runAsUser: 0
      containers:
        - name: grafana
          image: grafana/grafana:9.1.0-ubuntu
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3000
              name: http-grafana
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /robots.txt
              port: 3000
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 2
          livenessProbe:
            failureThreshold: 3
            initialDelaySeconds: 30
            periodSeconds: 10
            successThreshold: 1
            tcpSocket:
              port: 3000
            timeoutSeconds: 1
          resources:
            requests:
              cpu: 250m
              memory: 750Mi
          volumeMounts:
            - mountPath: /etc/grafana/
              name: grafana-config-volume
            - mountPath: /etc/ssl
              name: ucp-node-certs
      volumes:
        - name: grafana-config-volume
          configMap:
            name: grafana-config
            items:
              - key: grafana.ini
                path: grafana.ini
              - key: dashboard.json
                path: dashboard.json
              - key: datasource.yml
                path: provisioning/datasources/datasource.yml
        - name: ucp-node-certs
          hostPath:
            path: /var/lib/docker/volumes/ucp-node-certs/_data
      nodeSelector:
        node-role.kubernetes.io/master: ""
---
apiVersion: v1
kind: Service
metadata:
  name: grafana
  namespace: monitoring
spec:
  ports:
    - port: 3000
      protocol: TCP
      targetPort: http-grafana
  selector:
    app: grafana
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: grafana-config
  namespace: monitoring
  labels:
    grafana_datasource: '1'
data:
  grafana.ini: |
  dashboard.json: |
  datasource.yml: |-
    apiVersion: 1
    datasources:
    - name: mke-prometheus
      type: prometheus
      access: proxy
      orgId: 1
      url: https://ucp-metrics.kube-system.svc.cluster.local:443
      jsonData:
        tlsAuth: true
        tlsAuthWithCACert: false
        serverName: $CLUSTER_ID
      secureJsonData:
        tlsClientCert: "\$__file{/etc/ssl/cert.pem}"
        tlsClientKey: "\$__file{/etc/ssl/key.pem}"
---
EOF

  5. Use port forwarding to access the Grafana UI. Be aware that this may require that you install socat on your manager nodes.

    kubectl port-forward service/grafana 3000:3000 -n monitoring

You can now navigate to the Grafana UI, which has the MKE Prometheus data source installed at http://localhost:3000/. Log in initially using admin for both the user name and password, taking care to change your credentials after successful log in.