mirror of https://git.rancher.io/charts
Add nginx proxy to Grafana for magic links
This commit adds an nginx proxy in front of Grafana that intercepts the requests that are sent to the Grafana pod. This change was necessary since the Grafana pod encounters issues with Rancher proxy URLs that are formatted like: ``` <server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy ``` Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g. ``` <server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path> => <server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path> ```pull/677/head
parent
3737ec3c86
commit
d6c774aa42
|
@ -17,6 +17,7 @@ All notable changes from the upstream Prometheus Operator chart will be added to
|
|||
- Added default resource limits for `Prometheus Operator`, `Prometheus`, `AlertManager`, `Grafana`, `kube-state-metrics`, `node-exporter`
|
||||
- Added a default template `rancher_defaults.tmpl` to AlertManager that Rancher will offer to users in order to help configure the way alerts are rendered on a notifier. Also updated the default template deployed with this chart to reference that template and added an example of a Slack config using this template as a comment in the `values.yaml`.
|
||||
- Added support for private registries via introducing a new field for `global.cattle.systemDefaultRegistry` that, if supplied, will automatically be prepended onto every image used by the chart.
|
||||
- Added a default `nginx` proxy container deployed with Grafana whose config is set in the `ConfigMap` located in `charts/grafana/templates/nginx-config.yaml`. The purpose of this container is to make it possible to view Grafana's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8080` (with a `portName` of `nginx-http` instead of the default `service`), which is also where the Grafana service will now point to, and will forward all requests to the Grafana container listening on the default port `3000`.
|
||||
### Modified
|
||||
- Updated the chart name from `prometheus-operator` to `rancher-monitoring` and added the `io.rancher.certified: rancher` annotation to `Chart.yaml`
|
||||
- Modified the default `node-exporter` port from `9100` to `9796`
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: grafana-nginx-proxy-config
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
data:
|
||||
nginx.conf: |-
|
||||
worker_processes auto;
|
||||
error_log /dev/stdout warn;
|
||||
pid /var/cache/nginx/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
|
||||
|
||||
proxy_connect_timeout 10;
|
||||
proxy_read_timeout 180;
|
||||
proxy_send_timeout 5;
|
||||
proxy_buffering off;
|
||||
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
access_log off;
|
||||
|
||||
gzip on;
|
||||
gzip_min_length 1k;
|
||||
gzip_comp_level 2;
|
||||
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
|
||||
gzip_vary on;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
|
||||
proxy_set_header Host $host;
|
||||
|
||||
location /api/dashboards {
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
|
||||
location /api/search {
|
||||
proxy_pass http://localhost:3000;
|
||||
|
||||
sub_filter_types application/json;
|
||||
sub_filter_once off;
|
||||
sub_filter '"url":"/d' '"url":"d';
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_cache my_zone;
|
||||
proxy_cache_valid 200 302 1d;
|
||||
proxy_cache_valid 301 30d;
|
||||
proxy_cache_valid any 5m;
|
||||
proxy_cache_bypass $http_cache_control;
|
||||
add_header X-Proxy-Cache $upstream_cache_status;
|
||||
add_header Cache-Control "public";
|
||||
|
||||
proxy_pass http://localhost:3000/;
|
||||
|
||||
sub_filter_types text/html;
|
||||
sub_filter_once off;
|
||||
sub_filter '"appSubUrl":""' '"appSubUrl":"."';
|
||||
sub_filter '"url":"/' '"url":"./';
|
||||
sub_filter ':"/avatar/' ':"avatar/';
|
||||
|
||||
if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
|
||||
expires 90d;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -193,6 +193,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/cha
|
|||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if .Values.command }}
|
||||
@@ -285,7 +284,7 @@
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.service.portName }}
|
||||
- containerPort: {{ .Values.service.port }}
|
||||
+ containerPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
- name: {{ .Values.podPortName }}
|
||||
containerPort: 3000
|
||||
diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/charts/grafana/values.yaml packages/rancher-monitoring/charts/charts/grafana/values.yaml
|
||||
--- packages/rancher-monitoring/charts-original/charts/grafana/values.yaml
|
||||
+++ packages/rancher-monitoring/charts/charts/grafana/values.yaml
|
||||
|
@ -2273,16 +2282,18 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## Annotations for Grafana dashboard configmaps
|
||||
##
|
||||
@@ -575,6 +942,19 @@
|
||||
@@ -574,7 +935,60 @@
|
||||
## Passed to grafana subchart and used by servicemonitor below
|
||||
##
|
||||
service:
|
||||
portName: service
|
||||
- portName: service
|
||||
+ portName: nginx-http
|
||||
+ ## Port for Grafana Service to listen on
|
||||
+ ##
|
||||
+ port: 80
|
||||
+ ## To be used with a proxy extraContainer port
|
||||
+ ##
|
||||
+ targetPort: 3000
|
||||
+ targetPort: 8080
|
||||
+ ## Port to expose on each node
|
||||
+ ## Only used if service.type is 'NodePort'
|
||||
+ ##
|
||||
|
@ -2290,10 +2301,50 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
+ ## Service type
|
||||
+ ##
|
||||
+ type: ClusterIP
|
||||
+
|
||||
+ proxy:
|
||||
+ image:
|
||||
+ repository: rancher/library-nginx
|
||||
+ tag: 1.19.2-alpine
|
||||
+
|
||||
+ ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
|
||||
+ extraContainers: |
|
||||
+ - name: grafana-proxy
|
||||
+ args:
|
||||
+ - nginx
|
||||
+ - -g
|
||||
+ - daemon off;
|
||||
+ - -c
|
||||
+ - /nginx/nginx.conf
|
||||
+ image: "{{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}"
|
||||
+ ports:
|
||||
+ - containerPort: 8080
|
||||
+ name: nginx-http
|
||||
+ protocol: TCP
|
||||
+ volumeMounts:
|
||||
+ - mountPath: /nginx
|
||||
+ name: grafana-nginx
|
||||
+ - mountPath: /var/cache/nginx
|
||||
+ name: nginx-home
|
||||
+ securityContext:
|
||||
+ runAsUser: 101
|
||||
+ runAsGroup: 101
|
||||
+
|
||||
+ ## Volumes that can be used in containers
|
||||
+ extraContainerVolumes:
|
||||
+ - name: nginx-home
|
||||
+ emptyDir: {}
|
||||
+ - name: grafana-nginx
|
||||
+ configMap:
|
||||
+ name: grafana-nginx-proxy-config
|
||||
+ items:
|
||||
+ - key: nginx.conf
|
||||
+ mode: 438
|
||||
+ path: nginx.conf
|
||||
|
||||
## If true, create a serviceMonitor for grafana
|
||||
##
|
||||
@@ -600,6 +980,14 @@
|
||||
@@ -600,6 +1014,14 @@
|
||||
# targetLabel: nodename
|
||||
# replacement: $1
|
||||
# action: replace
|
||||
|
@ -2308,7 +2359,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## Component scraping the kube api server
|
||||
##
|
||||
@@ -756,7 +1144,7 @@
|
||||
@@ -756,7 +1178,7 @@
|
||||
## Component scraping the kube controller manager
|
||||
##
|
||||
kubeControllerManager:
|
||||
|
@ -2317,7 +2368,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
|
||||
##
|
||||
@@ -889,7 +1277,7 @@
|
||||
@@ -889,7 +1311,7 @@
|
||||
## Component scraping etcd
|
||||
##
|
||||
kubeEtcd:
|
||||
|
@ -2326,7 +2377,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## If your etcd is not deployed as a pod, specify IPs it can be found on
|
||||
##
|
||||
@@ -949,7 +1337,7 @@
|
||||
@@ -949,7 +1371,7 @@
|
||||
## Component scraping kube scheduler
|
||||
##
|
||||
kubeScheduler:
|
||||
|
@ -2335,7 +2386,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
|
||||
##
|
||||
@@ -1002,7 +1390,7 @@
|
||||
@@ -1002,7 +1424,7 @@
|
||||
## Component scraping kube proxy
|
||||
##
|
||||
kubeProxy:
|
||||
|
@ -2344,7 +2395,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## If your kube proxy is not deployed as a pod, specify IPs it can be found on
|
||||
##
|
||||
@@ -1076,6 +1464,13 @@
|
||||
@@ -1076,6 +1498,13 @@
|
||||
create: true
|
||||
podSecurityPolicy:
|
||||
enabled: true
|
||||
|
@ -2358,7 +2409,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## Deploy node exporter as a daemonset to all nodes
|
||||
##
|
||||
@@ -1125,6 +1520,16 @@
|
||||
@@ -1125,6 +1554,16 @@
|
||||
extraArgs:
|
||||
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)
|
||||
- --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
|
||||
|
@ -2375,7 +2426,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## Manages Prometheus and Alertmanager components
|
||||
##
|
||||
@@ -1138,7 +1543,7 @@
|
||||
@@ -1138,7 +1577,7 @@
|
||||
tlsProxy:
|
||||
enabled: true
|
||||
image:
|
||||
|
@ -2384,7 +2435,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
tag: v1.5.2
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
@@ -1156,7 +1561,7 @@
|
||||
@@ -1156,7 +1595,7 @@
|
||||
patch:
|
||||
enabled: true
|
||||
image:
|
||||
|
@ -2393,7 +2444,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
tag: v1.2.1
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
@@ -1285,13 +1690,13 @@
|
||||
@@ -1285,13 +1724,13 @@
|
||||
|
||||
## Resource limits & requests
|
||||
##
|
||||
|
@ -2414,7 +2465,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
|
||||
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
|
||||
@@ -1335,7 +1740,7 @@
|
||||
@@ -1335,7 +1774,7 @@
|
||||
## Prometheus-operator image
|
||||
##
|
||||
image:
|
||||
|
@ -2423,7 +2474,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
tag: v0.38.1
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
@@ -1343,14 +1748,14 @@
|
||||
@@ -1343,14 +1782,14 @@
|
||||
## Configmap-reload image to use for reloading configmaps
|
||||
##
|
||||
configmapReloadImage:
|
||||
|
@ -2440,7 +2491,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
tag: v0.38.1
|
||||
sha: ""
|
||||
|
||||
@@ -1366,14 +1771,6 @@
|
||||
@@ -1366,14 +1805,6 @@
|
||||
##
|
||||
secretFieldSelector: ""
|
||||
|
||||
|
@ -2455,7 +2506,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
## Deploy a Prometheus instance
|
||||
##
|
||||
prometheus:
|
||||
@@ -1614,7 +2011,7 @@
|
||||
@@ -1614,7 +2045,7 @@
|
||||
## Image of Prometheus.
|
||||
##
|
||||
image:
|
||||
|
@ -2464,7 +2515,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
tag: v2.18.2
|
||||
sha: ""
|
||||
|
||||
@@ -1666,6 +2063,11 @@
|
||||
@@ -1666,6 +2097,11 @@
|
||||
##
|
||||
externalUrl: ""
|
||||
|
||||
|
@ -2476,7 +2527,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
## Define which Nodes the Pods are scheduled on.
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
@@ -1698,7 +2100,7 @@
|
||||
@@ -1698,7 +2134,7 @@
|
||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||
## which will also match the PrometheusRule resources created
|
||||
##
|
||||
|
@ -2485,7 +2536,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## PrometheusRules to be selected for target discovery.
|
||||
## If {}, select all ServiceMonitors
|
||||
@@ -1723,7 +2125,7 @@
|
||||
@@ -1723,7 +2159,7 @@
|
||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||
## which will also match the servicemonitors created
|
||||
##
|
||||
|
@ -2494,7 +2545,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## ServiceMonitors to be selected for target discovery.
|
||||
## If {}, select all ServiceMonitors
|
||||
@@ -1743,7 +2145,7 @@
|
||||
@@ -1743,7 +2179,7 @@
|
||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||
## which will also match the podmonitors created
|
||||
##
|
||||
|
@ -2503,7 +2554,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val
|
|||
|
||||
## PodMonitors to be selected for target discovery.
|
||||
## If {}, select all PodMonitors
|
||||
@@ -1840,9 +2242,13 @@
|
||||
@@ -1840,9 +2276,13 @@
|
||||
|
||||
## Resource limits & requests
|
||||
##
|
||||
|
|
Loading…
Reference in New Issue