operations |
comment | "parent_author":"",<br>"parent_permlink":"grafana",<br>"author":"timoschuetz",<br>"permlink":"setting-up-grafana-oauth2-in-kubernetes",<br>"title":"Setting up Grafana OAuth2 (in Kubernetes)",<br>"body":"In this guide we are setting up Grafana in a Kubernetes cluster to use OAuth2 based authorization. First of all you need to have a running Kubernetes cluster and helm installed and configured. If you do not know how to set it up click [here to get to my Helm installation guide. I\u2019ve been using AKS,<br> but it will probably work on your environment too. \n\n## Setting up your IdP\nFirst of all you need to create a new application in your identity provider. I have been using Okta,<br> but every other IdP which supports openID should work as well.\nIn Okta you have to select `Web` as Applicaton type and enable `Refresh Tokens`. For your redirect URL you need to set it to `https:\/\/example.com\/generic_oauth`\n\n![image (https:\/\/i.imgur.com\/8ETQJ8h.png)\n\n## Configure Installation\nCreate a new file,<br> which will be used to configure the installation. Name the file `values.yaml`. Insert the following content:\n[https:\/\/pastebin.com\/raw\/HVkXjxfQ\u00a0 \n\nNow we need to change some stuff in that file:\nChange the `root_url` to `https:\/\/your.domain.com` so that your IdP can redirect you after logging in successfully.\n\nIf you already know what your datasource is,<br> you can fill it in. If you don\u2019t want to use that feature just replace the section with a ` `.\n\nFirst of all you need to fill in your client id and client secret. Also do not forget to change the IdP URLs. Now you need to edit the hosts in the ingress controller so that it can be created automatically. \n\n## Install Grafana\nAfter all the configuration is done you can finally deploy Grafana using this command (Feel free to change name and namespace to your liking):\n`helm install --name grafana --namespace monitoring stable\/grafana -f values.yaml`\n\n## Setup Grafana\nLogin at the Grafana Dashboard and change the default admin password. Now you can setup your datasources and dashboards. \n\nAfter all that login with the IdP to register your user to Grafana. Then log back in with you admin account and assign administrator privileges to your IdP user.\n\n## Disable Basic Auth\nIf you want to,<br> you can disable basic authentication to only allow users to log on using OAuth. Now we can change some stuff to disable the basic authentication and fully go to IdP login. For this create and open the file `patch_values.yaml`.\n```\ngrafana.ini:\n auth.basic:\n enabled: false\n auth:\n oauth_auto_login: true\n disable_login_form: true\n```\nNow we can change the config file in the cluster with:\n`helm upgrade --reuse-values -f patch_values.yml grafana stable\/grafana`",<br>"json_metadata":" \"tags\":[\"grafana\",<br>\"oauth2\",<br>\"kubernetes\",<br>\"idp\",<br>\"identity\" ,<br>\"image\":[\"https:\/\/i.imgur.com\/8ETQJ8h.png\" ,<br>\"links\":[\"https:\/\/pastebin.com\/raw\/HVkXjxfQ\" ,<br>\"app\":\"steemit\/0.1\",<br>\"format\":\"markdown\" " |
|