Skip to content

Commit f725454

Browse files
HeleneHelene
committed
expand deployment scripts with the API key authentication data
1 parent 072239f commit f725454

File tree

3 files changed

+84
-29
lines changed

3 files changed

+84
-29
lines changed

docs/grafana_bridge_deployment_ocp.md

Lines changed: 58 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ Check that the both .pem files are created in the /tmp directory
6363

6464
```
6565
[root@mycluster-inf ~]# cd /etc/bridge_ssl/certs
66-
[root@mycluster-inf tmp]# cat privkey.pem
66+
[root@mycluster-inf certs]# cat privkey.pem
6767
-----BEGIN PRIVATE KEY-----
6868
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZ7v0Oq9n9zx8T
6969
v/VPln5K74udrUVPA/4xz/+MsUIThlt+RLcaVuBx2jTbxDlSdPiQc/rSfZRtBTBt
@@ -92,7 +92,7 @@ ehAHRd4XxCH0p4/lAI+qQZxmkRfho1IXg/sAQoFXCF2dj+hMZ9nlV26m3n6iZxFY
9292
bjRUDSzBGHtV+WhPLzrKrsRFn4USCQHDA9+0aL2jGnfwC3En4SeMfk/3usLPVSAX
9393
B4MtCX8SrTMkQ7PutwU2/R+i
9494
-----END PRIVATE KEY-----
95-
[root@mycluster-inf tmp]# cat cert.pem
95+
[root@mycluster-inf certs]# cat cert.pem
9696
-----BEGIN CERTIFICATE-----
9797
MIIDNzCCAh+gAwIBAgIJAMlcr+FBcrAnMA0GCSqGSIb3DQEBCwUAMDIxFzAVBgNV
9898
BAMMDmdyYWZhbmEtYnJpZGdlMRcwFQYDVQQKDA5ncmFmYW5hLWJyaWRnZTAeFw0y
@@ -119,7 +119,7 @@ O+6FAarz5qVR/D09GhoohwQDT8m5N2hfS61JQ/f3iN3KUYK00ppwWzJeumabVY+Z
119119
5. Create the 'grafana-bridge-secret' secret for the TLS keys
120120

121121
```
122-
[root@mycluster-inf tmp]# kubectl create secret tls grafana-bridge-secret --key="privkey.pem" --cert="cert.pem"
122+
[root@mycluster-inf certs]# kubectl create secret tls grafana-bridge-secret --key="privkey.pem" --cert="cert.pem"
123123
secret/grafana-bridge-secret created
124124
125125
[root@mycluster-inf tmp]# oc describe secret grafana-bridge-secret
@@ -138,10 +138,45 @@ tls.key: 1704 bytes
138138
```
139139

140140

141-
6. Change to the directory example_deployment_scripts/bridge_deployment/ and apply the following .yaml files:
141+
6. Since the IBM Spectrum Scale version 5.1.1 any client querying the performance data from the IBM Spectrum Scale cluster needs the API key authentication. You need to create API key secret for the grafana-bridge application using key name 'scale_grafana'. First encode your plaintext API key name and value using base_64:
142142

143143
```
144-
[root@mycluster-inf tmp]# cd /opt/example_deployment_scripts/bridge_deployment
144+
[root@mycluster-inf certs]# echo -n 'scale_grafana'| base64
145+
c2NhbGVfZGVmYXVsdA==
146+
[root@mycluster-inf certs]# echo -n 'b0fbc340-43e8-4039-9895-e07eb34d1153'| base64
147+
YjBmYmMzNDAtNDNlOC00MDM5LTk4OTUtZTA3ZWIzNGQxMTUz
148+
```
149+
150+
151+
7. Change to the directory example_deployment_scripts/bridge_deployment/ and open the secret.yaml file in edit mode.
152+
Replace the <YOUR_BASE64_ENCODED_API_KEY_NAME> and the <YOUR_BASE64_ENCODED_API_KEY_VALUE> with the values you generated with base_64.
153+
154+
155+
8. Create the 'scale-grafana-api' secret for the 'scale_grafana' API key authentication
156+
157+
```
158+
[root@mycluster-inf certs]# oc create -f secret.yaml
159+
secret/scale-grafana-api created
160+
161+
[root@mycluster-inf certs]# oc describe secret scale-grafana-api
162+
Name: scale-grafana-api
163+
Namespace: ibm-spectrum-scale-ns
164+
Labels: <none>
165+
Annotations: <none>
166+
167+
Type: Opaque
168+
169+
Data
170+
====
171+
api-key-name: 13 bytes
172+
api-key-value: 36 bytes
173+
```
174+
175+
176+
9. Apply the following .yaml files:
177+
178+
```
179+
[root@mycluster-inf certs]# cd /opt/example_deployment_scripts/bridge_deployment
145180
146181
[root@mycluster-inf bridge_deployment]# oc create -f role.yaml
147182
role.rbac.authorization.k8s.io/grafana-bridge created
@@ -157,29 +192,27 @@ deployment.apps/grafana-bridge-deployment created
157192
```
158193

159194

160-
7. Verify the grafana-bridge pods are up and running
195+
10. Verify the grafana-bridge pods are up and running
161196

162197
```
163198
[root@mycluster-inf bridge_deployment]# oc get po -o wide
164-
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
165-
grafana-bridge-deployment-5bdfcb6956-cpmjl 1/1 Running 0 9s 10.254.4.92 worker0.mycluster.os.fyre.ibm.com <none> <none>
166-
grafana-bridge-deployment-5bdfcb6956-zcq59 1/1 Running 0 9s 10.254.16.118 worker1.mycluster.os.fyre.ibm.com <none> <none>
167-
ibm-spectrum-scale-core-8gqvm 1/1 Running 0 20h 10.16.105.140 worker1.mycluster.os.fyre.ibm.com <none> <none>
168-
ibm-spectrum-scale-core-h5m6n 1/1 Running 0 20h 10.16.105.141 worker2.mycluster.os.fyre.ibm.com <none> <none>
169-
ibm-spectrum-scale-core-mwstf 1/1 Running 0 20h 10.16.97.21 worker0.mycluster.os.fyre.ibm.com <none> <none>
170-
ibm-spectrum-scale-gui-0 9/9 Running 0 20h 10.254.16.108 worker1.mycluster.os.fyre.ibm.com <none> <none>
171-
ibm-spectrum-scale-operator-79cd7dfb68-q4k49 1/1 Running 0 20h 10.254.12.168 worker2.mycluster.os.fyre.ibm.com <none> <none>
172-
ibm-spectrum-scale-pmcollector-0 2/2 Running 0 20h 10.254.4.84 worker0.mycluster.os.fyre.ibm.com <none> <none>
173-
ibm-spectrum-scale-pmcollector-1 2/2 Running 0 20h 10.254.16.109 worker1.mycluster.os.fyre.ibm.com <none> <none>
174-
175-
[root@mycluster-inf bridge_deployment]# oc logs grafana-bridge-deployment-5bdfcb6956-cpmjl
176-
Connection to the collector server established successfully
177-
Successfully retrieved MetaData
178-
Received sensors:
179-
180-
CPU DiskFree GPFSNodeAPI GPFSRPCS GPFSVFSX GPFSWaiters Load Memory Netstat Network TopProc
181-
Initial cherryPy server engine start have been invoked. Python version: 3.6.8 (default, Dec 5 2019, 15:45:45)
199+
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
200+
grafana-bridge-deployment-686f577585-jcr6r 1/1 Running 8 89m 10.254.20.19 worker0.helene.os.fyre.ibm.com <none> <none>
201+
grafana-bridge-deployment-686f577585-wdrcs 1/1 Running 8 89m 10.254.16.19 worker1.helene.os.fyre.ibm.com <none> <none>
202+
ibm-spectrum-scale-core-bpdwp 0/1 Running 0 14h 10.16.69.109 worker1.helene.os.fyre.ibm.com <none> <none>
203+
ibm-spectrum-scale-core-dsnx7 0/1 Running 0 14h 10.16.69.105 worker0.helene.os.fyre.ibm.com <none> <none>
204+
ibm-spectrum-scale-core-rdf54 0/1 Running 0 14h 10.16.69.110 worker2.helene.os.fyre.ibm.com <none> <none>
205+
ibm-spectrum-scale-gui-0 9/9 Running 0 14h 10.254.16.11 worker1.helene.os.fyre.ibm.com <none> <none>
206+
ibm-spectrum-scale-operator-6877d5c9bb-6xtxj 1/1 Running 0 15h 10.254.16.9 worker1.helene.os.fyre.ibm.com <none> <none>
207+
ibm-spectrum-scale-pmcollector-0 2/2 Running 9 8h 10.254.20.16 worker0.helene.os.fyre.ibm.com <none> <none>
208+
ibm-spectrum-scale-pmcollector-1 2/2 Running 0 8h 10.254.16.14 worker1.helene.os.fyre.ibm.com <none> <none>
209+
210+
[root@mycluster-inf bridge_deployment]# oc logs grafana-bridge-deployment-686f577585-jcr6r
211+
2021-04-08 21:12 - INFO - *** IBM Spectrum Scale bridge for Grafana - Version: 7.0 ***
212+
2021-04-08 21:12 - INFO - Successfully retrieved MetaData
213+
2021-04-08 21:12 - INFO - Received sensors:CPU, DiskFree, GPFSNodeAPI, GPFSRPCS, GPFSVFSX, GPFSWaiters, Load, Memory, Netstat, Network, TopProc
214+
2021-04-08 21:12 - INFO - Initial cherryPy server engine start have been invoked. Python version: 3.6.8 (default, Aug 18 2020, 08:33:21)
182215
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)], cherryPy version: 18.6.0.
183-
server started
216+
2021-04-08 21:12 - INFO - server started
184217
185218
```

example_deployment_scripts/bridge_deployment/bridge-deployment.yaml

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,8 @@ spec:
5151
values: [ linux ]
5252
containers:
5353
- name: grafana-bridge
54-
image: <bridge image location/bridge image name:tag>
54+
image: "sys-spectrum-scale-team-cloud-native-docker-local.\
55+
artifactory.swg-devops.com/scale-grafana-bridge-7.0:dev"
5556
env:
5657
- name: SERVER
5758
value: $(IBM_SPECTRUM_SCALE_PERF_QUERY_SERVICE_HOST)
@@ -63,6 +64,18 @@ spec:
6364
value: "tls.crt"
6465
- name: PORT
6566
value: "8443"
67+
- name: SERVERPORT
68+
value: "9981"
69+
- name: APIKEYNAME
70+
valueFrom:
71+
secretKeyRef:
72+
name: scale-grafana-api
73+
key: api-key-name
74+
- name: APIKEYVALUE
75+
valueFrom:
76+
secretKeyRef:
77+
name: scale-grafana-api
78+
key: api-key-value
6679
imagePullPolicy: Always
6780
ports:
6881
- name: http
@@ -81,16 +94,17 @@ spec:
8194
type: DirectoryOrCreate
8295
initContainers:
8396
- name: init-scale-perf-query-service
84-
image: busybox:latest
97+
image: "sys-spectrum-scale-team-cloud-native-docker-local.\
98+
artifactory.swg-devops.com/busybox:latest"
8599
command: ['sh', '-c', "until nslookup ibm-spectrum-scale-perf-query.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for ibm-spectrum-scale-perf-query service; sleep 2; done"]
86100
#######################################################################################################################
87101
#
88102
# in case you are pulling the image from a private Docker registry or repository
89103
# you need to create a Secret based on existing Docker credentials and put the secret name under imagePullSecrets settings
90104
#
91105
#######################################################################################################################
92-
#imagePullSecrets:
93-
# - name: spectrumscale-registrykey
106+
imagePullSecrets:
107+
- name: spectrumscale-registrykey
94108
volumes:
95109
- name: logfiles
96110
emptyDir: {}

example_deployment_scripts/bridge_deployment/secret.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
apiVersion: v1
2+
kind: Secret
3+
metadata:
4+
name: scale-grafana-api
5+
type: Opaque
6+
data:
7+
api-key-name: <YOUR_BASE64_ENCODED_API_KEY_NAME>
8+
api-key-value: <YOUR_BASE64_ENCODED_API_KEY_VALUE>

0 commit comments

Comments
 (0)