[FIX] OpenShift: Configure sidecars to use port 3001 and https (#737)

gsmith-sas · web-flow · commit 6839989f74ba · 2025-04-14T17:39:10.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 # SAS Viya Monitoring for Kubernetes
 
-## Unreleased
+
+## unreleased
+* **Metrics**
+  * [FIX] Corrected bugs related to authentication/TLS configuration of Grafana sidecars on OpenShift which prevented auto-provisioning of 
+datasources and dashboards
+* **Logging**
   * [UPGRADE] Fluent Bit upgraded from 3.2.6 to 3.2.10 (includes security fixes)
   * [UPGRADE] Fluent Bit Helm chart upgraded from 0.48.6 to 0.48.9
 
diff --git a/monitoring/bin/deploy_monitoring_openshift.sh b/monitoring/bin/deploy_monitoring_openshift.sh
@@ -163,7 +163,8 @@ if [ "$OPENSHIFT_AUTH_ENABLE" == "true" ]; then
   extraArgs="--set service.targetPort=3001"
 else
   grafanaAuthYAML="monitoring/openshift/grafana-tls-only-values.yaml"
-  log_debug "Creating the Grafana service to generate TLS certs..."
+  #Creating the service now b/c certs will be generated and must exist prior to pod starting
+  log_debug "Creating the Grafana service; annotations will trigger generation of TLS certs."
   kubectl apply -n $MON_NS -f monitoring/openshift/v4m-grafana-svc.yaml
   log_debug "Sleeping 5 sec..."
   sleep 5
diff --git a/monitoring/grafana-datasource-opensearch.yaml b/monitoring/grafana-datasource-opensearch.yaml
@@ -1,5 +1,5 @@
 apiVersion: 1
-deleteDatasources: 
+deleteDatasources:
 - name: ViyaLogs
 prune: true
 datasources:
diff --git a/monitoring/openshift/grafana-proxy-values.yaml b/monitoring/openshift/grafana-proxy-values.yaml
@@ -5,7 +5,7 @@
     disable_login_form: true
     disable_signout_menu: true
   "auth.basic":
-    enabled: false
+    enabled: true
   "auth.proxy":
     auto_sign_up: true
     enabled: true
diff --git a/monitoring/openshift/grafana-tls-only-values.yaml b/monitoring/openshift/grafana-tls-only-values.yaml
@@ -17,6 +17,17 @@ extraSecretMounts:
   readOnly: true
   subPath: ""
 
+sidecar:
+  dashboards:
+    reloadURL: "https://localhost:3001/api/admin/provisioning/dashboards/reload"    
+    env:
+      REQ_SKIP_TLS_VERIFY: true
+  datasources:
+    defaultDatasourceEnabled: false
+    reloadURL: "https://localhost:3001/api/admin/provisioning/datasources/reload"    
+    env:
+      REQ_SKIP_TLS_VERIFY: true
+
 service:
   enabled: false
 
diff --git a/monitoring/openshift/grafana-values.yaml b/monitoring/openshift/grafana-values.yaml
@@ -78,3 +78,5 @@ testFramework:
     mode: console
   "log.console":
       format: json
+  "auth.basic":
+    enabled: true
diff --git a/monitoring/openshift/v4m-grafana-svc.yaml b/monitoring/openshift/v4m-grafana-svc.yaml
@@ -7,14 +7,15 @@ metadata:
     service.beta.openshift.io/serving-cert-secret-name: v4m-grafana-tls-secret
   labels:
     app.kubernetes.io/name: grafana
-    app.kubernetes.io/version: 9.5.5
+    app.kubernetes.io/instance: v4m-grafana
 spec:
   ports:
   - name: service
     port: 80
     protocol: TCP
     targetPort: 3001
   selector:
+    app.kubernetes.io/instance: v4m-grafana
     app.kubernetes.io/name: grafana
   sessionAffinity: None
   type: ClusterIP
