grafana版本: 5.0.3
grafana通过k8s方式安装,所以需将配置文件挂载过去。
cat grafana-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-configmap-conf
data:
config.ini: |+
[database]
path = /data/grafana.db
[paths]
data = /data
logs = /data/log
plugins = /data/plugins
[session]
provider = memory
[auth.basic]
enabled = false
[auth.anonymous]
enabled = true
[auth.ldap]
enabled = true #开启ldap认证
allow_sign_up = true #允许注册/创建用户
config_file = /grafana/conf/ldap.toml #配置文件路径
---
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-configmap-ldap
data:
ldap.toml: |+
[[servers]]
host = "ldap.xxxxx.net"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=Manager,dc=ldap,dc=xxxxx,dc=net"
bind_password = 'xxxxx'
search_filter = "(cn=%s)"
search_base_dns = ["dc=ldap,dc=xxxxx,dc=net"]
group_search_base_dns = ["ou=grafana,dc=ldap,dc=xxxxx,dc=net"]
group_search_filter = "(objectClass=groupOfUniqueNames)"
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "cn"
email = "email"
[[servers.group_mappings]]
group_dn = "grafana-software-admin"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "grafana-software-users"
org_role = "Viewer"
#注意 group_dn 不要配置成 cn=grafana-software-admin,dc=xx,dc=xx,dc=xx 会一直报错
t=2018-09-10T10:21:38+0000 lvl=info msg="Ldap Auth: user does not belong in any of the specified ldap groups" logger=ldap username=xxxx@xxxx.com groups=[grafana-software-admin]
grafana deployment 文件中添加(标红部分):
cat grafana-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: grafana
spec:
replicas: 1
template:
metadata:
labels:
app: grafana
spec:
securityContext:
runAsNonRoot: true
runAsUser: 65534
containers:
- name: grafana
image: quay.io/coreos/monitoring-grafana:5.0.3
volumeMounts:
- name: grafana-storage
mountPath: /data
- name: grafana-datasources
mountPath: /grafana/conf/provisioning/datasources
- name: grafana-dashboards
mountPath: /grafana/conf/provisioning/dashboards
- name: grafana-dashboard-definitions-0
mountPath: /grafana-dashboard-definitions/0
- name: grafana-conf
mountPath: /grafana/conf/config.ini
#readOnly: true
subPath: config.ini
- name: grafana-ldap
mountPath: /grafana/conf/ldap.toml
#readOnly: true
subPath: ldap.toml
ports:
- name: web
containerPort: 3000
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 200Mi
cpu: 200m
volumes:
- name: grafana-storage
persistentVolumeClaim:
claimName: grafana
#emptyDir: {}
- name: grafana-datasources
configMap:
name: grafana-datasources
- name: grafana-dashboards
configMap:
name: grafana-dashboards
- name: grafana-dashboard-definitions-0
configMap:
name: grafana-dashboard-definitions-0
- name: grafana-conf
configMap:
name: grafana-configmap-conf
defaultMode: 0600
- name: grafana-ldap
configMap:
name: grafana-configmap-ldap
defaultMode: 0600
nodeSelector:
role: monitor
接下来通过ldap账号 登录 验证配置是否成功。
参考链接:http://docs.grafana.org/installation/ldap/