Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for API served via HTTPS when preferService: true #772

Merged
merged 4 commits into from Jun 12, 2022
Merged

feat: Add support for API served via HTTPS when preferService: true #772

merged 4 commits into from Jun 12, 2022

Conversation

weisdd
Copy link
Collaborator

@weisdd weisdd commented Jun 6, 2022

Description

Noticed the issue #642, where a user complains that grafana-operator cannot manage grafana instance which exposes its API via https.

The reason for that is quite simple. - (r *ReconcileGrafana) getGrafanaAdminUrl always assumes that grafana instance serves HTTP when preferService: true.
Grafana itself supports http, https, h2, and socket (source). I think operator can only be guaranteed to work with http and https. h2 might be served via different protocols (HTTP / HTTPS), which makes its setup more complicated, so IMO it's better not support it at all. socket is definitely not the way operator is set up to work.

Relevant issues/tickets

Fixes: #642

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • This change requires a documentation update
  • I have added tests that prove my fix is effective or that my feature works
  • I have added a test case that will be used to verify my changes
  • Verified independently on a cluster by reviewer

Verification steps

  1. Generate cert:
$ openssl genrsa -out ca.key 2048
$ openssl req -x509 -new -nodes -days 365 -key ca.key -out ca.crt -subj "/CN=yourdomain.com"
kubectl create secret tls my-tls-secret --key ca.key --cert ca.crt
  1. Deploy grafana with a spec similar to this:
spec:
  client:
    preferService: true
    timeout: 5
  config:
    server:
      cert_file: /etc/grafana/secrets/tls/tls.crt
      cert_key: /etc/grafana/secrets/tls/tls.key
      protocol: https
  dashboardLabelSelector:
  - matchLabels:
      app.kubernetes.io/instance: grafana-operator
  deployment:
    extraVolumeMounts:
    - mountPath: /etc/grafana/secrets/tls
      name: tls
    extraVolumes:
    - name: tls
      secret:
        secretName: my-tls-secret

For discussion

Please, let me know if you agree with the overall implementation. Once that is done, I can add some tests.

@weisdd
feat: HTTPS admin URL
0c466fa 
Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
HubertStefanski
HubertStefanski approved these changes Jun 7, 2022
View reviewed changes
Copy link
Collaborator

@HubertStefanski HubertStefanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the contribution! @weisdd

@weisdd
chore: added tests for getGrafanaAdminUrl
6e3da32 
Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
@weisdd
Copy link
Collaborator Author

weisdd commented Jun 7, 2022

@HubertStefanski yw. I've just added some tests. Since there are plenty of factors that influence the end result and I tried to cover the preexisting cases as well, the code is slightly monstrous :) Please, feel free to make any changes if needed.

@HubertStefanski HubertStefanski merged commit 3fe7486 into grafana:master Jun 12, 2022
@anushanagireddy0430 anushanagireddy0430 mentioned this pull request Jul 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HubertStefanski HubertStefanski HubertStefanski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] CRDS not working when Grafana running under protocol https
2 participants
@weisdd @HubertStefanski