From d86400493aea42594c40de27441204f56c03238f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 00:37:49 +0200 Subject: [PATCH 1/9] grafana cd: sort deployments alphabetically --- .../workflows/deploy-grafana-dashboards.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 4b1ad09419..d926d4d22f 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -12,23 +12,24 @@ jobs: include: # The grafana for 2i2c cluster holds also info about all other clusters - cluster_name: 2i2c + - cluster_name: 2i2c-aws-us + - cluster_name: 2i2c-uk + - cluster_name: awi-ciroh + - cluster_name: callysto - cluster_name: carbonplan - cluster_name: cloudbank + - cluster_name: gridsst - cluster_name: leap - cluster_name: m2lines - cluster_name: meom-ige + - cluster_name: nasa-cryo + - cluster_name: nasa-veda - cluster_name: openscapes - cluster_name: pangeo-hubs + - cluster_name: ubc-eoas - cluster_name: utoronto - - cluster_name: awi-ciroh - - cluster_name: callysto - - cluster_name: 2i2c-uk - - cluster_name: nasa-cryo - - cluster_name: gridsst - cluster_name: victor - - cluster_name: 2i2c-aws-us - - cluster_name: ubc-eoas - - cluster_name: nasa-veda + steps: - name: Checkout repo From cc7f8d334ad30a75b378402e095fab4d422d76fe Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 00:38:25 +0200 Subject: [PATCH 2/9] grafana cd: add missing jobs for qcl, smithsonian, jmte, linked-earth --- .github/workflows/deploy-grafana-dashboards.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index d926d4d22f..18297caab3 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -19,13 +19,17 @@ jobs: - cluster_name: carbonplan - cluster_name: cloudbank - cluster_name: gridsst + - cluster_name: jupyter-meets-the-earth - cluster_name: leap + - cluster_name: linked-earth - cluster_name: m2lines - cluster_name: meom-ige - cluster_name: nasa-cryo - cluster_name: nasa-veda - cluster_name: openscapes - cluster_name: pangeo-hubs + - cluster_name: qcl + - cluster_name: smithsonian - cluster_name: ubc-eoas - cluster_name: utoronto - cluster_name: victor From da09b9fd7e3e56d012fb2b90b628e26ddf6b2d89 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 00:54:18 +0200 Subject: [PATCH 3/9] qcl: fix grafana chart config indentation for github auth --- config/clusters/qcl/support.values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/qcl/support.values.yaml b/config/clusters/qcl/support.values.yaml index 4cf12122c4..8154c5b59c 100644 --- a/config/clusters/qcl/support.values.yaml +++ b/config/clusters/qcl/support.values.yaml @@ -23,9 +23,9 @@ grafana: grafana.ini: server: root_url: https://grafana.quantifiedcarbon.com/ - auth.github: - enabled: true - allowed_organizations: 2i2c-org + auth.github: + enabled: true + allowed_organizations: 2i2c-org QuantifiedCarbon ingress: hosts: - grafana.qcl.2i2c.cloud From 8c407de1f01f388c92b74a18cab0621c2bbf02ad Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 01:05:08 +0200 Subject: [PATCH 4/9] qcl: add github auth for grafana instance --- config/clusters/qcl/enc-support.secret.values.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/config/clusters/qcl/enc-support.secret.values.yaml b/config/clusters/qcl/enc-support.secret.values.yaml index 5ba2d23f26..4c199340c6 100644 --- a/config/clusters/qcl/enc-support.secret.values.yaml +++ b/config/clusters/qcl/enc-support.secret.values.yaml @@ -1,6 +1,11 @@ prometheusIngressAuthSecret: username: ENC[AES256_GCM,data:iB5bF1oqHG3zAMTf6flHGy82OtBEdH1mJej3nPQNwhpUAYnDAt39GCjUyeL6sNZHplxj7wpjLivlXGajqYxEDQ==,iv:xoVgueVKvSgclTSG46o0p+gImFzp0cu1M4arBwUPtTY=,tag:mysqYMEwFWnDYV/k+VIhCQ==,type:str] password: ENC[AES256_GCM,data:ZELmo3NoENJ+ilLbSuFZzaZpqHteZFZM60TS9bGvVNVufsBB38AomEEAXI/MpEXeUWMzs/3L+edcYP3Xuq3ygw==,iv:hkT4M+6KfEBUNt2z8JdKtensjq+ExclbtkXGeZn8ib4=,tag:NN2HowJJrJjSY01+FP641w==,type:str] +grafana: + grafana.ini: + auth.github: + client_id: ENC[AES256_GCM,data:WhCUHK9/097VWQcEABXkYOG7OH0=,iv:GtaLxzAvjX/LzRxxwpk2P1LgGET+RVO6RjF16ZYC2Kc=,tag:mrIP4WyqddZ1n977OjBOnQ==,type:str] + client_secret: ENC[AES256_GCM,data:f8OikvqqVZurJYjEX/H529oH5kd5zdLYkMwtEW1AnmPESEA+CkoCbA==,iv:wn/gvjlpz584Zd9XwWmbcZrQ3k0LFJtoxFknkOcj2yQ=,tag:tPYxG0RuVpVSElhpX9XyDA==,type:str] sops: kms: [] gcp_kms: @@ -10,8 +15,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-03-02T16:01:07Z" - mac: ENC[AES256_GCM,data:4pf9l0nXSswiwf7W8sOREinFqgX0AvxREpUJkEf5VwdelMz1M3+qYDT20nK4entSe7iUjsu23j0GXsOoNiP5q/SYE6CaVQyp08JSx3c6ajKakTu5bQykYH22SB1F2ZFagma1aTFe+0Isil64hm+Cqq3wF8pEhp2KF1MrYOkn+XQ=,iv:+8JFA3Z4FfEjVdu7jvxFHam25YFBtlJJvlO3T4BvPDU=,tag:l1Bxs6Qb9RQWhXqmYjY4mg==,type:str] + lastmodified: "2023-05-08T22:59:35Z" + mac: ENC[AES256_GCM,data:Lg84kK9L3uzhXAhbtpRh4EB1Kg3HCEXmOdMERx5GeT/E4ncW5i+CtEtmtQKjZEVrJXSU9UuBceOvHN1QcB0+cuUBtK10ctnb5J/xgqgLf/LWighiiu0AEIMsxE+a6333hjudo1It7iUPbp9rObWIC1EGuCeIj2tuyoogNQJejW8=,iv:m/vZVIMCAPf9g5fXfcvORvoau9zbaoFnl6OY/VRC0x0=,tag:cZ+Gck1QfhL7x9TExCry3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From 099ab4d64e7e6c93f791194d5f829ba24096ed5a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 01:24:02 +0200 Subject: [PATCH 5/9] qcl: setup a domain redirect for grafana --- config/clusters/qcl/support.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/qcl/support.values.yaml b/config/clusters/qcl/support.values.yaml index 8154c5b59c..0972fcffe3 100644 --- a/config/clusters/qcl/support.values.yaml +++ b/config/clusters/qcl/support.values.yaml @@ -7,6 +7,8 @@ redirects: to: staging.quantifiedcarbon.com - from: qcl.2i2c.cloud to: jupyter.quantifiedcarbon.com + - from: grafana.qcl.2i2c.cloud + to: grafana.quantifiedcarbon.com prometheus: server: From 3fa67766786339750bb41f499f87c5ad193377a9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 01:24:22 +0200 Subject: [PATCH 6/9] docs: update details about grafana config --- docs/howto/grafana-github-auth.md | 10 +++++++++- helm-charts/support/values.yaml | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/howto/grafana-github-auth.md b/docs/howto/grafana-github-auth.md index 7c2a96400a..a02c953cc9 100644 --- a/docs/howto/grafana-github-auth.md +++ b/docs/howto/grafana-github-auth.md @@ -28,7 +28,15 @@ To enable logging into Grafana using GitHub, follow these steps: grafana: grafana.ini: server: - root_url: https:// + # root_url should point to the domain we redirect to if we have multiple + # domain names configured and redirects from one to another + # + # FIXME: root_url is also required to be the same as the + # grafana.ingress.hosts[0] config specifically until + # https://github.com/2i2c-org/infrastructure/issues/2533 is + # resolved. + # + root_url: https:/// auth.github: enabled: true # allowed_organizations should be a space separated list diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index de37be66c6..1d14157f50 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -246,7 +246,7 @@ grafana: # secret: # # server: - # root_url: https://grafana..2i2c.cloud + # root_url: https://grafana..2i2c.cloud/ # auth.github: # enabled: true # allowed_organizations: "2i2c-org some-other-gh-org" From 020e923d820d2b1729747ff29737ef686f2802cb Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 01:42:41 +0200 Subject: [PATCH 7/9] qcl: fix grafana issue with hostname and deployer script The function get_grafana_url reads ingress.hosts[0] specifically, which is a broken assumption. We should fix this by looking at root_url instead in another PR. --- config/clusters/qcl/support.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/qcl/support.values.yaml b/config/clusters/qcl/support.values.yaml index 0972fcffe3..5b0ad7246a 100644 --- a/config/clusters/qcl/support.values.yaml +++ b/config/clusters/qcl/support.values.yaml @@ -30,10 +30,10 @@ grafana: allowed_organizations: 2i2c-org QuantifiedCarbon ingress: hosts: - - grafana.qcl.2i2c.cloud - grafana.quantifiedcarbon.com + - grafana.qcl.2i2c.cloud tls: - secretName: grafana-tls hosts: - - grafana.qcl.2i2c.cloud - grafana.quantifiedcarbon.com + - grafana.qcl.2i2c.cloud From 8b76f4707ba234d11b453198e91860186cdd1991 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 01:53:15 +0200 Subject: [PATCH 8/9] jmte: add grafana token for dashboard deployments --- .../enc-grafana-token.secret.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 config/clusters/jupyter-meets-the-earth/enc-grafana-token.secret.yaml diff --git a/config/clusters/jupyter-meets-the-earth/enc-grafana-token.secret.yaml b/config/clusters/jupyter-meets-the-earth/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..a0fadde04b --- /dev/null +++ b/config/clusters/jupyter-meets-the-earth/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:eEkdDwt4Nh5A3vK+0gZWKFClfX8r432opI5k+DDSs5Xubl8uMBYL7dQDPKwJ1Q==,iv:GIcnnq6A8FlC5n0zIcBtRXarbiVPIyUD4IA0upwv/iY=,tag:hpuE3LjlkOHnfRgS8EEr1Q==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-05-08T23:52:20Z" + enc: CiUA4OM7eMWtsPtGolINvWRXEfk4g47adZDWn9sU/Dx5Ncw8DJWgEkkALQgViHdizcHRkCq7nYnKwxDED5hO786C0CzFoP7dTKlncH+CHD4DPVJLTqbipss7jlDs3Aa4j2o3AiwpiLIYhEQ+dOR/xuip + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-05-08T23:52:21Z" + mac: ENC[AES256_GCM,data:nCdHJEhLW6PO3sldQunY/aG/ugH75lL+D9YOZUA5HiOR42LXtxP35IO9MEepSpEzmDkC1wkKOHiXGbBeDAZFhhbHbv8oJp9lbO0crO9fKYeMdWy1lg1mTfc1EtJ5Mx7Xujfbh4gMunFaM9+hw2siy1Y6b7GiZ9VLGbiBaLnPgAg=,iv:yexANic9yZn2o0bzJRTDt7n1rtzoFuNV2XLspMsgRZw=,tag:znGhZZudQ0DS4YKcKcpdEg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From 3bd5c2b4d21959b2b86d1801f23526d613ff9ade Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 May 2023 13:39:51 +0200 Subject: [PATCH 9/9] pre-commit: remove blank space --- .github/workflows/deploy-grafana-dashboards.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 18297caab3..ca5c0eafdc 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -34,7 +34,6 @@ jobs: - cluster_name: utoronto - cluster_name: victor - steps: - name: Checkout repo uses: actions/checkout@v3