Grafana upgrade in VIP Authentication Hub
search cancel

Grafana upgrade in VIP Authentication Hub

book

Article ID: 280131

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction


Running VIP Authentication Hub, is the latest version of Grafana is compatible with the latest version of VIP Authentication Hub?

This Grafana upgrade is intended to fix vulnerabilities.

 

Resolution


Upgrade to the latest chart version of

  grafana-operator 3.7.1
  kube-prometheus 8.25.6

on K8S 1.25, 1.27 and 1.28 clusters with SSP 2.13, 2.2.1, and latest development builds.

Note:

  1. There is a parameter change in latest grafana-operator chart deployment command, refer example below:

    # helm install grafana-operator bitnami/grafana-operator -n monitoring --version=3.7.1 --set operator.containerSecurityContext.readOnlyRootFilesystem=true --set grafana.image.repository=bitnami/grafana --set grafana.config.security.admin_password=<password> --set grafana.ingress.enabled=true --set grafana.ingress.ingressClassName=nginx --set grafana.ingress.host=<grafana-ingress-hostname> --set grafana.ingress.tls=true --set grafana.ingress.tlsSecret=monitoring-general-tls

  2. Additional parameters needed while deploying latest kube-prometheus chart, refer example below:

    # helm install prometheus-operator bitnami/kube-prometheus -n monitoring --version=8.25.6 --set alertmanager.ingress.enabled=true --set alertmanager.ingress.ingressClassName=nginx --set alertmanager.ingress.hostname=<alertmanager-ingress-hostname> --set alertmanager.ingress.tls=true --set prometheus.persistence.enabled=true --set alertmanager.persistence.enabled=true --set prometheus.scrapeInterval=1m --set prometheus.evaluationInterval=1m

Here's the procedure to upgrade Grafana to Prometheus-operator 8.25.6 and Grafana-Operator 3.7.1:

  1.  Load bitnami helm repo

    # helm repo add bitnami https://charts.bitnami.com/bitnami
    # helm repo update

  2. Upgrade prometheus-operator

    # helm upgrade --install prometheus-operator bitnami/kube-prometheus -n monitoring --set alertmanager.ingress.enabled=true --set alertmanager.ingress.ingressClassName=nginx --set alertmanager.ingress.hostname=<alertmanager_ing_hostname>  --set alertmanager.ingress.tls=true --version=8.25.6 --set prometheus.persistence.enabled=true --set alertmanager.persistence.enabled=true --set prometheus.scrapeInterval=1m --set prometheus.evaluationInterval=1m

  3. Apply CRDs

    # helm pull  bitnami/grafana-operator --version=3.7.1 --untar
    # kubectl apply -f grafana-operator/grafanadashboards.integreatly.org.yaml -n monitoring
    # kubectl apply -f grafana-operator/grafanafolders.integreatly.org.yaml -n monitoring
    # kubectl apply -f grafana-operator/grafanadatasources.integreatly.org.yaml -n monitoring
    # kubectl apply -f grafana-operator/grafanas.integreatly.org.yaml -n monitoring

  4. Upgrade grafana-operator

    # helm upgrade --install grafana-operator bitnami/grafana-operator -n monitoring --set operator.containerSecurityContext.readOnlyRootFilesystem=true --set grafana.image.repository=bitnami/grafana --set grafana.config.security.admin_password=<password> --set grafana.ingress.enabled=true --set grafana.ingress.ingressClassName=nginx --set grafana.ingress.host=<grafana_ing_hostname> --set grafana.ingress.tls=true --set grafana.ingress.tlsSecret=monitoring-general-tls --set-string  grafana.labels.dashboards="ssp-grafana" --version=3.7.1

  5. Configure GrafanaDatasource

    # cat <<EOF | kubectl apply -n monitoring -f -
        apiVersion: grafana.integreatly.org/v1beta1
        kind: GrafanaDatasource
        metadata:
          name: prometheus-datasource
        spec:
          datasource:
            name: Prometheus
            type: prometheus
            access: proxy
            editable: true
            isDefault: true
            url: 'http://prometheus-operator-kube-p-prometheus.monitoring.svc:9090'
            jsonData:
              timeInterval: 5s
          instanceSelector:
            matchLabels:
              dashboards: "ssp-grafana"
       EOF

 

Note:

Grafana being part of enclave services, and they are completely independent of the VIP Authentication Hub.

As such, no limit is advised here of the Grafana version.

Broadcom doesn't maintain any compatibility matrix with enclave services.

As mostly an open source resource, enclave services provide very limited documentation. 

As such, if any problem encountered by upgrading these version, it's suggested to remove Grafana and its dependencies and install them back to the upgraded version.

 

Powered by Wolken Software