Grafana

In a containerized deployment, Grafana is configured and run from a Grafana image.

Configuring Grafana

Grafana is configured by environment variables used in the docker run command.

For more information about the configuration, see Configure a Grafana Docker image.

Running a Grafana container

A Grafana container uses a Grafana image maintained by i2 Group on Docker Hub. In the docker run command, you can use -e to pass environment variables to Grafana on the container. The environment variables are described in environment variables

The container will run with a User ID and Group ID of 472. All files in mounted directories will be created with these IDs. If files are manipulated externally these IDs must be retained or the container will not function correctly.

For more information about the command, see docker run reference.

Docker run command

The following docker run command runs a Grafana container:

docker run -d \
   --name "grafana" \
   --net "eia" \
   --net-alias "grafana.eia" \
    -p "3500:3000" \
    -v "grafana_data:/var/lib/grafana" \
    -v "grafana_dashboards:/etc/grafana/dashboards" \
    -v "grafana_provisioning:/etc/grafana/provisioning" \
    -v "/environment-secrets/simulated-secret-store/grafana:/run/secrets" \
    -e GF_SECURITY_ADMIN_USER="grafana" \
    -e GF_SECURITY_ADMIN_PASSWORD="GF_SECURITY_ADMIN_PASSWORD" \
    -e SSL_ENABLED="true" \
    -e SSL_CERTIFICATE_FILE="/run/secrets/server.cer" \
    -e SSL_PRIVATE_KEY_FILE="/run/secrets/server.key" \
    -e PROMETHEUS_URL="https://prometheus.eia:9090" \
    -e PROMETHEUS_USERNAME="prometheus" \
    -e PROMETHEUS_PASSWORD="prometheus" \
    -e SSL_CA_CERTIFICATE="SSL_CA_CERTIFICATE" \
    "i2group/i2eng-grafana:9.2.6"

For an example of the docker run command, see utils/server_functions.sh scripts. The run_grafana function does not take any arguments.

Storage

A named volume or a bind mount can be used to persist data and logs that are generated and used in the Grafana container.

To configure the Grafana container to use the volume, specify the -v option with the name of the volume and the path where the directory is mounted in the container. By setting -v option in the docker run command, a named volume is created. For Grafana, the directory that must be mounted is /var/lib/grafana. For example:

-v "grafana_data:/var/lib/grafana" \
-v "grafana_dashboards:/etc/grafana/dashboards" \
-v "grafana_provisioning:/etc/grafana/provisioning" \
-v "/environment-secrets/simulated-secret-store/grafana:/run/secrets" \

For more information, see Use persistent storage (recommended).

Secrets:
A directory that contains all of the secrets that this tool requires. Specifically this includes credentials to access prometheus and certificates used in SSL. The directory is mounted to /run/secrets inside the container. This can then be used by other environment variables such as GF_SECURITY_ADMIN_USER__FILE to locate the secrets. In a production environment, the orchestration environment can provide the secrets to the file system or the secrets can be passed in via environment variables. The mechanism that is used here simulates the orchestration system providing the secrets as files.

Environment variables

To configure Grafana, you can provide environment variables to the Docker container in the docker run command.

Grafana environment variables

All the configuration options in Grafana can be overridden by environment variables like GF_<SectionName>_<KeyName>.

For more information about Grafana environment variables, see Override configuration with environment variables.

Environment variable	Description
`GF_SECURITY_ADMIN_USER`	The Grafana administrator user name.
`GF_SECURITY_ADMIN_PASSWORD`	The Grafana administrator password.

Grafana SSL

The following environment variables enable you use SSL with Grafana

Environment variable	Description
`SSL_ENABLED`	Can be set to `true` or `false`. If set to `true`, the Grafana server protocol is set to 'https'.
`SSL_PRIVATE_KEY_FILE`	See Secure Environment variables.
`SSL_CERTIFICATE_FILE`	See Secure Environment variables.

Prometheus authentication

The following environment variables are used to configure Grafana to connect to Prometheus as a client:

Environment variable	Description
`PROMETHEUS_USERNAME`	The Prometheus username.
`PROMETHEUS_PASSWORD`	The Prometheus password.
`SSL_CA_CERTIFICATE`	See Secure Environment variables.