Grafana
In a containerized deployment, Grafana is configured and run from a Grafana image.
Configuring Grafana
Grafana is configured by environment variables used in the docker run command.
For more information about the configuration, see Configure a Grafana Docker image.
Running a Grafana container
A Grafana container uses a Grafana image maintained
by i2 Group on Docker Hub. In the docker run
command, you can use -e
to pass environment variables to Grafana on
the container. The environment variables are described in environment variables
The container will run with a User ID and Group ID of 472
. All files in mounted directories will be created
with these IDs. If files are manipulated externally these IDs must be retained or the container will not
function correctly.
For more information about the command, see docker run reference.
Docker run command
The following docker run
command runs a Grafana container:
docker run -d \
--name "grafana" \
--net "eia" \
--net-alias "grafana.eia" \
-p "3500:3000" \
-v "grafana_data:/var/lib/grafana" \
-v "grafana_dashboards:/etc/grafana/dashboards" \
-v "grafana_provisioning:/etc/grafana/provisioning" \
-v "/environment-secrets/simulated-secret-store/grafana:/run/secrets" \
-e GF_SECURITY_ADMIN_USER="grafana" \
-e GF_SECURITY_ADMIN_PASSWORD="GF_SECURITY_ADMIN_PASSWORD" \
-e SSL_ENABLED="true" \
-e SSL_CERTIFICATE_FILE="/run/secrets/server.cer" \
-e SSL_PRIVATE_KEY_FILE="/run/secrets/server.key" \
-e PROMETHEUS_URL="https://prometheus.eia:9090" \
-e PROMETHEUS_USERNAME="prometheus" \
-e PROMETHEUS_PASSWORD="prometheus" \
-e SSL_CA_CERTIFICATE="SSL_CA_CERTIFICATE" \
"i2group/i2eng-grafana:9.2.6"
For an example of the docker run
command, see utils/server_functions.sh
scripts. The run_grafana
function
does not take any arguments.
Storage
A named volume or a bind mount can be used to persist data and logs that are generated and used in the Grafana container.
To configure the Grafana container to use the volume, specify the -v
option with the name of the volume and
the path where the directory is mounted in the container. By setting -v
option in the docker run command, a
named volume is created. For Grafana, the directory that must be mounted is /var/lib/grafana
.
For example:
-v "grafana_data:/var/lib/grafana" \
-v "grafana_dashboards:/etc/grafana/dashboards" \
-v "grafana_provisioning:/etc/grafana/provisioning" \
-v "/environment-secrets/simulated-secret-store/grafana:/run/secrets" \
For more information, see Use persistent storage (recommended).
Secrets:
A directory that contains all of the secrets that this tool requires. Specifically this includes credentials to
access prometheus and certificates used in SSL. The directory is mounted to /run/secrets
inside the container. This can then be used by other environment variables such as GF_SECURITY_ADMIN_USER__FILE
to locate
the secrets. In a production environment, the orchestration environment can provide the secrets to the file
system or the secrets can be passed in via environment variables. The mechanism that is used here simulates
the orchestration system providing the secrets as files.
Environment variables
To configure Grafana, you can provide environment variables to the Docker container in the docker run
command.
Grafana environment variables
All the configuration options in Grafana can be overridden by environment variables like GF_<SectionName>_<KeyName>
.
For more information about Grafana environment variables, see Override configuration with environment variables.
Environment variable | Description |
---|---|
GF_SECURITY_ADMIN_USER |
The Grafana administrator user name. |
GF_SECURITY_ADMIN_PASSWORD |
The Grafana administrator password. |
Grafana SSL
The following environment variables enable you use SSL with Grafana
Environment variable | Description |
---|---|
SSL_ENABLED |
Can be set to true or false . If set to true , the Grafana server protocol is set to 'https'. |
SSL_PRIVATE_KEY_FILE |
See Secure Environment variables. |
SSL_CERTIFICATE_FILE |
See Secure Environment variables. |
Prometheus authentication
The following environment variables are used to configure Grafana to connect to Prometheus as a client:
Environment variable | Description |
---|---|
PROMETHEUS_USERNAME |
The Prometheus username. |
PROMETHEUS_PASSWORD |
The Prometheus password. |
SSL_CA_CERTIFICATE |
See Secure Environment variables. |