Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(grafana): remove separate Grafana service/route/ingress #809

Merged
merged 37 commits into from
May 8, 2024
Merged

chore(grafana): remove separate Grafana service/route/ingress #809

merged 37 commits into from
May 8, 2024

Conversation

andrewazores
Copy link
Member

@andrewazores andrewazores commented May 3, 2024
edited
Loading

Welcome to Cryostat! 👋

Before contributing, make sure you have:

  • Read the contributing guidelines
  • Linked a relevant issue which this PR resolves
  • Linked any other relevant issues, PR's, or documentation, if any
  • Resolved all conflicts, if any
  • Rebased your branch PR on top of the latest upstream main branch
  • Attached at least one of the following labels to the PR: [chore, ci, docs, feat, fix, test]
  • Signed all commits: git commit -S -m "YOUR_COMMIT_MESSAGE"

Depends on #808
Based on #808
Related to #710

Description of the change:

Grafana should now only be accessible through the auth proxy at the /grafana path. It should not have its own separate service, or Route/Ingress, because all traffic must flow through the auth proxy now.

Motivation for the change:

This ensures that Grafana is only accessible using the same authn/authz as the rest of the application.

How to manually test:

  1. Check out PR, build with OPENSHIFT_OAUTH_PROXY_IMG=quay.io/andrewazores/openshift-oauth-proxy:test-14. Deploy Operator and create a Cryostat CR with enableCertManager: false
  2. Open Cryostat web UI and log in via OpenShift SSO as cluster admin
  3. Create a localhost:0 custom target
  4. Start a recording, give it a few moments, then "View in Grafana" it. This should open a new browser tab. The URL should have the same https scheme and the same domain, but should differ in the path - the Grafana dashboard should be at https://cryostat-example.apps.crc-testing/grafana. You should not need to re-login to view this.
  5. Copy the Grafana dashboard URL, then paste into a new private/incongnito window and go. You should be prompted to log in via OpenShift SSO. Log in as cluster admin and you should see the same data as in the previous step. Remove /grafana from the URL and you should go back to the Cryostat UI, without needing to re-login.
  6. Archive the recording, then repeat steps 4 and 5 on that.
  7. oc get routes and oc get services and verify that there is only one Service/Route associated with the Cryostat instance, which points to port 4180 - the authproxy HTTP port.

@mergify mergify bot added the safe-to-test label May 3, 2024
@andrewazores andrewazores added the chore Refactor, rename, cleanup, etc. label May 3, 2024
andrewazores added 25 commits May 6, 2024 09:32
@andrewazores
remove authproperties
65463b3
@andrewazores
rename and refactor database options
7509db2
@andrewazores
fixup! rename and refactor database options
a07729e
@andrewazores
update config.md
20b36d2
@andrewazores
update target discovery description
9bab9f5
@andrewazores
rephrase
9899a68
@andrewazores
reword
a85d116
@andrewazores
rename jmx cache -> targetconnection cache
49e11c5
@andrewazores
fixup! rename jmx cache -> targetconnection cache
ab96178
@andrewazores
add JMC Agent probes bucket to storage precreate list
930303e
@andrewazores
fixup! fixup! rename jmx cache -> targetconnection cache
a50d33b
@andrewazores
grafana env var configuration
e5985b5
@andrewazores
remove grafana basic auth secret since it is now behind the auth proxy
152ea3d
@andrewazores
remove unused volume mounts and env vars
e149d08
@andrewazores
remove unused env var
91ba613
@andrewazores
remove env var that causes grafana to crash
ac40476
@andrewazores
set grafana dashboard external URL correctly
bba2e36
@andrewazores
correct grafana anonymous auth env var key
ebfb936
@andrewazores
use authproxy URL base for Grafana ext URL
39f57c0
@andrewazores
fixup! use authproxy URL base for Grafana ext URL
d3d6de2
@andrewazores
fixup! remove grafana basic auth secret since it is now behind the au…
a12b1f7 
…th proxy
@andrewazores
remove reference to grafana basic auth secret
92abbe0
@andrewazores
regenerate
61989a4
@andrewazores
use different volume subpath for database
95eb376
@andrewazores
regenerate
bdddbc8
@andrewazores andrewazores force-pushed the cryostat3-grafana-route branch from 701e50e to b30715c Compare May 6, 2024 17:35
@andrewazores andrewazores force-pushed the cryostat3-grafana-route branch from f615b02 to 2d2b618 Compare May 7, 2024 18:43
@andrewazores andrewazores mentioned this pull request May 8, 2024
Merged
7 tasks
@github-actions github-actions bot removed the dependent label May 8, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

This PR/issue depends on:

@andrewazores andrewazores marked this pull request as ready for review May 8, 2024 15:46
@andrewazores andrewazores requested a review from ebaron May 8, 2024 15:46
ebaron
ebaron approved these changes May 8, 2024
View reviewed changes
Copy link
Member

@ebaron ebaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@andrewazores andrewazores merged commit 70351e1 into cryostatio:cryostat3 May 8, 2024
5 checks passed
@andrewazores andrewazores deleted the cryostat3-grafana-route branch May 8, 2024 18:05
@andrewazores andrewazores mentioned this pull request May 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ebaron ebaron ebaron approved these changes

Assignees
No one assigned
Labels
chore Refactor, rename, cleanup, etc. safe-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewazores @ebaron