Grafana is a component in StreamNative Platform. It provides observability for StreamNative Platform. Grafana provides dashboards including brokers, bookies, zookeeper, proxy, topic, messages, and so on.

By default, Grafana is enabled with StreamNative Platform. To disable it, you can set monitoring.grafana: false in the values.yaml YAML file.

Configure CPU and memory resources

You can configure the requested and limited CPU and memory resources for the Grafana service in the values.yaml YAML file. Then, you can use the helm upgrade command to restart the StreamNative Platform to make updates effective. For more information about CPU and memory resources, see CPU and memory resources.

grafana:
  resources:
    # keep request = limit to keep this container in guaranteed class
    requests:
      cpu:
      memory:
    limits:
      cpu:
      memory:

Expose Grafana service

StreamNative Platform supports exposing the Grafana service using the LoadBalancer, NodePort, or Istio.

To expose the Grafana service using the LoadBalancer or NodePort, follow these steps.

  1. Enable Grafana and configure the external domain in the values.yaml YAML file.

    ingress:
  controller:
    enabled: true
  control_center:
    enabled: true
    endpoints:
      grafana: true
      external_domain: your.external.control.center.domain
      external_domain_scheme: http://
    tls:
      enabled: false

In Nginx Ingress mode, if ingress.control_center.tls.enabled is set to false (default setting), external_domain_scheme should be http://. Otherwise, it should be https://.

  1. Execute the following command to get the external IP address of the Grafana service.

    kubectl get svc/<release_name>-sn-platform-nginx-ingress-controller -n <k8s_namespace>

  2. Visit http://EXTERNAL_IP/grafana in your browser and then you can log in to Grafana.

Access Grafana service

After getting the external IP address of the Grafana service, you can access it using one of the following methods.

Basic authentication

Basic authentication is enabled by default and works with the built-in Grafana user-password authentication system.

To access the Grafana service by using the username and password, you can specify the user and password properties for the Grafana service in the values.yaml YAML file as follows. By default, both the username and password are pulsar.

grafana:
  admin:
    user: pulsar
    password: pulsar

Make sure to change the password after you log in to the Grafana Dashboard.

Azure AD OAuth2 authentication

The Azure AD authentication allows you to use an Azure Active Directory (Azure AD) tenant as an identity provider for Grafana. You can use Azure AD Application Roles to assign users and groups to Grafana roles from the Azure Portal.

To enable Azure AD OAuth2 authentication for Grafana, follow these steps.

  1. Create an Azure AD OAuth client ID and an Azure AD OAuth client Secret. For details, see Create the Azure AD application.

  2. Enable Azure AD OAuth2 authentication by setting the grafana.azureAuthEnabled to true and providing the Azure AD OAuth client ID and the Azure AD OAuth client Secret in the values.yaml YAML file as follows.

    grafana:
  azureAuthEnabled: true
  azuread:
    client_id: 'AZURE-AD-SSO-CLIENT-ID'
    client_secret: 'AZURE-AD-SSO-CLIENT-SECRET'

  3. Execute the helm upgrade command to update the resource

    helm upgrade -f /path/to/your/values.yaml <release_name> streamnative/sn-platform -n <k8s_namespace>