> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Grafana

[Grafana](https://grafana.com/) is a component in StreamNative Platform. It provides observability for StreamNative Platform. Grafana provides dashboards including brokers, bookies, zookeeper, proxy, topic, messages, and so on.

By default, Grafana is enabled with StreamNative Platform. To disable it, you can set `monitoring.grafana: false` in the `values.yaml` YAML file.

## Configure CPU and memory resources

You can configure the requested and limited CPU and memory resources for the Grafana service in the `values.yaml` YAML file. Then, you can use the `helm upgrade` command to restart the StreamNative Platform to make updates effective. For more information about CPU and memory resources, see [CPU and memory resources](/private-cloud/v1/operating-streamnative-platform/advanced/cpu-mem-resources).

```yaml theme={null}
grafana:
  resources:
    # keep request = limit to keep this container in guaranteed class
    requests:
      cpu:
      memory:
    limits:
      cpu:
      memory:
```

## Expose Grafana service

StreamNative Platform supports exposing the Grafana service using the [LoadBalancer](/cloud/networking/networking#loadbalancer), [NodePort](/cloud/networking/networking#nodeport), or [Istio](/private-cloud/v1/operating-streamnative-platform/network/istio).

<Tabs>
  <Tab title="LoadBalancer or NodePort">
    To expose the Grafana service using the LoadBalancer or NodePort, follow these steps.

    1. Enable Grafana and configure the external domain in the `values.yaml` YAML file.

       ```yaml theme={null}
       ingress:
         controller:
           enabled: true
         control_center:
           enabled: true
           endpoints:
             grafana: true
             external_domain: your.external.control.center.domain
             external_domain_scheme: http://
           tls:
             enabled: false
       ```

    <Note title="Note">
      In Nginx Ingress mode, if `ingress.control_center.tls.enabled` is set to `false` (default setting), `external_domain_scheme` should be `http://`. Otherwise, it should be `https://`.
    </Note>

    2. Execute the following command to get the external IP address of the Grafana service.

       ```
       kubectl get svc/<release_name>-sn-platform-nginx-ingress-controller -n <k8s_namespace>
       ```

    3. Visit `http://EXTERNAL_IP/grafana` in your browser and then you can log in to Grafana.
  </Tab>

  <Tab title="Istio">
    When [Istio](https://istio.io/latest/) is enabled, you can expose the Grafana service using Istio. For details about how to expose the Grafana service using Istio, see [access Grafana](/private-cloud/v1/operating-streamnative-platform/network/istio#access-grafana).
  </Tab>
</Tabs>

## Access Grafana service

After getting the external IP address of the Grafana service, you can access it using one of the following methods.

### Basic authentication

Basic authentication is enabled by default and works with the built-in Grafana user-password authentication system.

To access the Grafana service by using the username and password, you can specify the `user` and `password` properties for the Grafana service in the `values.yaml` YAML file as follows. By default, both the username and password are `pulsar`.

```yaml theme={null}
grafana:
  admin:
    user: pulsar
    password: pulsar
```

<Note title="Note">
  Make sure to change the password after you log in to the Grafana Dashboard.
</Note>

### Azure AD OAuth2 authentication

The Azure AD authentication allows you to use an Azure Active Directory (Azure AD) tenant as an identity provider for Grafana. You can use Azure AD Application Roles to assign users and groups to Grafana roles from the [Azure Portal](https://portal.azure.com/).

To enable Azure AD OAuth2 authentication for Grafana, follow these steps.

1. Create an Azure AD OAuth client ID and an Azure AD OAuth client Secret. For details, see [Create the Azure AD application](https://grafana.com/docs/grafana/latest/auth/azuread/#create-the-azure-ad-application).

2. Enable Azure AD OAuth2 authentication by setting the `grafana.azureAuthEnabled` to `true` and providing the Azure AD OAuth client ID and the Azure AD OAuth client Secret in the `values.yaml` YAML file as follows.

   ```yaml theme={null}
   grafana:
     azureAuthEnabled: true
     azuread:
       client_id: 'AZURE-AD-SSO-CLIENT-ID'
       client_secret: 'AZURE-AD-SSO-CLIENT-SECRET'
   ```

3. Execute the `helm upgrade` command to update the resource

   ```bash theme={null}
   helm upgrade -f /path/to/your/values.yaml <release_name> streamnative/sn-platform -n <k8s_namespace>
   ```

## Related topics

* [Monitor StreamNative Platform With Grafana Dashboard](/private-cloud/v1/monitor/sn-monitor)
