ldap集成grafana

Posted imcati

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ldap集成grafana相关的知识,希望对你有一定的参考价值。

grafana版本: 5.0.3

grafana通过k8s方式安装,所以需将配置文件挂载过去。

cat grafana-configmap.yaml

apiVersion: v1 kind: ConfigMap metadata: name: grafana-configmap-conf data: config.ini: |+ [database] path = /data/grafana.db [paths] data = /data logs = /data/log plugins = /data/plugins [session] provider = memory [auth.basic] enabled = false [auth.anonymous] enabled = true [auth.ldap] enabled = true #开启ldap认证 allow_sign_up = true #允许注册/创建用户 config_file = /grafana/conf/ldap.toml #配置文件路径 --- apiVersion: v1 kind: ConfigMap metadata: name: grafana-configmap-ldap data: ldap.toml: |+ [[servers]] host = "ldap.xxxxx.net" port = 389 use_ssl = false start_tls = false ssl_skip_verify = false bind_dn = "cn=Manager,dc=ldap,dc=xxxxx,dc=net" bind_password = ‘xxxxx‘ search_filter = "(cn=%s)" search_base_dns = ["dc=ldap,dc=xxxxx,dc=net"] group_search_base_dns = ["ou=grafana,dc=ldap,dc=xxxxx,dc=net"] group_search_filter = "(objectClass=groupOfUniqueNames)" [servers.attributes] name = "givenName" surname = "sn" username = "cn" member_of = "cn" email = "email" [[servers.group_mappings]] group_dn = "grafana-software-admin" org_role = "Admin" [[servers.group_mappings]] group_dn = "grafana-software-users" org_role = "Viewer"

#注意 group_dn 不要配置成 cn=grafana-software-admin,dc=xx,dc=xx,dc=xx 会一直报错

t=2018-09-10T10:21:38+0000 lvl=info msg="Ldap Auth: user does not belong in any of the specified ldap groups" logger=ldap username=[email protected] groups=[grafana-software-admin]

grafana deployment 文件中添加(标红部分):

cat grafana-deployment.yaml

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: grafana
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: grafana
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
      containers:
      - name: grafana
        image: quay.io/coreos/monitoring-grafana:5.0.3
        volumeMounts:
        - name: grafana-storage
          mountPath: /data
        - name: grafana-datasources
          mountPath: /grafana/conf/provisioning/datasources
        - name: grafana-dashboards
          mountPath: /grafana/conf/provisioning/dashboards
        - name: grafana-dashboard-definitions-0
          mountPath: /grafana-dashboard-definitions/0
        - name: grafana-conf
          mountPath: /grafana/conf/config.ini
          #readOnly: true
          subPath: config.ini
        - name: grafana-ldap
          mountPath: /grafana/conf/ldap.toml
          #readOnly: true
          subPath: ldap.toml
        ports:
        - name: web
          containerPort: 3000
        resources:
          requests:
            memory: 100Mi
            cpu: 100m
          limits:
            memory: 200Mi
            cpu: 200m
      volumes:
      - name: grafana-storage
        persistentVolumeClaim:
          claimName: grafana
        #emptyDir: {}
      - name: grafana-datasources
        configMap:
          name: grafana-datasources
      - name: grafana-dashboards
        configMap:
          name: grafana-dashboards
      - name: grafana-dashboard-definitions-0
        configMap:
          name: grafana-dashboard-definitions-0
      - name: grafana-conf
        configMap:
          name: grafana-configmap-conf
          defaultMode: 0600
      - name: grafana-ldap
        configMap:
          name: grafana-configmap-ldap
          defaultMode: 0600
      nodeSelector:
       role: monitor

接下来通过ldap账号 登录 验证配置是否成功。

参考链接:http://docs.grafana.org/installation/ldap/



以上是关于ldap集成grafana的主要内容,如果未能解决你的问题,请参考以下文章

Rancher 部署Grafana+项目监控并集成LDAP

Grafana配置LDAP认证

Grafana配置LDAP认证

如何在 Grafana helm 图表中配置自定义 LDAP?

grafana ldap 权限无法保持

Rancher2.6 Monitoring Grafana 对接 LDAP