Ask Your Question
4

What is the method to conceal the database credentials when using PostgreSQL instead of SQLite 3 with the Grafana helm chart?

asked 2023-06-11 02:28:10 +0000

devzero gravatar image

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2023-06-11 02:29:01 +0000

bukephalos gravatar image

One method to conceal the database credentials when using PostgreSQL with the Grafana helm chart is to use Kubernetes secrets.

Firstly, create a secret containing the database credentials:

kubectl create secret generic grafana-postgres-creds \
     --from-literal=POSTGRES_USER=<username> \
     --from-literal=POSTGRES_PASSWORD=<password>

Next, update the Grafana deployment to use the secret:

...
      containers:
      - name: grafana
        image: grafana/grafana:latest
        env:
        - name: "GF_DATABASE_TYPE"
          value: "postgres"
        - name: "GF_DATABASE_HOST"
          value: "<postgres-host>"
        - name: "GF_DATABASE_PORT"
          value: "5432"
        - name: "GF_DATABASE_NAME"
          value: "<database-name>"
        - name: "GF_DATABASE_USER_FILE"
          value: "/run/secrets/grafana-postgres-creds/POSTGRES_USER"
        - name: "GF_DATABASE_PASSWORD_FILE"
          value: "/run/secrets/grafana-postgres-creds/POSTGRES_PASSWORD"
        volumeMounts:
        - name: grafana-postgres-creds
          readOnly: true
          mountPath: /run/secrets/grafana-postgres-creds
      volumes:
      - name: grafana-postgres-creds
        secret:
          secretName: grafana-postgres-creds
...

In the above deployment configuration, the GF_DATABASE_USER_FILE and GF_DATABASE_PASSWORD_FILE environment variables reference the respective files containing the credentials within the grafana-postgres-creds secret. A volume mount is also specified to make the secret available to the Grafana container.

Once the updated deployment is deployed, the database credentials will be retrieved securely from the secret.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer


Question Tools

subscribe to rss feed

Stats

Asked: 2023-06-11 02:28:10 +0000

Seen: 25 times

Last updated: Jun 11 '23

Related questions

How can excessive inputs to SQLite jdbc db lead to memory congestion?

What is the most effective method for deploying charts that already exist using HELM?

How can the SQL debug mode be activated in PostgreSQL version 15.2?

What is the procedure for using pg_restore on Windows with Docker?

How can the user's details from a PostgreSQL database be retrieved and displayed in a Thymeleaf HTML format during the spring season?

What is the equivalent of SQL Server NVARCHAR in PostgreSQL?

What is the solution to the error encountered while attempting to alter the data type of latitude and longitude in PostgreSQL?

What is the method to retrieve the JSON data from a column in SQL?

How to solve the issue of being unable to establish a connection with libpq on Mac M1?

Is it possible to launch multiple instances of PostgreSQL using Spring Boot Testcontainers?

Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact