One method to conceal the database credentials when using PostgreSQL with the Grafana helm chart is to use Kubernetes secrets.
Firstly, create a secret containing the database credentials:
kubectl create secret generic grafana-postgres-creds \
--from-literal=POSTGRES_USER=<username> \
--from-literal=POSTGRES_PASSWORD=<password>
Next, update the Grafana deployment to use the secret:
...
containers:
- name: grafana
image: grafana/grafana:latest
env:
- name: "GF_DATABASE_TYPE"
value: "postgres"
- name: "GF_DATABASE_HOST"
value: "<postgres-host>"
- name: "GF_DATABASE_PORT"
value: "5432"
- name: "GF_DATABASE_NAME"
value: "<database-name>"
- name: "GF_DATABASE_USER_FILE"
value: "/run/secrets/grafana-postgres-creds/POSTGRES_USER"
- name: "GF_DATABASE_PASSWORD_FILE"
value: "/run/secrets/grafana-postgres-creds/POSTGRES_PASSWORD"
volumeMounts:
- name: grafana-postgres-creds
readOnly: true
mountPath: /run/secrets/grafana-postgres-creds
volumes:
- name: grafana-postgres-creds
secret:
secretName: grafana-postgres-creds
...
In the above deployment configuration, the GF_DATABASE_USER_FILE
and GF_DATABASE_PASSWORD_FILE
environment variables reference the respective files containing the credentials within the grafana-postgres-creds
secret. A volume mount is also specified to make the secret available to the Grafana container.
Once the updated deployment is deployed, the database credentials will be retrieved securely from the secret.
Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss
Asked: 2023-06-11 02:28:10 +0000
Seen: 25 times
Last updated: Jun 11 '23
How can excessive inputs to SQLite jdbc db lead to memory congestion?
What is the most effective method for deploying charts that already exist using HELM?
How can the SQL debug mode be activated in PostgreSQL version 15.2?
What is the procedure for using pg_restore on Windows with Docker?
What is the equivalent of SQL Server NVARCHAR in PostgreSQL?
What is the method to retrieve the JSON data from a column in SQL?
How to solve the issue of being unable to establish a connection with libpq on Mac M1?
Is it possible to launch multiple instances of PostgreSQL using Spring Boot Testcontainers?