In this post, we'll be looking at adding Azure Active Directory (AzureAD) support to a Grafana instance. This is what I would advise if you're hosting on Azure as you're already likely to have all of your potential Grafana users setup in Active Directory, and either this is AzureAD native, or you have passwords sync'd with a standard Active Directory instance.
Grafana on Azure – Enabling SSL with LetsEncrypt
This is part of a series of posts about running Grafana on Azure. Checkout the others Part 1 - Hosting/ConfigurationPart 2 - Azure MySQL StoragePart 3 - Enabling SSL with LetsEncrypt (this post)Part 4 - Azure AD LoginPart 5 - Azure Monitor Datasource (coming soon) What is LetsEncrypt? LetsEncrypt.org is an initiative to promote sites... Continue Reading →
Grafana on Azure – Azure MySQL Storage
This makes it great for our database for Grafana as the point of a monitoring system is be always up, and you don't want to be monitoring your monitoring system with your monitoring system.
Grafana on Azure – Hosting/Configuration
There as a balancing act to be done here. Speed and simplicity could be achieved using a database on the machine, that's then backed up, at the expense of management overhead. Reduced Management could be achieved using ACI or App Service, at the expense of cost (unless you already have a container infrastructure). The solution here, I believe, gives a fair balance
Infrastructure Autonomy using DNS Delegation and internal Top Level Domains
In this post we'll talk about using a specific Top Level domain to separate your internal application infrastructure addresses from what you're users see. Further, how to provide team level autonomy to using DNS delegation to provide a predictable naming strategy. The Problem One of the big issues with DNS management is the security elements... Continue Reading →
Manage Cross team terraform and azure-cli versions with docker
One of the issues with having multiple teams, and pushing for autonomy to choose everything from infrastructure to languages, is making sure that you have the right versions of everything installed. As developers, we want to be on the bleeding edge, playing with new things, new versions, etc. However, that can have an impact beyond... Continue Reading →
AKS PodIdentity – ServicePrincipals for K8s Pods – Part 2 (Implementation)
From Part 1 you should know a bit about what PodIdentity is, and why it's an important addition. In this Part, we'll set out the basics of adding it, and then using it, with an example. 1. Create your identity This is the identity that you would like your pods to assume. It's also what... Continue Reading →
AKS PodIdentity – ServicePrincipals for K8s Pods – Part 1 (Intro)
I've recently started in the world of Kubernetes (or K8s as you cool kids call it), and for the most part, I've been able to map MOST of the concepts of Instance based deployments in AWS, to Kubernetes configurations in AKS/Azure. However, we hit an issue when it came to credentials. The Problem When we... Continue Reading →