It's kind of a surprise to me that we can not create any new Grafana dashboard in the out-of-box Grafana instance from OpenShift 4.2. Check out the manual,
The Grafana instance that is provided with the monitoring stack, along with its dashboards, is read-only.
Ok. That’s why. So we have to bring in our own Grafana instance to visualize the monitoring data. Naturally, we could use the Grafana Operator from the OperatorHub and the data source is the Prometheus from OCP.
The Prometheus container is wrapped inside the pod and the port (9090) is bind to the localhost only. The Prometheus service has to be accessed through the sidecar container,
prometheus-proxy, so that the access control can be applied. We don’t want to change the port binding to all the interfaces to break any security design.
Instead, we could use the bearer token authentication in the HTTP header, which is available in Grafana 6.3 onwards (based on Grafana website documentation).
However, the current Grafana Operator from the OCP web console indicates that the Grafana Operator is at version 2.0.0. The Grafana version associated with it doesn’t have the custom HTTP header option. We could not use the standard Operator Lifecycle Manager (OLM) way to install and manage the operator.
Since OpenShift is an extended Kubernetes solution, the original concept of Kubernetes can still be applied.
1. Install Grafana Operator without OLM
Clone the grafana operator repo, create the required Kubernetes’ objects
git clone https://github.com/integr8ly/grafana-operator.gitkubectl create namespace grafana
kubectl create -f deploy/crds
kubectl create -f deploy/roles -n grafana
kubectl create -f deploy/cluster_roles
kubectl create -f deploy/operator.yaml -n grafana
2. Deploy a Grafana Instance
Once the operator installed, we can apply a Grafana CRD and the operator will create the Grafana deployment accordingly.