Grafana Dashboard in OCP4.2

It's kind of a surprise to me that we can not create any new Grafana dashboard in the out-of-box Grafana instance from OpenShift 4.2. Check out the manual,

The Grafana instance that is provided with the monitoring stack, along with its dashboards, is read-only.

Ok. That’s why. So we have to bring in our own Grafana instance to visualize the monitoring data. Naturally, we could use the Grafana Operator from the OperatorHub and the data source is the Prometheus from OCP.

The Prometheus container is wrapped inside the pod and the port (9090) is bind to the localhost only. The Prometheus service has to be accessed through the sidecar container, prometheus-proxy, so that the access control can be applied. We don’t want to change the port binding to all the interfaces to break any security design.

Instead, we could use the bearer token authentication in the HTTP header, which is available in Grafana 6.3 onwards (based on Grafana website documentation).

However, the current Grafana Operator from the OCP web console indicates that the Grafana Operator is at version 2.0.0. The Grafana version associated with it doesn’t have the custom HTTP header option. We could not use the standard Operator Lifecycle Manager (OLM) way to install and manage the operator.