We can enable GitHub Organisation authentication against a Grafana instance in order to allow access to the dashboards for the whole 2i2c GitHub organisation, or a community’s GitHub organisation.
To enable logging into Grafana using GitHub Organisations, follow these steps:
Create a GitHub OAuth application following Grafana’s documentation.
Create a new app inside the
2i2c-org.When naming the application, please follow the convention
<cluster_name>-grafanafor consistency, e.g.2i2c-grafanais the OAuth app for the Grafana running in the 2i2c clusterThe Homepage URL should match that in the
grafana.ingress.hostsfield of the appropriate clustersupport.values.yamlfile in theinfrastructurerepo. For example,https://grafana.pilot.2i2c.cloudThe authorisation callback URL is the homepage url appended with
/login/github. For example,https://grafana.pilot.2i2c.cloud/login/github.Once you have created the OAuth app, create a new client ID, generate a client secret and then hold on to these values for a future step
Edit using
sopsthe encryptedenc-support.secret.values.yamlfile in the chosen cluster directory and add the credentials created in step one:grafana: grafana.ini: auth.github: client_id: <client-id> client_secret: <client-secret>Edit the
support.values.yamlfile in your chosen cluster directory and add the Grafana GitHub auth config, allowing the specific GitHub organization you wish to allow login.grafana: grafana.ini: server: # root_url should point to the domain we redirect to if we have multiple # domain names configured and redirects from one to another # # FIXME: root_url is also required to be the same as the # grafana.ingress.hosts[0] config specifically until # https://github.com/2i2c-org/infrastructure/issues/2533 is # resolved. # root_url: https://<grafana.ingress.hosts[0]>/ auth.github: enabled: true # allowed_organizations should be a space separated list allowed_organizations: 2i2c-org