I'm a newbie at Kubernetes and Helm, trying to customise stable/grafana Helm chart (https://github.com/helm/charts/tree/master/stable/grafana) with my own LDAP. What's the difference between auth.ldap part of grafana.ini and ldap section of chart's values.yaml file? How can I configure LDAP host address and credentials?
To enable LDAP configuration on Grafana. You need to update both parts.
In values.yaml, there are two sections of grafana.ini and ldap. To enable LDAP you need to update both sections. Check below:
First grafana.ini
grafana.ini:
paths:
data: /var/lib/grafana/data
logs: /var/log/grafana
plugins: /var/lib/grafana/plugins
provisioning: /etc/grafana/provisioning
analytics:
check_for_updates: true
log:
mode: console
grafana_net:
url: https://grafana.net
## LDAP Authentication can be enabled with the following values on grafana.ini
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
auth.ldap:
enabled: true
allow_sign_up: true
config_file: /etc/grafana/ldap.toml
Here in grafana.ini part, first enable the auth.ldap to true and specify the configuration file as ldap.toml
Second, ldap
## Grafana's LDAP configuration
## Templated by the template in _helpers.tpl
## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
ldap:
enabled: true
# `existingSecret` is a reference to an existing secret containing the ldap configuration
# for Grafana in a key `ldap-toml`.
existingSecret: ""
# `config` is the content of `ldap.toml` that will be stored in the created secret
config: |-
verbose_logging = true
[[servers]]
host = "my-ldap-server"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = false
bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"
In this part, the helm prepares the ldap.toml file using the LDAP configuration, that is specified in the first step.
Thus update the LDAP host, port, bind_dn as per configurations.