Install Grafana with secure https | Cert Manager + Nginx + TLS + Let'sEncrypt | Secure Grafana TLS

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone this is PES welcome to my channel good morning good afternoon and good evening to everyone who ever listening and watching this video from anywhere from the world to today you know today we'll be discussing about uh another very important topic on grafana that how do you install grafana and then finally you need to secure that grafana over HPS so that uh you know you can have a secure connection and we'll be using a you know certain methodology like and select fpt andert Manu I will talk about it in a while so so it is not a vanal installation of grafana will be doing some kind of you know securing your url of grafana with the help of dnf so if you have you know till now if you have not watched this playlist please do watch it uh which is under the Gana playlist and it has lot of videos so do like and subscribe the channel to get all the related videos from grafana and kubernetes okay so doing a quick recap what we have done done so far we have started with our you know Gana setup on kubernetes cluster and then when we did AA integration fur we did a lot of videos on promql Gana dashboard alert implementing lock key for getting the logs and then we did tempo for G tracing and then we installed certain database and how to monitor those database using gon like mongod DB and then we did a cognit authentication L authentication with AWS uh for user management and then we did x509 exporter uh installation and configuration to manage you know to monitor all theet is TLS secret and then we did a black walk exporter installation and monitoring using Gana my SQL and post so there are a lot of videos you can just quickly go and check it uh from the from the you know uh description of this uh video so today we'll be first of all you know doing a brand new installation of gonet cluster and and then we'll have a uh engine X know load balancer to route your traffic to a particular DNS and then we'll use let secret for creating a secret free Secret website and then we'll take it to our domain and finally we'll do that automation with the help of SE man so that you don't need to you know um uh I would say reset that secret after every 3 months we'll talk about it you know quickly with the help of example so that it becomes C clear if you have not watched the previous videos on engine X you can simply go and watch it in the kubernets playlist the link is there okay so let's quickly see the Practical example or practical implementation of this entire piece what we need to do in a Nale we need to install Gana and then we need to have a load balancer to route your traffic from external DNS to a particular load balancer and then to theana service and then we'll use let inclip andert Manu to do that okay fine so there's a get up page also for achieving this entire practice you can simply come here and I've renamed this page as reame you know read me c manager MD you can simply run all these steps one by one and you can get your gon up and running perfect so let's get started so if you are not having the k3d uh mini Cube cluster you can simply install it using these commands since my cluster is already running I'll not run this so you can see my mini plus press running and has lot of different name spaces or if you're installing it onto the cloud cluster you can simply ignore this first step okay now come on to the next second now if you not watch this engx Ingress controller video you can simply go watch it I paste the link into the description section also now why we are installing Ingress controller uh we need a controller that that can route all your you know outside request to a particular service and that can be done with the help of controller so we'll be installing engx engx is open source Ingress controller there are a lot of Ingress controllers available but engine is one of the popular one widely used so that will be installed using the C chart okay it will be installed into this sress engine X name space and once it installed then it will create a load balancer now that load balancer is responsible for creating all different traffic uh the Ingress rules basically we we'll see in a while and then further we will install SE maner Helm chart now why the SE man is needed because to to publicize your grafana you need to have a secret uh not the you know the open SSL secret but yeah a proper secret uh which can be automated properly like you know with the help of man so so let secret is one of the organization which uh uh that's encrypt basically that's encrypt is this is the open source free uh you know organization which is managing all your secrets nonprofit certificate of authority which is signing all your you know certificates so that can also be automated properly with the help of haser manager so you don't need to create a secr and then renew it after every 3 months or six months so that will be taken care by SE manager so that is the reason we are installing search manager into this search manager name space and then with the help of label we'll issue this clusterer and then finally we'll install gra so let's quickly get started with this so first of all we will install the engine you know controller onto your name space so what I'm doing I'm just installing this Helm chart uh from this repo into this uh names space if Nam space is not there it will just you know get it created for you okay so it will take some time to run this let me just simply check check the same pns I'm going to this uh name space it is still installing okay so you can see the revision has been increased for that is 15th of October which is today's date and 1643 current time stamp so let's see whether the Pod is running or not pod is successfully running let me see service okay so what it does actually it is creating a load balancer which is responsible for getting all the traffic request from outside world and we will use this you know Ingress controller to you know route the traffic to our on Endo we'll see it in a while so this is what is the in control has been so has been installed and you can see this is the in pool that we need to create on top of it yeah this is the in pool and then then it requires a secret so this is a secret which we need and we will create it using let encrypt and that is being done by search manager all these things are Interlink within you know between each and each other so once this sress is installed now let me show you how your gra talks to your DNS so okay so this is your INR 2 rule that will help you to route your uh okay so we'll talk about this in a while let me first be installation okay so in is installed now let me install the know search manager Helm [Music] chart you don't need to worry you need to just you know simply run these steps one by one into your cluster and it will do the uh so we need to add this search manager repo I'll do a update and then it will do a installation of thir man hel it will install CDs customer Source definitions which will help you to manage your automatic secret okay now we are installing this SE manager into the SE manager Nam space right now it will install the SE manager and we will bring up one part which will make sure that your uh it will communicate to the to the let encrypt you know database and it will show your secret okay so third man is also installed let me see HL okay fourth revision is deployed October let me see the pods also the Pod is up and running okay so there are injector Web book and everything is up and running finally so your search man your Helm chart is up your engine X is up now we need to do a issuer now what is cler issuer crd now what this will do it will create a secret okay okay now let's encrypt what is just the name of the secret and cluster assure which is nothing but the proprietary of thir manager Helm chart okay and it will communicate to This Server your let's encrypt directly you can see and it will store store and you know validate your DNS secret so I'm just giving my email ID for the authentication purpose and I'm creating enginex based you know in controller now I'll just install the cluster issue uh okay apply okay cluster issuer is there it is you know unchanged I just did it sometime back cluster iser let me do okay get okay it is there and it's ready also so you can see hash key map this is the URL where it will store all your secrets and this is restored with the let's encrypt repository fine so it will store all your secrets here and it will renew also now the moment I will hit the installation of grafana the cluster issuer is also up now the moment I install Gana with certain you know values it will just simply create a secret in your cluster and it will you know T the secret into that directory also that will be used to secure the connection now let me show you this before I install Gana let me show you this grafana public. AML okay now profana public. yl is nothing but additional you know y yaml file that will be passed when I run this Cube promus stack Helm chart so this you know this this installation is pretty straightforward I'm installing g stack which contains you know prus and gon and certain exporters like node exporter and Cube State Matrix for capturing the metrix but on additionally I'm just passing this yl file now let's see what are the values that are present in this you know yl file now what I'm saying I'm passing on ini now server now this is the this should be a valid DNS currently I don't have a DNS you know available so you can simply replace this with the with your DNS and it works properly there's no there's no doubt in this simply replace your D in know domain from here and protocol into mention is HTTP and it will cater both HTTP and https now this will be your complete URL of your grafana why I've added flash Gra so that you don't need to worry about slana normally DS the URL is like this but you need to add slana at the end fine now this Ingress enabled true now why this Ingress enabled is true because there's an engine x controller that has already being install on your machine and the Ingress rule will get created now what that Ingress rule will do it will simply you know redirect whenever anybody is typing this domain into your public Ur and you know public internet it will redirect from here to your Ingress Rule and it will Ingress rule will redirect to your Gana service using the secret which is actually managed by let's secret and a um uh insert manager basically right and how this is tag to search manager you can see this label this this is always being you know sled between three three component so installation of Gana using a public DNS and and how it will get the secret for you know securing it will take the secret from here now from where this secret will get generated this secret will get generated from this annotations the cluster iser let's encrypt because this we have used in our cluster iser you see we what we are seeing my certificate will come from here my certificate will come from the sech maner doio cluster with this label and then this will get generated for this domain the only thing you need to make sure that this domain is publicly available it is registered under your bucket I hope this EML file is you know is now underst to you if if not I'll just try to P it P it again because this is very very important to understand so if I install My Gana without this file you know do a vanilla installation and it will not you know secure your Gana publicly but the moment I add this file what I'm saying please have the additional configuration overwritten with that chart the domain should be this okay now if I don't include this pieces so grafana will not secure it will just run on HTP but this time we need to secure Gana also so what I'm saying please enable the Ingress okay and uh add this annotation which is nothing but this this will fetch the SEC TS secret uh from uh this cluster Sher okay and it will create a you know proper valid secret for this domain and it will bring it that secret to here the secret name see under this engine class let's quickly run this without wasting time so that you can get a picture how it works and what happens actually we'll copy this command come here see my main intention for every you know quick videos to do the Practical work so if you see what I've done quickly uh rolling creating cluster is okay first of all install the engine controller for routing the traffic via load balancer and then installing SE man for managing your let secret charts and let secret certificate sorry and then cluster is to handling all those secrets and finally installing raana using insert manager and your Ingress now let's see whether the installation has completed the installation has done and let me do the checking also so I can see let me go to the Matrix name space okay I'm mrix name is HL my gra is upgraded the 15th of October let me see the p ps are up and running okay gra pod is GRA p posit is running let me see the Ingress also okay Gana Ingress so you can see abc. domain.com so let me just show you this engress now what this will do now this is an Ingress rule actually and what it is saying whenever uh then this Ingress rule has certain labels like this is the label okay what this rule is saying whenever anyone anyone is hitting this abc. domain.com and HTTP it will just simply route to the graan service on port number 0 and if anybody hting https SL abc.com it will first of all secure this URL with the help of this secret and it will the load balance IP so this is how it communication is happening now uh since I've installed everything I simply go and see the service you get service this is GRA service since I don't have a you know valid domain name so but still I want to show how it will look like the moment you hit before I you know go there so let's first of all is the secret whether the TLs secret there so you can see the TLs secret is also available and it got installed the moment I install that Helm chart so you can see here is secret and then check the contents of this you can see the secret is there you can do a basic4 decoding also for this Eco this cc. domain.com is not the valid domain so but till it has created a secret for you and who has done it it it is actually being done by SE manager Helm chart which is actually linked to your let secret uh sorry Le encrypt uh uh Authority the uh certificate Authority so see the certificate is also being created but this is not a valid certificate because domain is not correct anyway so this is what I want to show you before I to get into the service so K port forward ofana we'll simply try to do a local port forwarding and I'll do a copy and then I'll come here and then do a this okay see now it has you know quietly and politely has move to ABC domain.com Anderson if this would have been a proper DNS then your gra might be you know up and running here so everything and this would be secure Al current is not secure why it does not SEC because this domain is not correct now what you need to do in your you know working environment just replace this domain with the actual domain and this will work perfectly and there's no doubt about it and so so let me quickly revise the step what we did so that it becomes Crystal Clear bring up your cluster it can be a mini Cube cluster or any other cluster bring up your engx in controller to manage the load balancing now install the start manager and chart for managing your let encrypt certificates automatically so that you don't need to worry and then U you know uh install this cluster issuer crd for managing your all the certificates not only one and give your email ID which will store all the secret in this Repository so next step is install and configure grafana with the proper domain and the SE man configuration with this you know file so so that is pretty much let me take a pause uh and you know summarize what we did we just simply install all three components you know one by one and then try to collate with the Gana for bringing up the URL so that's pretty much about you know video if you have any doubts and queries about this video which is a very very important please you know post to the comment section we'll try to answer it and uh we'll make your secure Gana we'll make your Gana secure and you know working properly so do yes do not forget to like And subscribe the channel from here and do watch the earlier video which will make a proper understanding for you for you implementing anything okay that's it for now see you later bye-bye
Info
Channel: Bhoopesh Sharma
Views: 613
Rating: undefined out of 5
Keywords: cert manager, certificate, certificate authority, devops, devops community, grafana, grafana via https, http, https, install ssl, kubernetes, letsencrypt, login, nginx, secure, secure socket layer, secure tunnel, ssl, ssl certificate, ssl certificates, ssl explained, ssl tls, ssl training, tls, tls certificate, tls explained, tls training, what is ssl, what is ssl certificate
Id: KLXjCFMg83g
Channel Id: undefined
Length: 19min 54sec (1194 seconds)
Published: Sun Oct 15 2023
Related Videos
Grafana Setup | Ubuntu | Prometheus Grafana Loki Installation | Grafana setup Ubuntu + Loki + Ubuntu
Bhoopesh Sharma
1K
Free SSL Certs in Kubernetes! Cert Manager Tutorial
Christian Lempa
53K
Cert Manager Kubernetes Tutorial (Let's Encrypt & Nginx Ingress & ACME | 5 Examples | YAML & HELM)
Anton Putra
22K
Best SIEM Dashboards - Grafana Install and Dashboard Creation
Taylor Walton
27K
How to Secure Grafana with Nginx, Reverse Proxy and Certbot | Adding SSL to Grafana|Grafana Tutorial
DevOps Hint
873
How to expose POD Using Nodegroup in Kubernetes | How to connect POD | How to create service in EKS
DevOps Pro Junction
1.6K
Grafana Tutorial For Beginners | Continuous Monitoring With Grafana | DevOps Training | Edureka
edureka!
269K
Thanos (Multi Cluster Prometheus) Tutorial: Global View - Long Term Storage - Kubernetes
Anton Putra
19K
Fastest way to setup Grafana, Cert-Manager, Prometheus and more in your Kubernetes Cluster
Kunal Kushwaha
2.4K
How to use cert manager to create and manage TLS certificates on kubernetes
Li Yang
10K
Configure NGINX as a Reverse Proxy
NGINX
198K
Creating Grafana Dashboards for Prometheus | Grafana Setup & Simple Dashboard (Chart, Gauge, Table)
Prometheus Monitoring with Julius | PromLabs
55K
Let's Encrypt SSL Certificates for Kubernetes with cert-manager
Engineering with Morris
7.5K
OpenLDAP Installation on Ubuntu | Grafana OpenLDAP Authentication | Grafana OpenLDAP Integration
Bhoopesh Sharma
348
Zipkin Spring Boot Example | Distributed Tracing in Microservices with Spring Boot -Zipkin petclinic
Bhoopesh Sharma
829
How to Setup a Grafana Dashboard Step-by-Step | Grafana Tutorial for Beginners
SkillsBuild Training
164K
How to configure Nginx as a Reverse proxy | Configuring with SSL
kubernetesWay
33K
2022-How to install Grafana with https self-signed
FOSS DOM
2.1K
Grafana Explained in Under 5 Minutes ⏲
Tech and Beyond With Moss
277K
How To Set Up Prometheus and Grafana in EKS
AWS With Atiq
7.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.