Update helm chart for newer grafana + enable externalServiceAccounts (#4876)

# What this PR does Updates the helm chart and docker compose files with the required changes to support the plugin initialization changes. Updated instructions on the README.md show how to setup & intialize OnCall without needing to go to the configuration page, this is currently the preferred method. ## Which issue(s) this PR closes Related to [issue link here]  ## Checklist - [ ] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [ ] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes. --------- Co-authored-by: GitHub Actions <actions@github.com>
2024-09-05 12:18:07 -06:00 · 2024-09-05 12:18:07 -06:00 · 0efe51d310
commit 0efe51d310
parent a0a5482a85
15 changed files with 84 additions and 28 deletions
--- a/README.md
+++ b/README.md
@ -28,6 +28,11 @@ Developer-friendly incident response with brilliant Slack integration.

 ## Getting Started

+> [!IMPORTANT]  
+> These instructions are for using Grafana 11 or newer. You must enable the feature toggle for
+> `externalServiceAccounts`. This is already done for the docker files and helm charts.  If you are running Grafana
+> separately see the Grafana documentation on how to enable this.
+
 We prepared multiple environments:

 - [production](https://grafana.com/docs/oncall/latest/open-source/#production-environment)
@ -82,17 +87,41 @@ We prepared multiple environments:
   docker-compose pull && docker-compose up -d
   ```

-5. Go to [OnCall Plugin Configuration](http://localhost:3000/plugins/grafana-oncall-app), using log in credentials
-   as defined above: `admin`/`admin` (or find OnCall plugin in configuration->plugins) and connect OnCall _plugin_
-   with OnCall _backend_:
+5. Provision the plugin (If you run Grafana outside the included docker files install the plugin before these steps):

-   ```text
-   OnCall backend URL: http://engine:8080
+   If you are using the included docker compose file use `admin`/`admin` credentials and `localhost:3000` to
+   perform this task.  If you have configured Grafana differently adjust your credentials and hostnames accordingly.
+
+   ```bash
+   # Note: onCallApiUrl 'engine' and grafanaUrl 'grafana' use the name from the docker compose file.  If you are 
+   # running your grafana or oncall engine instance with another hostname adjust accordingly. 
+   curl -X POST 'http://admin:admin@localhost:3000/api/plugins/grafana-oncall-app/settings' -H "Content-Type: application/json" -d '{"enabled":true, "jsonData":{"stackId":5, "orgId":100, "onCallApiUrl":"http://engine:8080", "grafanaUrl":"http://grafana:3000"}}'
+   curl -X POST 'http://admin:admin@localhost:3000/api/plugins/grafana-oncall-app/resources/plugin/install'
   ```

-6. Enjoy! Check our [OSS docs](https://grafana.com/docs/oncall/latest/open-source/) if you want to set up
+6. Start using OnCall, log in to Grafana with credentials
+   as defined above: `admin`/`admin`
+
+7. Enjoy! Check our [OSS docs](https://grafana.com/docs/oncall/latest/open-source/) if you want to set up
   Slack, Telegram, Twilio or SMS/calls through Grafana Cloud.

+## Troubleshooting
+
+Here are some API calls that can be made to help if you are having difficulty connecting Grafana and OnCall.
+(Modify parameters to match your credentials and environment)
+
+   ```bash
+   # Use this to get more information about the connection between Grafana and OnCall
+   curl -X GET 'http://admin:admin@localhost:3000/api/plugins/grafana-oncall-app/resources/plugin/status'
+   ```
+
+   ```bash
+   # If you added a user or changed permissions and don't see it show up in OnCall you can manually trigger sync.
+   # Note: This is called automatically when the app is loaded (page load/refresh) but there is a 5 min timeout so 
+   # that it does not generate unnecessary activity.
+   curl -X POST 'http://admin:admin@localhost:3000/api/plugins/grafana-oncall-app/resources/plugin/sync'
+   ```
+
 ## Update version

 To update your Grafana OnCall hobby environment:
--- a/docker-compose-mysql-rabbitmq.yml
+++ b/docker-compose-mysql-rabbitmq.yml
@ -139,6 +139,7 @@ services:
      GF_DATABASE_HOST: ${MYSQL_HOST:-mysql}
      GF_DATABASE_USER: ${MYSQL_USER:-root}
      GF_DATABASE_PASSWORD: ${MYSQL_PASSWORD:?err}
+      GF_FEATURE_TOGGLES_ENABLE: externalServiceAccounts
      GF_SECURITY_ADMIN_USER: ${GRAFANA_USER:-admin}
      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD:-admin}
      GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: grafana-oncall-app
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -89,6 +89,7 @@ services:
    ports:
      - "3000:3000"
    environment:
+      GF_FEATURE_TOGGLES_ENABLE: externalServiceAccounts
      GF_SECURITY_ADMIN_USER: ${GRAFANA_USER:-admin}
      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD:-admin}
      GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: grafana-oncall-app
--- a/helm/README.md
+++ b/helm/README.md
@ -2,8 +2,7 @@

 1. Create the cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)

-   > Make sure ports 30001, 30002 (Grafana, optional) and
-   > 30003 (detached integrations server, optional) are free on your machine
+   > Make sure ports 30001, 30002 (Grafana, optional) are available

   ```bash
   kind create cluster --image kindest/node:v1.24.7 --config kind.yml
--- a/helm/oncall/Chart.yaml
+++ b/helm/oncall/Chart.yaml
@ -2,8 +2,8 @@ apiVersion: v2
 name: oncall
 description: Developer-friendly incident response with brilliant Slack integration
 type: application
-version: 1.7.2
-appVersion: v1.7.2
+version: 1.9.20
+appVersion: v1.9.20
 dependencies:
  - name: cert-manager
    version: v1.8.0
@ -26,7 +26,7 @@ dependencies:
    repository: https://charts.bitnami.com/bitnami
    condition: redis.enabled
  - name: grafana
-    version: 6.57.1
+    version: 8.4.6
    repository: https://grafana.github.io/helm-charts
    condition: grafana.enabled
  - name: ingress-nginx
--- a/helm/oncall/charts/grafana-6.57.1.tgz
+++ b/helm/oncall/charts/grafana-6.57.1.tgz
--- a/helm/oncall/charts/grafana-8.4.6.tgz
+++ b/helm/oncall/charts/grafana-8.4.6.tgz
--- a/helm/oncall/templates/_env.tpl
+++ b/helm/oncall/templates/_env.tpl
@ -106,7 +106,7 @@
  value: {{ .Values.telegramPolling.enabled | toString | title | quote }}
 {{- end }}
 - name: TELEGRAM_WEBHOOK_HOST
-  value: {{ .Values.oncall.telegram.webhookUrl | default (printf "https://%s" .Values.base_url) | quote }}
+  value: {{ .Values.oncall.telegram.webhookUrl | default (printf "%s://%s" .Values.base_url_protocol .Values.base_url) | quote }}
 {{- if .Values.oncall.telegram.existingSecret }}
 - name: TELEGRAM_TOKEN
  valueFrom:
--- a/helm/oncall/templates/plugin-provisioning.yaml
+++ b/helm/oncall/templates/plugin-provisioning.yaml
@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-testing-grafana-plugin-provisioning
+  labels:
+    app: {{ include "oncall.name" . }}
+data:
+  grafana-oncall-app-provisioning.yaml: |
+    apps:
+      - type: grafana-oncall-app
+        name: grafana-oncall-app
+        disabled: false
+        jsonData:
+          stackId: 5
+          orgId: 100
+          onCallApiUrl: http://helm-testing-oncall-engine:8080
--- a/helm/oncall/tests/snapshot/integrations_deployment_test.yaml.snap
+++ b/helm/oncall/tests/snapshot/integrations_deployment_test.yaml.snap
@ -2,7 +2,7 @@ detached_integrations.enabled=true -> should create integrations deployment:
  1: |
    - env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
--- a/helm/oncall/tests/snapshot/telegram_polling_deployment_test.yaml.snap
+++ b/helm/oncall/tests/snapshot/telegram_polling_deployment_test.yaml.snap
@ -6,7 +6,7 @@ telegramPolling.enabled=true -> should create telegram polling deployment:
        - python manage.py start_telegram_polling
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
@ -38,7 +38,7 @@ telegramPolling.enabled=true -> should create telegram polling deployment:
        - name: FEATURE_TELEGRAM_LONG_POLLING_ENABLED
          value: "True"
        - name: TELEGRAM_WEBHOOK_HOST
-          value: https://example.com
+          value: http://example.com
        - name: TELEGRAM_TOKEN
          value: ""
        - name: MYSQL_HOST
--- a/helm/oncall/tests/snapshot/wait_for_db_test.yaml.snap
+++ b/helm/oncall/tests/snapshot/wait_for_db_test.yaml.snap
@ -6,7 +6,7 @@ database.type=mysql -> should create initContainer for MySQL database (default):
        - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
@ -94,7 +94,7 @@ database.type=mysql -> should create initContainer for MySQL database (default):
        - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
@ -182,7 +182,7 @@ database.type=mysql -> should create initContainer for MySQL database (default):
        - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
@ -271,7 +271,7 @@ database.type=postgresql -> should create initContainer for PostgreSQL database:
        - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
@ -361,7 +361,7 @@ database.type=postgresql -> should create initContainer for PostgreSQL database:
        - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
@ -451,7 +451,7 @@ database.type=postgresql -> should create initContainer for PostgreSQL database:
        - until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done
      env:
        - name: BASE_URL
-          value: https://example.com
+          value: http://example.com
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
--- a/helm/oncall/tests/telegram_env_test.yaml
+++ b/helm/oncall/tests/telegram_env_test.yaml
@ -24,7 +24,7 @@ tests:
    set:
      oncall.telegram:
        enabled: true
-        webhookUrl: https://example.com
+        webhookUrl: http://example.com
        token: "abcd:123"
    asserts:
      - contains:
@ -36,7 +36,7 @@ tests:
          path: spec.template.spec.containers[0].env
          content:
            name: TELEGRAM_WEBHOOK_HOST
-            value: "https://example.com"
+            value: "http://example.com"
      - contains:
          path: spec.template.spec.containers[0].env
          content:
--- a/helm/oncall/values.yaml
+++ b/helm/oncall/values.yaml
@ -3,7 +3,7 @@
 # Set the domain name Grafana OnCall will be installed on.
 # If you want to install grafana as a part of this release make sure to configure grafana.grafana.ini.server.domain too
 base_url: example.com
-base_url_protocol: https
+base_url_protocol: http

 ## Optionally specify an array of imagePullSecrets.
 ## Secrets must be manually created in the namespace.
@ -634,9 +634,11 @@ grafana:
  enabled: true
  grafana.ini:
    server:
-      domain: example.com
-      root_url: "%(protocol)s://%(domain)s/grafana"
+      domain: helm-testing-grafana
+      root_url: "%(protocol)s://%(domain)s/grafana/"
      serve_from_sub_path: true
+    feature_toggles:
+      enable: externalServiceAccounts
  persistence:
    enabled: true
  # Disable psp as PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
@ -644,6 +646,14 @@ grafana:
    pspEnabled: false
  plugins:
    - grafana-oncall-app
+  extraVolumes:
+    - name: provisioning
+      configMap:
+        name: helm-testing-grafana-plugin-provisioning
+  extraVolumeMounts:
+    - name: provisioning
+      mountPath: /etc/grafana/provisioning/plugins/grafana-oncall-app-provisioning.yaml
+      subPath: grafana-oncall-app-provisioning.yaml

 externalGrafana:
  # Example: https://grafana.mydomain.com
--- a/helm/simple.yml
+++ b/helm/simple.yml
@ -15,9 +15,9 @@ grafana:
    type: NodePort
    nodePort: 30002
 detached_integrations:
-  enabled: true
+  enabled: false
 detached_integrations_service:
-  enabled: true
+  enabled: false
  type: NodePort
  port: 8080
  nodePort: 30003