How to configure custom LDAP in Grafana helm chart?

12/3/2019

I'm a newbie at Kubernetes and Helm, trying to customise stable/grafana Helm chart (https://github.com/helm/charts/tree/master/stable/grafana) with my own LDAP. What's the difference between auth.ldap part of grafana.ini and ldap section of chart's values.yaml file? How can I configure LDAP host address and credentials?

-- magnes
grafana
kubernetes
kubernetes-helm
ldap

1 Answer

12/3/2019

To enable LDAP configuration on Grafana. You need to update both parts.

In values.yaml, there are two sections of grafana.ini and ldap. To enable LDAP you need to update both sections. Check below:

First grafana.ini

grafana.ini:
  paths:
    data: /var/lib/grafana/data
    logs: /var/log/grafana
    plugins: /var/lib/grafana/plugins
    provisioning: /etc/grafana/provisioning
  analytics:
    check_for_updates: true
  log:
    mode: console
  grafana_net:
    url: https://grafana.net
## LDAP Authentication can be enabled with the following values on grafana.ini
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
   auth.ldap:
     enabled: true
     allow_sign_up: true
     config_file: /etc/grafana/ldap.toml

Here in grafana.ini part, first enable the auth.ldap to true and specify the configuration file as ldap.toml

Second, ldap

## Grafana's LDAP configuration
## Templated by the template in _helpers.tpl
## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
ldap:
  enabled: true
  # `existingSecret` is a reference to an existing secret containing the ldap configuration
  # for Grafana in a key `ldap-toml`.
  existingSecret: ""
  # `config` is the content of `ldap.toml` that will be stored in the created secret
   config: |-
     verbose_logging = true

     [[servers]]
     host = "my-ldap-server"
     port = 636
     use_ssl = true
     start_tls = false
     ssl_skip_verify = false
     bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"

In this part, the helm prepares the ldap.toml file using the LDAP configuration, that is specified in the first step.

Thus update the LDAP host, port, bind_dn as per configurations.

-- Umesh Kumhar
Source: StackOverflow