DEV Community

César M. Cristóbal for CallePuzzle Dev

Posted on • Originally published at dev.callepuzzle.com

1 1

Grafana multi-tenant configuration with Terraform

A way to configure a multi-tenant environment in Grafana is to use organization to split each tenant. But, how can I configure this by IaC?

Grafana provides an active provisioning system that uses config files. Data sources and dashboards can be defined via files which are version controlled.

There are many tools to manage these config files:

Grafana provisioning allows the configuration of data sources, plugins, dashboards and alert notification channels. All of these “objects” can be created in a specific organization.

This is great, what else would you like?
I would like a little bit more. What happens with the organization or the users? Can I configure them by IaC?
Yes, you can, and Terraform is going to help with that.

Grafana provider

Grafana has an official Terraform provider which includes resources for users and organizations.

Multi-tenant configuration

For managing resources in different organizations with Terraform you have to configure Grafana’s provider with the organization ID.

For example:

provider "grafana" {
  url  = "http://127.0.0.1:3000"
  auth = "admin:admin"
  org_id = 1
}
Enter fullscreen mode Exit fullscreen mode

So, the idea is having two different providers using alias. The first creates an organization and an admin user with the principal admin user. And the second uses organization and users created in the previous step.

Example:

provider "grafana" {
  url  = "http://127.0.0.1:3000"
  auth = "admin:admin"
  alias = "admin"
}
provider "grafana" {
  url  = "http://127.0.0.1:3000"
  auth = "admin_org_2:pass_org_2"
  org_id = 2
  alias = "config"
}
Enter fullscreen mode Exit fullscreen mode

Full example

Enough theory, let’s take a practical example. For this you need:

Deploy Grafana in Kubernetes cluster:

$ kind create cluster
$ kubie ctx kind-kind
$ cd 010-environment/010-grafana
$ terraform init
$ terraform apply
$ terraform output admin_password
$ kubectl port-forward service/grafana 3000
Enter fullscreen mode Exit fullscreen mode

Our Grafana is accessible from http://127.0.0.1:3000. Let’s create a new organization with its admin user and resources (a folder for this example)

$ cd ../../020-client-1/010-grafana-config/
$ terraform init
$ terraform apply
$ terraform output password
Enter fullscreen mode Exit fullscreen mode

Now logging with admin or client-1 user and switching the organization we will see the folder created.

http://localhost:3000/dashboards?orgId=2

http://localhost:3000/dashboards?orgId=2

Image of AssemblyAI tool

Challenge Submission: SpeechCraft - AI-Powered Speech Analysis for Better Communication

SpeechCraft is an advanced real-time speech analytics platform that transforms spoken words into actionable insights. Using cutting-edge AI technology from AssemblyAI, it provides instant transcription while analyzing multiple dimensions of speech performance.

Read full post

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay