DEV Community

César M. Cristóbal for CallePuzzle Dev

Posted on • Originally published at dev.callepuzzle.com

1 1

Grafana multi-tenant configuration with Terraform

A way to configure a multi-tenant environment in Grafana is to use organization to split each tenant. But, how can I configure this by IaC?

Grafana provides an active provisioning system that uses config files. Data sources and dashboards can be defined via files which are version controlled.

There are many tools to manage these config files:

Grafana provisioning allows the configuration of data sources, plugins, dashboards and alert notification channels. All of these “objects” can be created in a specific organization.

This is great, what else would you like?
I would like a little bit more. What happens with the organization or the users? Can I configure them by IaC?
Yes, you can, and Terraform is going to help with that.

Grafana provider

Grafana has an official Terraform provider which includes resources for users and organizations.

Multi-tenant configuration

For managing resources in different organizations with Terraform you have to configure Grafana’s provider with the organization ID.

For example:

provider "grafana" {
  url  = "http://127.0.0.1:3000"
  auth = "admin:admin"
  org_id = 1
}
Enter fullscreen mode Exit fullscreen mode

So, the idea is having two different providers using alias. The first creates an organization and an admin user with the principal admin user. And the second uses organization and users created in the previous step.

Example:

provider "grafana" {
  url  = "http://127.0.0.1:3000"
  auth = "admin:admin"
  alias = "admin"
}
provider "grafana" {
  url  = "http://127.0.0.1:3000"
  auth = "admin_org_2:pass_org_2"
  org_id = 2
  alias = "config"
}
Enter fullscreen mode Exit fullscreen mode

Full example

Enough theory, let’s take a practical example. For this you need:

Deploy Grafana in Kubernetes cluster:

$ kind create cluster
$ kubie ctx kind-kind
$ cd 010-environment/010-grafana
$ terraform init
$ terraform apply
$ terraform output admin_password
$ kubectl port-forward service/grafana 3000
Enter fullscreen mode Exit fullscreen mode

Our Grafana is accessible from http://127.0.0.1:3000. Let’s create a new organization with its admin user and resources (a folder for this example)

$ cd ../../020-client-1/010-grafana-config/
$ terraform init
$ terraform apply
$ terraform output password
Enter fullscreen mode Exit fullscreen mode

Now logging with admin or client-1 user and switching the organization we will see the folder created.

http://localhost:3000/dashboards?orgId=2

http://localhost:3000/dashboards?orgId=2

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

Billboard image

Deploy and scale your apps on AWS and GCP with a world class developer experience

Coherence makes it easy to set up and maintain cloud infrastructure. Harness the extensibility, compliance and cost efficiency of the cloud.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay