Register the cluster’s Prometheus server with the central Grafana#

Once you have deployed the support chart, you must also register this cluster as a datasource for the central Grafana dashboard. This will allow you to visualize cluster statistics not only from the cluster-specific Grafana deployment but also from the central dashboard, that aggregates data from all the clusters.


If you ran deployer generate dedicated-cluster ... during the new cluster setup, then a lot of these files will have already been created for you and you do not need to recreate them, only update them if required.

Create a support.secret.values.yaml file#

Only 2i2c staff and our centralized grafana should be able to access the prometheus data on a cluster from outside the cluster. The basic auth feature of nginx-ingress is used to restrict this. A support.secret.values.yaml file is used to provide these secret credentials, which we create under the relevant config/clusters/<cluster-name>/ folder. It requires the following configuration:

  username: <output of pwgen -s 64 1>
  password: <output of pwgen -s 64 1>


We use the pwgen program, commonly installed by default in many operating systems, to generate the password.

Once you create the file, encrypt it with sops.

export CLUSTER_NAME=<cluster-name>
sops --output config/clusters/$CLUSTER_NAME/enc-support.secret.values.yaml --encrypt config/clusters/$CLUSTER_NAME/support.secret.values.yaml

Update your cluster.yaml file#

Update the support config in the cluster’s cluster.yaml file to include the encrypted secret file.

    - support.values.yaml
    - enc-support.secret.values.yaml

Then redeploy the support chart.

deployer deploy-support $CLUSTER_NAME